Which is the most secure linux version?
Hi!
I have RedHat9, own IP, mailserver, webserver, ftp server, proxy. In the last 3 weeks I have had 2 breaking into my server. I have more questions:
|
If you are familiar with Redhat Linux, then you can use Redhat Enterprise Linux. If you need something completely free, then try CentOS which is a free RHEL rebuild. Redhat is now old, outdated and unsupported so its not really worth using it.
|
Sure RHEL and CentOS provides software updates but the kernel is still 2.6.9 which is very old and has security holes. Try using Ubuntu. At least Ubuntu uses a recent kernel version and it is based on Debian.
Red Hat 9 is not an operating system. It is a Linux distribution and it is the 9th Red Hat version. Linux is an operating system. The version of Linux relates to the kernel version. In order to protect a server for attacks, programs that it uses to provide services needs to be updated. Also these services needs to be planned for the highest security. If the setup is not planned well, anybody can get in. I suggest reading security articles on the internet and reading hacker books to figure out how to protect a server. |
Quote:
This is good for people who need a stable kernel release and security patches. |
I was always under the impression Debian is the most secure and stable, but word is CentOS is the hot ticket in the server world. (Hear say)
|
Quote:
And there is not such thing as the more stable Linux distro.. too many factors to consider. Any distro or OS could just be loaded and sit there idle without ever needing to be rebooted and some twits would consider that stable. You have to take into account the applications, the usage, etc.. so theres no such thing as a more stable distro. |
Quote:
|
Quote:
|
Security is inversely proportional to novelty. A newer kernel will have new features and could contain security flaws which haven't been discovered yet because the kernel is too new. If you let a kernel get too old however, not as many eyeballs are looking at it, so features since dropped in a very old kernel might have a defect that fewer people are looking for. "Given enough eyeballs, even the most difficult problems become shallow." Linus's Law.
Red Hat / Fedora Core use SE Linux which helps improve the security of the system. Even so, security is more a process than a state. A little carelessness can make any system insecure. ( I'm not referring to the original poster ). |
Sticking with kernel version 2.6.9 is a nightmare for me. My hardware will not work.
I do not like Redhat or Fedora because they dumb down Linux too much. |
Quote:
The wonderful thing about Linux is the choice it brings. Heck, at home I run Slackware with a custom-built kernel and have been known to try bleeding edge development patches on occasion. However, some users, particularly in the corporate world, need a stable infrastructure with long-term support. There's no "right" or "wrong" approach -- it depends on the needs of the user in question. |
Maybe OpenBSD? You might have a bit of a hard time learning it, but it's centered around security.
|
Debian was one of the first three distros to get a good security rating.
[ Slak and Suse were the other two ] Any distro can be secure, if it is configured correctly for security. [ Ubuntu, Kubuntu etc need major configuration changes to make them secure enough for corporate use, their complete disabling of the root account means you have to go to each system and re-enable it to get a corporate level of security back, on top of any other configuration changes needed to meet your security policy. ] Yes, I would upgrade to a newer version of linux, RHEL4 is roughly equivalent to Red Hat Linux 14. [ Red Hat's changes to their releases are why some companies are still using the very old RH9 ] SELinux package is available for all distros, I have yet to see a distro that doesn't offer it for install. Jorophose, you are right, any of the BSDs would be a very secure and stable os for a server, but they are not actually linux, they are a BSD. OpenBSD has had ONE security flaw in the default configuration in ten years. [ flaw caused by cofiguration. ] The issues with the BSDs are only two: the installer is not a "pretty gui installer" [ which is not just the BSDs ] The hardware support level of them is not quite extensive enough for anything other than server use. I have seen system Administrators detail using openBSD for the servers, and any linux distro for desktop workstations as the best option. the strongest security on the servers, the stability and security of any unix on the workstations beats the malware enabling of MS Windows for security and stability hands down. |
All times are GMT -5. The time now is 06:25 PM. |