Home page logo

basics logo Security Basics mailing list archives

Re: Linux Distribution Recomendation
From: Vincent <pros-n-cons () bak rr com>
Date: Tue, 2 Mar 2004 20:51:56 -0800

On Tue, 02 Mar 2004 08:41:26 +0200
Kareem Mahgoub <kareem () thewayout net> wrote:

Hello list,
I would like to have recommendation for a Linux Distribution satisfying the
a- Secure enough for Buisness applications ( i.e. Mail Server)
b- Kind of Easy to manage and use.
c- Available Updates maintained by the production company.
Any help will be very much appreciated
Best Regards,
Kareem Mahgoub

What you really asked is for everyone on the list to argue who's the best.
Asking yourself these questions is likely to provide a better answer.

How much money are you willing to spend?
How many servers do you need to administer?
How long will you need it supported, one year? five years?
How much functionality are you willing to sacrifice for security?
What distro do you currently have the most experience with?

I do not expect anyone on this list to make a case for Red Hat since
It's not 'cool' anymore so I will try to give my ยข2 for them.

1.) If you got the cash Red Hat is solid for support and very fast updates.
I run several RSS feeds and read up to the minute security announcements
they are usually one of the 1st three to fix a security issue. Since you 
asked about a mail server as an example take the last sendmail exploit. 
Red Hat had a patch out the day _before_ CERT published it while Debian 
and SuSe were still not ready to push out updates two days later according 
to http://www.cert.org/advisories/CA-2003-25.html

2.) If you have many servers all performing the same or closely related
functionality RHN (red hat network) has a provisioning module well worth
a look http://www.europe.redhat.com/software/rhn/tour/ SuSe has Yast
which I hear is excellent for single server administration and if it
has the ability to manage across the network seamlessly it would be a 
good pick here also. Though I've not used it at work so can't be sure.

3.) RHEL support is a guaranteed 5 years if you choose to want support that
long. Debian as I understand it is supported approximatly 1 year after a 
new release making it about 2 1/2 years I guess. SuSe is also 5 years AFIK.

4.) By Sacrifice security for functionality I mean you can run something
like SElinux, Gentoo hardened or Adamantix which is harder to crack than 
just about anything but you will pay a price, things like PaX stack 
protection will give you a significant performance hit and break many 
applications. It should be noted that the 2.6 kernel will have SElinux 
built in,

5.) The last one is very important, distro's are mostly the same with
small benifits, or drawbacks. The main thing is knowing the system. If
you're new to all id go with Red Hat or SuSe. 

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]