[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date
][Interchange by thread
]
RE: [ic] Wich linux distribution ?
I was going to start a security thread, and probably still should. But
since you bring it up....
Many Unix/Linux distributions (and Windows too) arrive out of the box,
with very poor security for hosting outside a firewall. A good admin
knows how to shut off nearly everything, and setup ipchains or iptables to
protect the box to the max. Many do not, however, and many an exploit has
leveraged the fact that some distributions install with anonymous ftp
enabled.. :-(
A secure server should be a dedicated server. You should be able to
portscan your own box, and see two ports open. 22 and 443. And 22 should
be firewalled to only allow your source IP. nmap is an excellent tool for
portscanning. See www.insecure.org. Fyordor also has a very old, but
eye opening list of exploits to peruse. If you think you can put user
accounts, ftp (with plaintext passwords), and other services on a secure
server, you are kidding yourself, and doing an injustice to your clients.
Red Hat has seen the light, and since about 7.1, RH now installs in a
pretty good (outside the fw) config, out of the box. Most services are
disabled, and you are asked to setup ipchains during OS install, if I
remember correctly...
The bad news is that I couldn't get IC to run on my RedHat system. The IC
rpm's failed to give me a working demo. I filed a bug report on the IC
site (ignored), and I begged for help on this list. I delved into the
config files and tried to get a handle on what the perl code was doing.
I was a little stymied by the missing source for rlink.c. Since this is
the starting point of all web requests. To get it, I was going to need
the tarball, and since someone on the list suggested that the tarball
works, I removed the rpms and went for the tarball...
Teeth gnashing, I struggled for many more hours before I finally
discovered that my major problem (with the tarball release) was the perms
that RH uses on the users home directory.. 700. Arrgh!
The rpm install may have a workaround for the user home perms, but I never
got the benefit of it. Admittedly, I refused to allow CPAN to auto
install the Interchange Bundle, because of a very bad experience I had
with CPAN, but I have harped on that issue enough already....
I love RedHat. It has been my choice for Linux for several years. RH 7.3
is great!
It hurts me to see all of the other Linux distro's being recommended with
high marks, and nobody says.. USE REDHAT. Including me.
I did eventually get it working. Honestly, it took me almost 20 hours,
including time spent building up good will on this list so I could get
some helpful answers. And I documented, for the list, my fixes.
So, with reservations, I can say.. Use RedHat. Use the 7.3 release if
you can. It has a pretty good security profile, out of the box. Don't
use the rpm's though. Use the tarball, and beware of the perms created on
a users home folder. See my prior posts...
Someday I will post more on how and why to make a secure SSL server.
On Thu, 20 Dec 2001, alain abraham wrote:
> Whe are currently running a debian for file server, zope, ezmlm ...
>
> Then I know a little about linux server adm.
>
> But my question is about the bir trouble of security. And especially for
> running only services necessary for Interchange.
> And i think the install process for debian give not the choice of a server
> configuration; The manual choice could be too much complex for me. then i
> try to know when there is a distribution like e-smith or smoothwall adapted
> for interchange.
>
> Thanks MESSIEURS
>
> Alain
>
> -----Message d'origine-----
> De : interchange-users-admin@interchange.redhat.com
> [mailto:interchange-users-admin@interchange.redhat.com]De la part de
> David Bronson
> Envoyé : jeudi 20 décembre 2001 17:27
> À : interchange-users@interchange.redhat.com
> Objet : Re: [ic] Wich linux distribution ?
>
>
> I agree with Alexander that debian is a great distribution. You may not be
> happy with it as your first distribution though. The expectation is that you
> know what you are doing. It can't be beat for Linux network admins though..
>
> Good Luck,
>
> DB
> ----- Original Message -----
> From: alain abraham <alain.abraham@urbuz.com>
> To: <interchange-users@interchange.redhat.com>
> Sent: Thursday, December 20, 2001 5:34 AM
> Subject: [ic] Wich linux distribution ?
>
>
> > hello,
> > I looking for "conseils" to choose a distribution for interchange running
> > on.
> >
> > Of course, I think about redhat 6.1, but is there a more server and free
> > oriented distribution for interchange.
> >
> > Merci
> >
> > Alain
> >
> > _______________________________________________
> > interchange-users mailing list
> > interchange-users@interchange.redhat.com
> > http://interchange.redhat.com/mailman/listinfo/interchange-users
> >
>
> _______________________________________________
> interchange-users mailing list
> interchange-users@interchange.redhat.com
> http://interchange.redhat.com/mailman/listinfo/interchange-users
>
> _______________________________________________
> interchange-users mailing list
> interchange-users@interchange.redhat.com
> http://interchange.redhat.com/mailman/listinfo/interchange-users
>
--
--------------------
Timothy Burt
Internet Specialist
_______________________________________________
interchange-users mailing list
interchange-users@interchange.redhat.com
http://interchange.redhat.com/mailman/listinfo/interchange-users