> Saying "run a server OS or you will get hacked" seems to be just plain > wrong. The desktop version of any distro can be tightened down to the > same spec as the server version. Also implying that by running a server > version out of the box will make you immune from hackers and other > exploits is misleading at best.
Admitted, my statement was a little dramatic. In no way did I mean to imply the server version of an OS would make you immune to attacks ... I only meant to say you don't have a prayer if you don't at least start with the right starting point. I don't believe you can tighten down the desktop version. Uninstall the GUI. Remove X11 and gnome and anything else that's not necessary. I could be wrong, but I don't think it can be done. I stand by my statement, rephrased to eliminate any implication that the "server" version of an OS would provide any immunity. Run a desktop OS exposed to the Internet, and you're asking for trouble. The first rule of hardening an Internet-facing OS is to remove all unnecessary services and packages (ideally remove them, not just disable them), and configure your firewall to block all unnecessary traffic. Use strong passwords, disallow login as root, and if possible, disallow logins of any kind by any user account. When you install a "server" version of an OS, many of the above are already completed by default. Particularly the minimal selection of packages, and the tight security policies. When you install a "desktop" version of an OS, a few of those things might be default (disallow root login), but you certainly have tons of packages and services enabled that should be disabled and ideally removed. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
