ProHoster > Blog > internet news > Red Hat Enterprise distribution introduced Linux 9

Red Hat Enterprise distribution introduced Linux 9

Red Hat has released its Red Hat Enterprise distribution. Linux 9. Ready-made installation images will soon be available to registered users of the Red Hat Customer Portal (ISO images can also be used to evaluate the functionality) CentOS Stream 9). The release is available for the x86_64, s390x (IBM System z), ppc64le, and Aarch64 (ARM64) architectures. Red Hat Enterprise RPM package sources Linux 9 are hosted in the Git repository CentOSIn accordance with the 10-year support cycle, RHEL 9 will be supported until 2032. Updates for RHEL 7 will continue to be released until June 30, 2024, and RHEL 8 until May 31, 2029.

Red Hat Enterprise Distribution Linux 9 is notable for its move to a more open development process. Unlike previous branches, the distribution is built using a package database. CentOS Stream 9. CentOS Stream is positioned as an upstream project for RHEL, enabling third-party contributors to control the development of RHEL packages, propose changes, and influence decisions. Previously, a snapshot of a Fedora release was used as the basis for a new RHEL branch, which was refined and stabilized behind closed doors, without the ability to monitor the development process and decisions. Now, a branch is formed from a Fedora snapshot with community input. CentOS Stream, where preparatory work is carried out and the basis for a new significant branch of RHEL is formed.

Key changes:

  • The system environment and build tools have been updated. GCC 11 is used for building packages. The standard C library has been updated to glibc 2.34. The kernel package Linux Built on the 5.14 release. The RPM package manager has been updated to version 4.16 with support for integrity control via fapolicyd.
  • Distribution migration to Python 3 completed. By default, the Python 3.9 branch is proposed. Python 2 has been discontinued.
  • The desktop is based on GNOME 40 (RHEL 8 shipped GNOME 3.28) and the GTK 4 library. In GNOME 40, virtual desktops in the Activities Overview mode are switched to landscape mode and are displayed as a continuously scrolling chain from left to right. Each desktop shown in overview mode provides a visual representation of the available windows that are dynamically panned and zoomed as the user interacts. A seamless transition between the list of programs and virtual desktops is provided.
  • GNOME includes the power-profiles-daemon handler, which provides the ability to switch on the fly between power save mode, power balance mode, and maximum performance mode.
  • All audio streams have been moved to the PipeWire media server, which is now the default instead of PulseAudio and JACK. Using PipeWire allows you to provide professional audio processing capabilities in a regular desktop edition, get rid of fragmentation and unify the audio infrastructure for different applications.
  • By default, the GRUB boot menu is hidden if RHEL is the only distribution installed on the system and if the last boot was successful. To display the menu during boot, just hold down the Shift key or press the Esc or F8 key several times. Of the changes in the bootloader, the placement of GRUB configuration files for all architectures in the same /boot/grub2/ directory is also noted (the /boot/efi/EFI/redhat/grub.cfg file is now a symbolic link to /boot/grub2/grub.cfg), those. the same installed system can be booted using both EFI and BIOS.
  • Components for support of various languages ​​are placed in langpacks packages, allowing you to vary the level of installed language support. For example, langpacks-core-font only offers fonts, langpacks-core provides the glibc locale, base font, and input method, and langpacks provides translations, additional fonts, and spelling dictionaries.
  • Updated security components. The distribution includes a new branch of the OpenSSL 3.0 cryptographic library. By default, more modern and secure cryptographic algorithms are enabled (for example, the use of SHA-1 in TLS, DTLS, SSH, IKEv2 and Kerberos is disabled, TLS 1.0, TLS 1.1, DTLS 1.0, RC4, Camellia, DSA, 3DES and FFDHE-1024 are disabled) . The OpenSSH package has been updated to version 8.6p1. Cyrus SASL moved to GDBM backend instead of Berkeley DB. The NSS (Network Security Services) libraries no longer support the DBM (Berkeley DB) format. GnuTLS has been updated to version 3.7.2.
  • Significantly improved SE performanceLinux and reduced memory consumption. Support for the "SELINUX=disabled" setting for disabling SE has been removed from /etc/selinux/configLinux (the specified setting now only disables the loading of policies, and to actually disable the functionality of SELinux now it is required to pass the parameter "selinux=0" to the kernel).
  • Added experimental support VPN WireGuard.
  • By default, SSH login as root is disabled.
  • The iptables-nft packet filter management tools (iptables, ip6tables, ebtables and arptables utilities) and ipset have been deprecated. It is now recommended to use nftables to manage the firewall.
  • A new mptcpd daemon is included for configuring MPTCP (MultiPath TCP), an extension of the TCP protocol for organizing the operation of a TCP connection with the delivery of packets simultaneously along several routes through different network interfaces bound to different IP addresses. Using mptcpd makes it possible to configure MPTCP without using the iproute2 utility.
  • The network-scripts package has been removed, NetworkManager should be used to configure network connections. Support for the ifcfg settings format has been retained, but NetworkManager defaults to a format based on the keyfile.
  • New versions of compilers and developer tools included: GCC 11.2, LLVM/Clang 12.0.1, Rust 1.54, Go 1.16.6, Node.js 16, OpenJDK 17, Perl 5.32, PHP 8.0, Python 3.9, Ruby 3.0, Git 2.31, Subversion 1.14, binutils 2.35, CMake 3.20.2, Maven 3.6, Ant 1.10.
  • Updated server packages Apache HTTP Server 2.4.48, nginx 1.20, Varnish Cache 6.5, Squid 5.1.
  • Updated DBMS MariaDB 10.5, MySQL 8.0, PostgreSQL 13, Redis 6.2.
  • By default, Clang is used to build the QEMU emulator, which allowed some additional protection mechanisms to be applied in the KVM hypervisor, such as SafeStack to protect against Return-Oriented Programming (ROP) exploitation methods.
  • The SSSD (System Security Services Daemon) has increased the detail of the logs, for example, the task completion time is now attached to the events and the authentication flow is reflected. Added search functionality to analyze settings and performance issues.
  • Support for IMA (Integrity Measurement Architecture) has been extended to check the integrity of operating system components using digital signatures and hashes.
  • By default, a single unified cgroup hierarchy (cgroup v2) is enabled. Cgroups v2 can be used, for example, to limit memory, CPU, and I/O consumption. The key difference between cgroups v2 and v1 is the use of a common cgroups hierarchy for all resource types, instead of separate hierarchies for CPU allocation, memory management, and I/O. Separate hierarchies led to difficulties in organizing interaction between handlers and to additional costs of kernel resources when applying rules for a process mentioned in different hierarchies.
  • Added support for precise time synchronization based on the NTS (Network Time Security) protocol, which uses elements of the public key infrastructure (PKI) and allows the use of TLS and authenticated encryption AEAD (Authenticated Encryption with Associated Data) for cryptographic protection of client-server interactions. Server via NTP (Network Time Protocol). The chrony NTP server has been updated to version 4.1.
  • Provided experimental (Technology Preview) support for KTLS (TLS implementation at the kernel level), Intel SGX (Software Guard Extensions), DAX (Direct Access) for ext4 and XFS, support for AMD SEV and SEV-ES in the KVM hypervisor.

Source: opennet.ru

Buy reliable hosting for sites with DDoS protection, VPS VDS servers 🔥 Buy reliable website hosting with DDoS protection, VPS VDS servers | ProHoster