SLUG Mailing List Archives
Re: [SLUG] General question Re: Securing Redhat Linux
- To: Minh Van Le <mvanle@xxxxxxxxxxxxxx>
- Subject: Re: [SLUG] General question Re: Securing Redhat Linux
- From: James Gregory <james@xxxxxxxxxxxx>
- Date: Wed Dec 18 02:41:04 2002
- Cc: slug@xxxxxxxxxxx
On Tue, 2002-12-17 at 14:49, Minh Van Le wrote:
> I think any distribution can be ironclad.
I think that any distribution can be equally insecure.
If you spend enough time on it you can convince yourself that any box is
"secure". Secure systems is one area where debian excels though. Debian
packaging policy means that old, reliable software is used in favour of
newer, possibly more functional, but possibly also less secure software.
If nothing else debian packages are much more a known quantity than
other distributions (debian stable, not unstable et al).
Debian maintainers also do helpful things like disabling the
no-encryption option on ssh. They also had that bug fix for ssh out
before anyone else (I don't even know if that made its way into redhat
etc - I assume it did but no-one made the same fuss about it that debian
You theoretically can make redhat as secure as debian, but I would argue
that your time would be better spent on more important aspects of system
I like redhat and its bretheren, but I don't use it on servers.
btw - you wanna be careful with tripwire et al. What happens when
someone hacks your box and replaces the tripwire executable with one
that sends an email at the alotted time intervals reporting that
everything is ok? It's better than nothing, but don't rely on it.