Re: Linux Distribution Recomendation
From: Vincent (pros-n-cons_at_bak.rr.com)
Date: 03/03/04
- Previous message: Josh Mills: "symantec mail security"
- In reply to: Kareem Mahgoub: "Linux Distribution Recomendation"
- Next in thread: Peter Busser: "Re: Linux Distribution Recomendation"
- Reply: Peter Busser: "Re: Linux Distribution Recomendation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 2 Mar 2004 20:51:56 -0800 To: security-basics@securityfocus.com
On Tue, 02 Mar 2004 08:41:26 +0200
Kareem Mahgoub <kareem@thewayout.net> wrote:
> Hello list,
> I would like to have recommendation for a Linux Distribution satisfying the
> following:
> a- Secure enough for Buisness applications ( i.e. Mail Server)
> b- Kind of Easy to manage and use.
> c- Available Updates maintained by the production company.
> Any help will be very much appreciated
> Best Regards,
> Kareem Mahgoub
>
What you really asked is for everyone on the list to argue who's the best.
Asking yourself these questions is likely to provide a better answer.
How much money are you willing to spend?
How many servers do you need to administer?
How long will you need it supported, one year? five years?
How much functionality are you willing to sacrifice for security?
What distro do you currently have the most experience with?
I do not expect anyone on this list to make a case for Red Hat since
It's not 'cool' anymore so I will try to give my ¢2 for them.
1.) If you got the cash Red Hat is solid for support and very fast updates.
I run several RSS feeds and read up to the minute security announcements
they are usually one of the 1st three to fix a security issue. Since you
asked about a mail server as an example take the last sendmail exploit.
Red Hat had a patch out the day _before_ CERT published it while Debian
and SuSe were still not ready to push out updates two days later according
to http://www.cert.org/advisories/CA-2003-25.html
2.) If you have many servers all performing the same or closely related
functionality RHN (red hat network) has a provisioning module well worth
a look http://www.europe.redhat.com/software/rhn/tour/ SuSe has Yast
which I hear is excellent for single server administration and if it
has the ability to manage across the network seamlessly it would be a
good pick here also. Though I've not used it at work so can't be sure.
3.) RHEL support is a guaranteed 5 years if you choose to want support that
long. Debian as I understand it is supported approximatly 1 year after a
new release making it about 2 1/2 years I guess. SuSe is also 5 years AFIK.
4.) By Sacrifice security for functionality I mean you can run something
like SElinux, Gentoo hardened or Adamantix which is harder to crack than
just about anything but you will pay a price, things like PaX stack
protection will give you a significant performance hit and break many
applications. It should be noted that the 2.6 kernel will have SElinux
built in,
5.) The last one is very important, distro's are mostly the same with
small benifits, or drawbacks. The main thing is knowing the system. If
you're new to all id go with Red Hat or SuSe.
- application/pgp-signature attachment: stored
- Previous message: Josh Mills: "symantec mail security"
- In reply to: Kareem Mahgoub: "Linux Distribution Recomendation"
- Next in thread: Peter Busser: "Re: Linux Distribution Recomendation"
- Reply: Peter Busser: "Re: Linux Distribution Recomendation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
