[PLUG] Joe Jobbed

M. Edward (Ed) Borasky znmeb at cesmail.net
Sun Oct 7 17:47:47 UTC 2007


Ed Sawicki wrote:
> Most people on this list use distributions. They expect that the
> distributor will keep all the software current. If they try to
> keep their systems more current than the distribution they can
> mess things up unless they know what they're doing.

1. It is nearly impossible to add software, secure or insecure, to a 
standard stable distribution like RHEL/CentOS or Etch, with standardized 
repositories and built-in security, bug fix and new feature update 
services. If you want to run a stable, secure server using such a 
distro, *don't* think outside the box. Don't run "testing" or "unstable" 
packages, don't get RPMs or DEBs from anywhere other than the built-in 
repositories, and don't install anything from raw source. Period. Full stop.

2. The *only* advantage a secure Linux server has over a secure Windows 
server is that the major Linux server distros release security updates 
much more frequently than Microsoft does. *Both* are exploitable, *both* 
are targets of hackers and crackers, and *both* require eternal 
vigilance as the price of security.

> I think it's
> unrealistic to expect them to take on this task, especially when
> they're running sites where a rare break-in is not going to
> bankrupt a business or leak national secrets.

Leaving aside the difference between a hobby server and a business 
server, if Linux becomes the kind of tool for distributed denial of 
service attacks that Windows has become, it's all over for Linux! The 
corporate giants will shove Linux into the flaming pits of Heck. You 
won't be able to get CentOS -- you'll have to buy RHEL. You won't be 
able to get openSuSE, you'll have to buy Novell's version, and you won't 
be able to get Etch/Lenny/Sid, you'll have to buy Ubuntu.

So take on the task! Run secure or face oblivion. :)




More information about the PLUG mailing list