What are the security differencs between RHEL4 and RHEL5?
Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
That's a hard question to answer. Two things come to mind:-
Disk encryption with LUKS
SELinux - MCS & MLS
SELinux is generally improved (to the point you can use it).
Are you concerned about anything specifically?
Thanks for the feedback...
Yes...I am more concerned with things like auditd, faillog, security relevant objects. Are they still the same in RHEL5 Has any new software been added to RHEL5 that can be considered security hazard?
My current job requires that a version of OS that has never been installed be pre-approved by our security team before it can be loaded on a system...
the IS security team would like to know what the significant differences in security are from RHEL4 to RHEL5. Of course I can't tell them because I can't load it on a system until it is approved...
They have sent me on a goose chase to find out what the differences are and present them the details so that we can officially used RHEL5 for production use...
The best way to answer that is to look at the changelogs, they will tell you what is different between the 2 versions and to which version packages are at. Though frankly I would have thought that assessing security is part of the security team's remit not yours...?
The best way to answer that is to look at the changelogs, they will tell you what is different between the 2 versions and to which version packages are at. Though frankly I would have thought that assessing security is part of the security team's remit not yours...?
You have hit the nail right on the head my friend...
but it is one of those things that you can't argue with...
This may not explain the difference between RH4 and RH5 too well, but it may give you a little ammunition to make the case for 5.
From the RHEL 5 Features page:
Quote:
Security
* SELinux enhancements include Multi-Level Security and targeted policies for all services
* SEtroubleshooter GUI simplifies SELinux management
* Integrated directory and security capabilities
* IPSEC enhancements improve security and performance
* ExecShield enhancements, such as a call frame Canary word, strengthen hacker defenses
* New Audit features provide powerful new search/reporting and real-time monitoring
This page regarding RH Certifications and Accreditations explains how much attention they put into meeting the various security requirements of state/federal IT security regulations.
Yes...I am more concerned with things like auditd, faillog, security relevant objects. Are they still the same in RHEL5 Has any new software been added to RHEL5 that can be considered security hazard?
Multilevel security implementation for SELinux (2.6.12)
Audit subsystem
support for process-context based filtering (2.6.17)
more filter rule comparators (2.6.17)
TCP/UDP getpeercon: enabled security-aware applications to retrieve the entire security context of a process on the other side of a socket using an IPSec security association. If only MLS-level information is needed or interoperability with legacy unix system is required, NetLabel can be used in place of IPSec.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.