Another question is wether to switch to RH9.0 or stick to 8.0 and follow the security docs from RH:
http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/
I would of course follow the 9.0 security docs, but would in general switching be recommended?