On 28 Oct 2002 at 9:46, Vipul Bhadra wrote: > Hi Raju, > > No Raju ... i never said cost=security .... i specifically said "cheap" > distros .. like one of those lin on win type of distros. > > Why talk about debian ( i guess ur kiddin when u say its secure .. right ?) > .. even Slackware is good and secure....but thats not the point here. Even i > can counter argue that do u mean to say that free+regular=secure ? I dont > think so! > > When you talk about security many people have differant levels and > expectations .... if you consider pure security, let me assure you that the > free SME Server Linux ( from E-Smith ) is far far better than Debian or > SlackWare is ..... but for people who are PARANOID .. i mean really PARANOID > ... its for those people that i recommended EnGarde ...ofcourse i cant say > EnGarde is better than Tristix or SME or > some other distro ... but yes they are DEFINATELY better than debian or > slackware because of the way they take care of various things. You would not > need OS like EnGarde if Admins take care and efforts to secure their > distros!
Let's start.. This is going to be a long thread.. but let me chip in.. My idea of server security is.. 1) Physical access to server is restricted and audited 2) Server has only kernel and shell installed to start with. Then admin adds only those packages that are required. No devel/doc/compiler packages. All unnecessary perl modules thrown out etc. 3) Only known and required services run. 4) Before a service is run, admin goes thr. config files and check only required things are turned on. 5) Firewalls in place with proper and tested eaccess controls. 6) Admin goes thr. logs every night at least. And intrusion alert systems are installed along with other utilities like snort or whatever additional you have thought of. Tripwire is a must. 7)Admin keeps his system patched. IMO it's the last step that can vary across distros. I understand immunix etc. have special patches compiled in like gcc stack smashing patch etc. but from what I have heard, debian/slackware do not fall in insecure/unusable category. IMO you need immunix style distros. if you don't have physicall access to the server audited, which is not the case 90% of the time.. OK.. let the drum beat and rock-n-roll..:-) Regards, Shridhar ----------------------------------------------------------- Shridhar Daithankar LIMS CPE Team Member, PSPL. mailto:shridhar_daithankar@;persistent.co.in Phone:- +91-20-5678900 Extn.270 Fax :- +91-20-5678901 ----------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
