Which is the most secure linux version?
 

Hi!

I have RedHat9, own IP, mailserver, webserver, ftp server, proxy. In the last 3 weeks I have had 2 breaking into my server.
I have more questions:

1. I have heard that RedHat9 is a dead operating system with many bugs. Is it true?
2. Is it worth using RedHat9 or better to change?
3. If you think I have to change RedHat9, please write me down which free linux version do you recommend?
4. Which is the most secure free linux version?

Thank you in advance!

If you are familiar with Redhat Linux, then you can use Redhat Enterprise Linux. If you need something completely free, then try CentOS which is a free RHEL rebuild. Redhat is now old, outdated and unsupported so its not really worth using it.

Sure RHEL and CentOS provides software updates but the kernel is still 2.6.9 which is very old and has security holes. Try using Ubuntu. At least Ubuntu uses a recent kernel version and it is based on Debian.

Red Hat 9 is not an operating system. It is a Linux distribution and it is the 9th Red Hat version. Linux is an operating system. The version of Linux relates to the kernel version.

In order to protect a server for attacks, programs that it uses to provide services needs to be updated. Also these services needs to be planned for the highest security. If the setup is not planned well, anybody can get in. I suggest reading security articles on the internet and reading hacker books to figure out how to protect a server.

Not quite true. Red Hat backports security fixes from later kernel versions to their custom 2.6.9 kernel (it's not a stock kernel.org kernel). Just look at https://rhn.redhat.com/errata and look for all of the kernel patches.

This is good for people who need a stable kernel release and security patches.

I was always under the impression Debian is the most secure and stable, but word is CentOS is the hot ticket in the server world. (Hear say)

Untrue.. the most secure machine depends on the administrator.. not the distro.. but then again, the only secure machine is the powered off one locked away with no physical access. ;)

And there is not such thing as the more stable Linux distro.. too many factors to consider. Any distro or OS could just be loaded and sit there idle without ever needing to be rebooted and some twits would consider that stable. You have to take into account the applications, the usage, etc.. so theres no such thing as a more stable distro.

I still stand by what I am saying. Kernel version 2.6.9 has issues with security. Patching a kernel version is very messy. Manufactures should follow kernel versions instead sticking with one kernel version that is very, very old.

I don't think I get you arguements here. Redhat takes a long time to patch and stabilise a particular kernel, if it works right on the certified hardware, then why break it by constant upgrades? If they followed kernel.org releases, they would have so many kernels to support which can become a bit of a nightmare in the long run.

Security is inversely proportional to novelty. A newer kernel will have new features and could contain security flaws which haven't been discovered yet because the kernel is too new. If you let a kernel get too old however, not as many eyeballs are looking at it, so features since dropped in a very old kernel might have a defect that fewer people are looking for. "Given enough eyeballs, even the most difficult problems become shallow." Linus's Law.

Red Hat / Fedora Core use SE Linux which helps improve the security of the system. Even so, security is more a process than a state. A little carelessness can make any system insecure. ( I'm not referring to the original poster ).

Sticking with kernel version 2.6.9 is a nightmare for me. My hardware will not work.

I do not like Redhat or Fedora because they dumb down Linux too much.

On the other hand, at work I run very specialized high performance networking hardware that's only certified to work with specific distributions/kernels. The standardization/stability of RHEL or SLES is a godsend for those with similar needs. I don't consider it "dumbing down", I consider it providing a base platform which can host complex systems doing complex things, therefore letting corporate developers/IT staff worry about the higher level stuff without having to muck with the Linux platform. They can also be administered more easily.

The wonderful thing about Linux is the choice it brings. Heck, at home I run Slackware with a custom-built kernel and have been known to try bleeding edge development patches on occasion. However, some users, particularly in the corporate world, need a stable infrastructure with long-term support. There's no "right" or "wrong" approach -- it depends on the needs of the user in question.

Maybe OpenBSD? You might have a bit of a hard time learning it, but it's centered around security.

Debian was one of the first three distros to get a good security rating.
[ Slak and Suse were the other two ]

Any distro can be secure, if it is configured correctly for security.
[ Ubuntu, Kubuntu etc need major configuration changes to make them secure enough for corporate use, their complete disabling of the root account means you have to go to each system and re-enable it to get a corporate level of security back, on top of any other configuration changes needed to meet your security policy. ]

Yes, I would upgrade to a newer version of linux, RHEL4 is roughly equivalent to Red Hat Linux 14.
[ Red Hat's changes to their releases are why some companies are still using the very old RH9 ]

SELinux package is available for all distros, I have yet to see a distro that doesn't offer it for install.

Jorophose, you are right, any of the BSDs would be a very secure and stable os for a server, but they are not actually linux, they are a BSD.
OpenBSD has had ONE security flaw in the default configuration in ten years.
[ flaw caused by cofiguration. ]

The issues with the BSDs are only two:
the installer is not a "pretty gui installer"
[ which is not just the BSDs ]
The hardware support level of them is not quite extensive enough for anything other than server use.

I have seen system Administrators detail using openBSD for the servers, and any linux distro for desktop workstations as the best option. the strongest security on the servers, the stability and security of any unix on the workstations beats the malware enabling of MS Windows for security and stability hands down.