The latest release of the free-as-in-freedom Fedora distribution, Fedora 8, released not too long ago, has some pretty impressive security features.
First of all there is SELinux which is one of the best mechanisms of securing your Linux distribution. SELinux in Fedora has matured through the releases to the point where I'd actually advise users to leave it enabled during installation. F8 also packs an additional Kiosk policy that can be used for a login terminal with minimal privileges to be used in public places like airports, banks, libraries, etc. F8 also packs tools to create your own custom policies.
One security enhancements that users will run into is the all-new Firewall configuration tool (system-config-firewall). It's easier to use and has a polished interface compared to the old tool (system-config-securitylevel). You can also now securely manage your virtual machines from a remote host since the libvirt Xen and KVM management API in F8 use SSL/TLS encryption and x509 certificates for client authentication.
GCC and GLIBC's C library both have a feature called FORTIFY-SOURCE. To quote from their documentation, "The idea behind FORTIFY_SOURCE is relatively simple: there are cases where the compiler can know the size of a buffer (if it's a fixed sized buffer on the stack, as in the example, or if the buffer just came from a malloc() function call). With a known buffer size, functions that operate on the buffer can make sure the buffer will not overflow." FORTIFY_SOURCE in F8 has now been enhanced to cover C++ in addition to C. Furthermore, glibc will also recognize SHA256 and SHA512 passwords in addition to DES and MD5.
Fedora 8's Security Features page has more details.[Read More]