Red Hat will tomorrow launch version 4 of its Enterprise Linux (RHEL) and Advanced Server operating systems, designed for datacentre operations where server stability and security are among the top priorities.

IT Week Labs tested a late beta version and found valuable new features such as the 2.6 Linux kernel and the Security Enhanced Linux (SELinux) subsystem.

SELinux helps to protect servers from buffer overflow attacks, but requires applications and the kernel to be updated. Red Hat supplies versions of popular applications such as the Apache web server and the Bind domain name system server ready to work with SELinux.

We would recommend RHEL 4 for companies using Linux server systems if they do not have the in-house staff to track open-source patches and maintain their own Linux configurations.

For our tests, we installed RHEL 4 on a virtual machine hosted by VMware's ESX Server. The installation tool partitioned our hard disk and configured it with EXT3 file systems, although we needed to configure ESX Server to present a virtual LSI SCSI chip to the Red Hat software because RHEL 4 does not automatically install drivers for ESX's default BusLogic SCSI interface.

EXT3 improves on the previous EXT2 file system by adding journaling, which improves data integrity in case of power failures and other problems that could corrupt data on disk. Performance handling large numbers of files is also boosted by EXT3.

Other improvements include better support for Numa systems, such as those based on two or more AMD Opteron processors, or Intel Itanium systems. Support for PCI Express has been added, which will benefit people with very new Xeon systems, such as those fitted with the 64bit Xeon EM64T processors.

The default installation of RHEL included the Gnome desktop, administration tools, server configuration tools, the Apache web sever and Samba file server.

Although installed by default, Apache and Samba are not started automatically, a fact which would help security if vulnerabilities are discovered in the supplied versions of those applications.

Like other Linux distributions, a default installation also includes an excellent stateful inspection firewall, and we found the security of the base installation to be excellent.

We scanned the system using a range of tools, which reported some minor problems such as support for SSH version 1 being enabled. However, these were false positives. For example, Red Hat supplies SSH 3.9p1, while the reported vulnerabilities refer to versions before 3.5p1.

In fact, we found that the system compares well against many other Linux distributions, as well as many other operating systems. Red Hat has submitted RHEL 4 for Capp/EAL4+ security certification.

Price: £210 + VAT

Contact: Red Hat: 0800 358 2018