[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date
][Interchange by thread
]
RE: [ic] Wich linux distribution ?
Oops.. Make that RH 7.2.. :-)
On Thu, 20 Dec 2001 tburt@timburt.com wrote:
>
> I was going to start a security thread, and probably still should. But
> since you bring it up....
>
> Many Unix/Linux distributions (and Windows too) arrive out of the box,
> with very poor security for hosting outside a firewall. A good admin
> knows how to shut off nearly everything, and setup ipchains or iptables to
> protect the box to the max. Many do not, however, and many an exploit has
> leveraged the fact that some distributions install with anonymous ftp
> enabled.. :-(
>
> A secure server should be a dedicated server. You should be able to
> portscan your own box, and see two ports open. 22 and 443. And 22 should
> be firewalled to only allow your source IP. nmap is an excellent tool for
> portscanning. See www.insecure.org. Fyordor also has a very old, but
> eye opening list of exploits to peruse. If you think you can put user
> accounts, ftp (with plaintext passwords), and other services on a secure
> server, you are kidding yourself, and doing an injustice to your clients.
>
> Red Hat has seen the light, and since about 7.1, RH now installs in a
> pretty good (outside the fw) config, out of the box. Most services are
> disabled, and you are asked to setup ipchains during OS install, if I
> remember correctly...
>
> The bad news is that I couldn't get IC to run on my RedHat system. The IC
> rpm's failed to give me a working demo. I filed a bug report on the IC
> site (ignored), and I begged for help on this list. I delved into the
> config files and tried to get a handle on what the perl code was doing.
>
> I was a little stymied by the missing source for rlink.c. Since this is
> the starting point of all web requests. To get it, I was going to need
> the tarball, and since someone on the list suggested that the tarball
> works, I removed the rpms and went for the tarball...
>
> Teeth gnashing, I struggled for many more hours before I finally
> discovered that my major problem (with the tarball release) was the perms
> that RH uses on the users home directory.. 700. Arrgh!
>
> The rpm install may have a workaround for the user home perms, but I never
> got the benefit of it. Admittedly, I refused to allow CPAN to auto
> install the Interchange Bundle, because of a very bad experience I had
> with CPAN, but I have harped on that issue enough already....
>
> I love RedHat. It has been my choice for Linux for several years. RH 7.3
> is great!
>
> It hurts me to see all of the other Linux distro's being recommended with
> high marks, and nobody says.. USE REDHAT. Including me.
>
> I did eventually get it working. Honestly, it took me almost 20 hours,
> including time spent building up good will on this list so I could get
> some helpful answers. And I documented, for the list, my fixes.
>
> So, with reservations, I can say.. Use RedHat. Use the 7.3 release if
> you can. It has a pretty good security profile, out of the box. Don't
> use the rpm's though. Use the tarball, and beware of the perms created on
> a users home folder. See my prior posts...
>
> Someday I will post more on how and why to make a secure SSL server.
>
> On Thu, 20 Dec 2001, alain abraham wrote:
>
> > Whe are currently running a debian for file server, zope, ezmlm ...
> >
> > Then I know a little about linux server adm.
> >
> > But my question is about the bir trouble of security. And especially for
> > running only services necessary for Interchange.
> > And i think the install process for debian give not the choice of a server
> > configuration; The manual choice could be too much complex for me. then i
> > try to know when there is a distribution like e-smith or smoothwall adapted
> > for interchange.
> >
> > Thanks MESSIEURS
> >
> > Alain
> >
> > -----Message d'origine-----
> > De : interchange-users-admin@interchange.redhat.com
> > [mailto:interchange-users-admin@interchange.redhat.com]De la part de
> > David Bronson
> > Envoyé : jeudi 20 décembre 2001 17:27
> > À : interchange-users@interchange.redhat.com
> > Objet : Re: [ic] Wich linux distribution ?
> >
> >
> > I agree with Alexander that debian is a great distribution. You may not be
> > happy with it as your first distribution though. The expectation is that you
> > know what you are doing. It can't be beat for Linux network admins though..
> >
> > Good Luck,
> >
> > DB
> > ----- Original Message -----
> > From: alain abraham <alain.abraham@urbuz.com>
> > To: <interchange-users@interchange.redhat.com>
> > Sent: Thursday, December 20, 2001 5:34 AM
> > Subject: [ic] Wich linux distribution ?
> >
> >
> > > hello,
> > > I looking for "conseils" to choose a distribution for interchange running
> > > on.
> > >
> > > Of course, I think about redhat 6.1, but is there a more server and free
> > > oriented distribution for interchange.
> > >
> > > Merci
> > >
> > > Alain
> > >
> > > _______________________________________________
> > > interchange-users mailing list
> > > interchange-users@interchange.redhat.com
> > > http://interchange.redhat.com/mailman/listinfo/interchange-users
> > >
> >
> > _______________________________________________
> > interchange-users mailing list
> > interchange-users@interchange.redhat.com
> > http://interchange.redhat.com/mailman/listinfo/interchange-users
> >
> > _______________________________________________
> > interchange-users mailing list
> > interchange-users@interchange.redhat.com
> > http://interchange.redhat.com/mailman/listinfo/interchange-users
> >
>
>
--
--------------------
Timothy Burt
Internet Specialist
_______________________________________________
interchange-users mailing list
interchange-users@interchange.redhat.com
http://interchange.redhat.com/mailman/listinfo/interchange-users