Red Hat Enterprise Linux 8.6: Better security, more options

The headlines went to the long-anticipated arrival of RHEL 9, but for more pragmatic Linux users, Red Hat Enterprise Linux 8.6 has arrived as well.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Do you want a solid Linux distribution that also delivers the latest languages and solid security? Yes? Then consider getting Red Hat Enterprise Linux 8.6.

Red Hat announced this new release at the Red Hat Summit. It has numerous new features, but the ones that caught my eye were the security improvements.

For example, if you're serious about securing your Linux distribution, you should run Security-Enhanced Linux (SELinux). But, SELinux has long had a fundamental problem. Because its Common Intermediate Language (CIL) couldn't store the module name and version in the module itself, there was no simple way to verify that the installed module was the right version. This kind of thing has become a common software chain supply security problem. 

Now, however, you can create a SHA256 hash checksum signature for your SELinux modules. You can then compare this with the original file's checksum to make sure you're actually using the correct SELinux configuration file. 

Continuing with configuration file security improvements, RHEL's OpenSSH servers now support drop-in configuration files. The sshd_config file supports the Include directive. That means you can include configuration files in another directory. What makes this matter is that it makes it easier to apply system-specific configurations on OpenSSH servers by using automation tools such as Ansible Engine. It also makes it easier to organize different configuration files for different uses, such as filtering incoming connections.

Libreswan, a popular open-source IPsec Virtual Private Network (VPN) server and Internet Key Exchange (IKE), has been rebased to upstream version 4.5. This includes many bug fixes and enhancements, such as the support of IKE version 2 for Labeled IPsec.This enables Libreswan to work better on SELinux systems.

For SAP HANA users, the big news is there's now a jointly-tested RHEL SAP HANA configuration with SELinux enabled. SELinux enables the server to automatically isolate processes. This, in turn, provides excellent privilege escalation attack protection.

At a higher level, RHEL's Web console now includes support for Smart Card Authentication with sudo and SSH. With the growing need for Two-Factor Authentication (2FA) this is a big step forward for improved day-to-day security.

For developers, the biggest news is that RHEL 8.6 now comes with PHP 8 and Perl 5.32. It also includes support for GCC 11, LLVM 13.0.1, Rust 1.58.1, Go 1.17.7, OpenJDK 17, and Apache Log4j 2. In other words, it supports today's most up-to-date languages.

If you need high-availability (HA), RHEL 8.6 also comes with a HA Cluster System Role. This makes it much easier to create more consistent and stable RHEL HA clusters solutions.

Life is also easier for SAP HANA users because SAP day-1 Automation uses the Red Hat Ansible Automation Platform to automate SAP HANA setup and configurations. Additionally, these new RHEL system roles are now available as Ansible collections, providing organizations with more flexibility to consume SAP automation content. All these SAP HANA improvements make RHEL much more competitive with SUSE SAP HANA offerings.

Put it all together and what you get is a great, solid enterprise Linux for Red Hat users on everything from a simple server in the backroom to the data center to the public cloud to the hybrid cloud and beyond.

RHEL 8.6 is available now for everyone with an active RHEL subscription. Don't have one and want to give the latest RHEL a try? You can download a 60-day evaluation edition of RHEL 8.6 to see if it works for you. 

Related Stories:

Editorial standards