On Tue, 2002-12-17 at 14:49, Minh Van Le wrote: > I think any distribution can be ironclad.
I think that any distribution can be equally insecure. If you spend enough time on it you can convince yourself that any box is "secure". Secure systems is one area where debian excels though. Debian packaging policy means that old, reliable software is used in favour of newer, possibly more functional, but possibly also less secure software. If nothing else debian packages are much more a known quantity than other distributions (debian stable, not unstable et al). Debian maintainers also do helpful things like disabling the no-encryption option on ssh. They also had that bug fix for ssh out before anyone else (I don't even know if that made its way into redhat etc - I assume it did but no-one made the same fuss about it that debian did) You theoretically can make redhat as secure as debian, but I would argue that your time would be better spent on more important aspects of system security. I like redhat and its bretheren, but I don't use it on servers. btw - you wanna be careful with tripwire et al. What happens when someone hacks your box and replaces the tripwire executable with one that sends an email at the alotted time intervals reporting that everything is ok? It's better than nothing, but don't rely on it. HTH James. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
