Re: Distribution Choice

[john winger <jwinger () nationsholding com>]

Alot of talk about which distro to use. Been running a honeynet for
about 1.5 years now and  here is my take.

Gentoo Used it for a workstation for nearly a year at work. It worked
well. IMO it is not well suited for honeynet use. Recovering from a
compromise seemed to be too much of a hassle. It is nice to custom build
everything from source. That can also be a hindrance when rebuilding a
system.

Redhat Nice vanilla distro. RH 6.2 makes a great honeypot because of all
the well known holes. It is easy to customize and a bare bones install
is  250 megs.

Mandrake Nice distro based on RH with some security enhancements. Bare
bones install is 250 megs. Comes with security enhanced kernel. I
believe it contains the GRE stuff. Msec and some other default security
stuff makes this preferred platform for hosting virtual honeynets.

That is all

John

On Tue, 2003-05-27 at 16:42, Richard Stevens wrote:
> Hi,
>
> my question will risk the start of a distribution flamewar. I don't intend to 
> do that, I'm really looking for advice.
>
> I'm currently setting up a system for a Gen II honeynet firewall. My proof of 
> concept setup was debian based but I just can't start to like debian (just me 
> :-).
>
> I'm wondering what distribution you would suggest. I'm interested you 
> experiences related to stability, flexibility in modifying the standard, 
> security, ability to apply the needed patches etc. 
>
> I'm looking for something
>
> minimal (not 1 Gig of baseinstallation with all development tools and X 
> installed)
>
> flexible (ability to change key components without killing most of the boot 
> process functionality, that means basically not too much automatic stuff. I'd 
> like to get rid of modules...)
>
> secure (a hardened Kernel and maybe even buffer overflow protected kernel and 
> libs would be nice)
>
> Any suggestions? 
>
> Thanks,
>
> Richard

Attachment: signature.asc
Description: This is a digitally signed message part