Security Basics mailing list archives
Re: Linux Distribution Recomendation
From: Vincent <pros-n-cons () bak rr com>
Date: Tue, 2 Mar 2004 20:51:56 -0800
On Tue, 02 Mar 2004 08:41:26 +0200 Kareem Mahgoub <kareem () thewayout net> wrote:
Hello list, I would like to have recommendation for a Linux Distribution satisfying the following: a- Secure enough for Buisness applications ( i.e. Mail Server) b- Kind of Easy to manage and use. c- Available Updates maintained by the production company. Any help will be very much appreciated Best Regards, Kareem Mahgoub
What you really asked is for everyone on the list to argue who's the best. Asking yourself these questions is likely to provide a better answer. How much money are you willing to spend? How many servers do you need to administer? How long will you need it supported, one year? five years? How much functionality are you willing to sacrifice for security? What distro do you currently have the most experience with? I do not expect anyone on this list to make a case for Red Hat since It's not 'cool' anymore so I will try to give my ยข2 for them. 1.) If you got the cash Red Hat is solid for support and very fast updates. I run several RSS feeds and read up to the minute security announcements they are usually one of the 1st three to fix a security issue. Since you asked about a mail server as an example take the last sendmail exploit. Red Hat had a patch out the day _before_ CERT published it while Debian and SuSe were still not ready to push out updates two days later according to http://www.cert.org/advisories/CA-2003-25.html 2.) If you have many servers all performing the same or closely related functionality RHN (red hat network) has a provisioning module well worth a look http://www.europe.redhat.com/software/rhn/tour/ SuSe has Yast which I hear is excellent for single server administration and if it has the ability to manage across the network seamlessly it would be a good pick here also. Though I've not used it at work so can't be sure. 3.) RHEL support is a guaranteed 5 years if you choose to want support that long. Debian as I understand it is supported approximatly 1 year after a new release making it about 2 1/2 years I guess. SuSe is also 5 years AFIK. 4.) By Sacrifice security for functionality I mean you can run something like SElinux, Gentoo hardened or Adamantix which is harder to crack than just about anything but you will pay a price, things like PaX stack protection will give you a significant performance hit and break many applications. It should be noted that the 2.6 kernel will have SElinux built in, 5.) The last one is very important, distro's are mostly the same with small benifits, or drawbacks. The main thing is knowing the system. If you're new to all id go with Red Hat or SuSe.
Attachment:
_bin
Description:
Current thread:
- Re: Linux Distribution Recomendation, (continued)
- Re: Linux Distribution Recomendation Peter Busser (Mar 11)
- Re: Linux Distribution Recomendation matt (Mar 12)
- Re: Linux Distribution Recomendation Peter Busser (Mar 12)
- Re: Linux Distribution Recomendation Michael Gale (Mar 08)
- RE: Linux Distribution Recomendation Rod Trent (Mar 09)
- Re: Linux Distribution Recomendation Peter Busser (Mar 11)
- Re: Linux Distribution Recomendation Byron Sonne (Mar 09)
- Re: Linux Distribution Recomendation Peter Busser (Mar 04)
- Re: Linux Distribution Recomendation Vincent (Mar 08)
- Re: Linux Distribution Recomendation Peter Busser (Mar 11)
- Re: Linux Distribution Recomendation Vincent (Mar 15)
- Re: Linux Distribution Recomendation Peter Busser (Mar 16)
- Re: Linux Distribution Recomendation Peter Busser (Mar 08)