Re: Linux is Driving me $#@!!!! nutz!!!
- From: Donnie Barnes <djbSPAMSUCKS@xxxxxxxxxxxxxxxx>
- Date: 3 Jan 2006 05:52:35 GMT
On Tue, 03 Jan, DoN. Nichols wrote:
> Various flavors of linux have various out-of-the-box security.
> Some are quite secure, some are rather open.
You're changing the argument, AFAIC. Linux is itself inherently secure
because it *can* be secured quite well. Distributions, OTOH, are a
mechanism by which it can be rendered insecure (or not, depending).
Chosing your distribution of Linux can be just as important as the choice
was to use Linux in the first place.
> My own favorite for security and stability is OpenBSD. Among
> other things, it runs DNS servers, sendmail, and web servers in "chroot
> jails", so if there is another security hole found in these, it severely
> limits the damage which can be done.
>
> Granted, the chroot jail for the web server requires a lot of
> work-arounds for some common CGI programs.
And against some attacks can be utterly useless, which means to me that you
really just have a false sense of security with them combined with the
aggravation of having to make them work in every case, which is quite
annoying.
> And -- unlike Windows, anything which is likely to present even a
> theoretical vulnerability is turned *off* by default, and you have to
> figure out how to turn it on. In the process, you are expected to weigh
> the need for that service against the security implications of turning
> it on.
That is a great feature to have in a *distribution* of which you require
the utmost in security, sure.
> As for the mention elsewhere in this thread about security
> problems with ftp, telnet, and some other services -- those are turned
> off by default (they were not designed for real security, back when the
> net was a much kinder and gentler place), and ssh is the preferred
> alternative.
Those are turned off by default in most every Linux distribution as well.
> I've actually kicked sendmail off of the system, and replaced it
> with qmail, which I trust a lot more than I do sendmail. Qmail was
> *designed* with security in mind.
Argh. Keep in mind that qmail isn't truly open source by most technically
accepted definitions. If you are simply an end user you can certainly use
it freely, so I'm being pedantic. The author and I share the same initials
and have shared several, err, heated debates about his software. The
confusion about our initials has caused me some grief, too, as he can be
much more of a jerk than I am generally known for (I have my moments as
well, but he seems to have many more) and people sometimes confuse me (on
the internet) for him. So I probably have a bias. Note that there is a
reason qmail isn't shipped with most Linux distributions, and it isn't
technical merits.
I used qmail back in the day when there were no other high performance
options to run high volume mailing lists on x86 hardware well and it served
that purpose. It was also terribly difficult to administer if a problem
*did* arise and I was very thankful when other options surfaced. But if it
works for you, great.
--Donnie
--
Donnie Barnes http://www.donniebarnes.com 879. V.
.
- Follow-Ups:
- Re: Linux is Driving me $#@!!!! nutz!!!
- From: DoN. Nichols
- Re: Linux is Driving me $#@!!!! nutz!!!
- References:
- Re: Linux is Driving me $#@!!!! nutz!!!
- From: Donnie Barnes
- Re: Linux is Driving me $#@!!!! nutz!!!
- From: DoN. Nichols
- Re: Linux is Driving me $#@!!!! nutz!!!
- Prev by Date: Making an aluminum box
- Next by Date: Re: Looking for OLD crawler and macine info
- Previous by thread: Re: Linux is Driving me $#@!!!! nutz!!!
- Next by thread: Re: Linux is Driving me $#@!!!! nutz!!!
- Index(es):
Relevant Pages
|
