Security Basics mailing list archives

Re: Linux Distribution Recomendation

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 3 Mar 2004 10:29:56 +0100

On 2004-03-02 Alvin Oga wrote:

I would like to have recommendation for a Linux Distribution satisfying the
following:
a- Secure enough for Buisness applications ( i.e. Mail Server)
b- Kind of Easy to manage and use.
c- Available Updates maintained by the production company.


      debian distro ... you gotta like command line features
              - too klutsy for newbies to use
              - too far behind on the "latest releases" imho


I beg to differ on this one.

Sure Debian takes some getting used to, but IMHO the distro is pretty
much straightforward, so you can get a feel how the stuff works, when
reading thru scripts/configfiles. When having a look at SuSE and Redhat,
I had the impression that they were obfuscating the system too much in
the attempt to make it more usable to newbies (I may be wrong on this
though).

The stable branch is really far behind as you say, but when they say
"stable" they mean it. All the security-related fixes get backported,
too, so for any business-related server Debian would be my choice. If
one needs to be more bleeding-edge, he could switch to one of the other
branches (testing, unstable).

With respect to management of the system: Debian does not come with
fancy administration tools. You have to read the man pages and edit the
configfiles and that's it (I would expect any admin of business-related
servers to be able to do that anyway). Installing software and updates
OTOH is very easy, thanks to apt. For getting a Debian up-to-date all
you need to do is run "apt-get update && apt-get -y upgrade", which may
be automated thru a cron job.

The real issue for the OP may be that Debian updates are not maintained
by a company but by the respective package maintainer (which means by a
member of the community, since Debian is a community project).

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.securityfocus.com/sponsor/InfoSecInstitute_security-basics_040303
----------------------------------------------------------------------------

Current thread:

Linux Distribution Recomendation Kareem Mahgoub (Mar 02)
- Re: Linux Distribution Recomendation Byron Sonne (Mar 02)
- Re: Linux Distribution Recomendation Alvin Oga (Mar 02)
  - Re: Linux Distribution Recomendation Ansgar -59cobalt- Wiechers (Mar 03)
- Re: Linux Distribution Recomendation Daniel Cid (Mar 02)
- Re: Linux Distribution Recomendation Tim Flowers (Mar 02)
- Re: Linux Distribution Recomendation Brian Shaw (Mar 03)
  - Re: Linux Distribution Recomendation lucian (Mar 03)
  - Re: Linux Distribution Recomendation Peter Busser (Mar 04)
    - Re: Linux Distribution Recomendation Alvin Oga (Mar 08)
    - Re: Linux Distribution Recomendation Peter Busser (Mar 11)
    - Re: Linux Distribution Recomendation matt (Mar 12)
    - Re: Linux Distribution Recomendation Peter Busser (Mar 12)
    - Re: Linux Distribution Recomendation Michael Gale (Mar 08)

(Thread continues...)