Re: Linux Distribution Recomendation

From: Vincent (pros-n-cons_at_bak.rr.com)
Date: 03/03/04

  • Next message: Christopher Herrmann: "Internal POP3 users"
    Date: Tue, 2 Mar 2004 20:51:56 -0800
    To: security-basics@securityfocus.com
    
    
    

    On Tue, 02 Mar 2004 08:41:26 +0200
    Kareem Mahgoub <kareem@thewayout.net> wrote:

    > Hello list,
    > I would like to have recommendation for a Linux Distribution satisfying the
    > following:
    > a- Secure enough for Buisness applications ( i.e. Mail Server)
    > b- Kind of Easy to manage and use.
    > c- Available Updates maintained by the production company.
    > Any help will be very much appreciated
    > Best Regards,
    > Kareem Mahgoub
    >

    What you really asked is for everyone on the list to argue who's the best.
    Asking yourself these questions is likely to provide a better answer.

    How much money are you willing to spend?
    How many servers do you need to administer?
    How long will you need it supported, one year? five years?
    How much functionality are you willing to sacrifice for security?
    What distro do you currently have the most experience with?

    I do not expect anyone on this list to make a case for Red Hat since
    It's not 'cool' anymore so I will try to give my 2 for them.

    1.) If you got the cash Red Hat is solid for support and very fast updates.
    I run several RSS feeds and read up to the minute security announcements
    they are usually one of the 1st three to fix a security issue. Since you
    asked about a mail server as an example take the last sendmail exploit.
    Red Hat had a patch out the day _before_ CERT published it while Debian
    and SuSe were still not ready to push out updates two days later according
    to http://www.cert.org/advisories/CA-2003-25.html

    2.) If you have many servers all performing the same or closely related
    functionality RHN (red hat network) has a provisioning module well worth
    a look http://www.europe.redhat.com/software/rhn/tour/ SuSe has Yast
    which I hear is excellent for single server administration and if it
    has the ability to manage across the network seamlessly it would be a
    good pick here also. Though I've not used it at work so can't be sure.

    3.) RHEL support is a guaranteed 5 years if you choose to want support that
    long. Debian as I understand it is supported approximatly 1 year after a
    new release making it about 2 1/2 years I guess. SuSe is also 5 years AFIK.

    4.) By Sacrifice security for functionality I mean you can run something
    like SElinux, Gentoo hardened or Adamantix which is harder to crack than
    just about anything but you will pay a price, things like PaX stack
    protection will give you a significant performance hit and break many
    applications. It should be noted that the 2.6 kernel will have SElinux
    built in,

    5.) The last one is very important, distro's are mostly the same with
    small benifits, or drawbacks. The main thing is knowing the system. If
    you're new to all id go with Red Hat or SuSe.

    
    



  • Next message: Christopher Herrmann: "Internal POP3 users"

    Relevant Pages

    • Re: Upgrading RH9 to Fedora?
      ... >for patches or security fixes, my impression is that they will release the ... >latest stable with the appropriate fixes as opposed to backporting. ... Internet-based support. ... Now Red Hat has pulled out entirely, while forcing the former "Red Hat ...
      (comp.os.linux.misc)
    • =?ISO-8859-1?Q?Re:_Linux_Experiences=3F?=
      ... This is true with SUSE as well as Red Hat. ... can buy your support from Novell, or anyone else you feel comfortable with. ... IBM will staff the problem into the Open-Source ...
      (bit.listserv.ibm-main)
    • Re: [SLE] Redhat vs SuSE Debate
      ... Fedora Linux is the equivalent of Red Hat Linux, ... > always been targeted at small customers with lower support needs. ... >> considering SuSE. ...
      (SuSE)
    • Re: How Intel Can Save the Itanium!
      ... David probably meant IBM pSeries/p5) and Itanium Linux installations ... Leading Itanium vendors, i.e. HP, Fujitsu and SGI officially support ... Red Hat and SUSE as OS options for their hardware. ...
      (comp.arch)
    • Re: RedHat - SuSE recomendation
      ... > experience is NOT with home systems, ... where we support our full stack of software... ... Red Hat. ... We're very impressed with SUSE. ...
      (comp.os.linux.setup)