Red Hat Enterprise Linux 8
Red Hat Enterprise Linux (RHEL) 8 is based upon the principles of "operational consistency, security, and cloud foundation." Utilizing kernel 4.18x, RHEL 8 is based on Fedora 28 and will run on Intel/AMD 64-bit processors as well as IBM Power LE, IBM z Systems, and ARM 64-bit.
Improvements in operational consistency
- Red Hat has sought to reduce complexity in RHEL 8, which comes with ten guaranteed years of enterprise support. Their model involves repositories for the base operating system as well as application streams for flexible lifecycle options, which offer multiple versions of databases, languages, various compilers, and other tools to help facilitate the use of RHEL for business models.
- Build-in defaults in RHEL 8 include tuned profiles for database options (ready-to-go options out of the box) and ansible system roles to provide a common configuration interface (ensuring standardization and reliability)
- The RHEL 8 YUM package manager is now based on the Dandified Yum (DNF) technology, which supports modular content, better performance, and a stable API for integration with tooling. User feedback indicated that "yum is a lot faster than it used to be, and all the commands work well."
- Red Hat Insights (tools to provide system administrators with analytics, machine learning, and automation controls) are now included in RHEL 8 along with a session recording feature, which can record and playback user terminal sessions for better security and training capabilities.
Improvements in security
- Secure default compiler flags and static code analysis have been added to RHEL 8 for more secure code writing.
- FIPS ("Federal Information Processing Standards") mode has been made easier to activate for organizations that require federal government security standards.
- Red Hat has also sought to make it easier to work with smart cards and hardware security modules (HSMs) using PKCS#11 centralized configurations. For instance, OpenSSH or Apache Web Server can be better secured using these options.
- RHEL 8 offers strong crypto policies for encryption (to meet an array of security standards)
- Transport Layer Security (TLS) 1.3 is a systemwide standard for data encryption as TLS 1.2 is widely considered too slow for today's applications.
- SELinux has been improved for better controls on files and directories and is enabled by default in RHEL 8.
- Software ID (SWID) tags in RHEL 8 can help perform software inventory management and enforce application whitelisting across the enterprise to permit only trusted programs to execute. Furthermore, Trusted Platform Module (TPM) usage can help ensure the integrity of core software itself to prevent tampering or malicious activity.
