LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-02-2007, 01:37 PM   #1
gubak
Member
 
Registered: Jul 2004
Posts: 332

Rep: Reputation: 30
Which is the most secure linux version?


Hi!

I have RedHat9, own IP, mailserver, webserver, ftp server, proxy. In the last 3 weeks I have had 2 breaking into my server.
I have more questions:
  1. I have heard that RedHat9 is a dead operating system with many bugs. Is it true?
  2. Is it worth using RedHat9 or better to change?
  3. If you think I have to change RedHat9, please write me down which free linux version do you recommend?
  4. Which is the most secure free linux version?
Thank you in advance!
 
Old 03-02-2007, 01:43 PM   #2
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 74
If you are familiar with Redhat Linux, then you can use Redhat Enterprise Linux. If you need something completely free, then try CentOS which is a free RHEL rebuild. Redhat is now old, outdated and unsupported so its not really worth using it.
 
Old 03-02-2007, 06:23 PM   #3
Electro
LQ Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
Sure RHEL and CentOS provides software updates but the kernel is still 2.6.9 which is very old and has security holes. Try using Ubuntu. At least Ubuntu uses a recent kernel version and it is based on Debian.

Red Hat 9 is not an operating system. It is a Linux distribution and it is the 9th Red Hat version. Linux is an operating system. The version of Linux relates to the kernel version.

In order to protect a server for attacks, programs that it uses to provide services needs to be updated. Also these services needs to be planned for the highest security. If the setup is not planned well, anybody can get in. I suggest reading security articles on the internet and reading hacker books to figure out how to protect a server.
 
Old 03-03-2007, 02:55 AM   #4
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,276

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
Quote:
Originally Posted by Electro
Sure RHEL and CentOS provides software updates but the kernel is still 2.6.9 which is very old and has security holes.
Not quite true. Red Hat backports security fixes from later kernel versions to their custom 2.6.9 kernel (it's not a stock kernel.org kernel). Just look at https://rhn.redhat.com/errata and look for all of the kernel patches.

This is good for people who need a stable kernel release and security patches.
 
Old 03-03-2007, 07:43 AM   #5
Junior Hacker
Senior Member
 
Registered: Jan 2005
Location: North America
Distribution: Debian testing Mandriva Ubuntu
Posts: 2,687

Rep: Reputation: 61
I was always under the impression Debian is the most secure and stable, but word is CentOS is the hot ticket in the server world. (Hear say)
 
Old 03-03-2007, 08:18 AM   #6
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 234Reputation: 234Reputation: 234
Quote:
Originally Posted by Junior Hacker
I was always under the impression Debian is the most secure and stable, but word is CentOS is the hot ticket in the server world. (Hear say)
Untrue.. the most secure machine depends on the administrator.. not the distro.. but then again, the only secure machine is the powered off one locked away with no physical access.

And there is not such thing as the more stable Linux distro.. too many factors to consider. Any distro or OS could just be loaded and sit there idle without ever needing to be rebooted and some twits would consider that stable. You have to take into account the applications, the usage, etc.. so theres no such thing as a more stable distro.

Last edited by trickykid; 03-03-2007 at 08:19 AM.
 
Old 03-03-2007, 04:36 PM   #7
Electro
LQ Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
Quote:
Originally Posted by btmiller
Not quite true. Red Hat backports security fixes from later kernel versions to their custom 2.6.9 kernel (it's not a stock kernel.org kernel). Just look at https://rhn.redhat.com/errata and look for all of the kernel patches.

This is good for people who need a stable kernel release and security patches.
I still stand by what I am saying. Kernel version 2.6.9 has issues with security. Patching a kernel version is very messy. Manufactures should follow kernel versions instead sticking with one kernel version that is very, very old.
 
Old 03-03-2007, 04:53 PM   #8
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 74
Quote:
Originally Posted by Electro
I still stand by what I am saying. Kernel version 2.6.9 has issues with security. Patching a kernel version is very messy. Manufactures should follow kernel versions instead sticking with one kernel version that is very, very old.
I don't think I get you arguements here. Redhat takes a long time to patch and stabilise a particular kernel, if it works right on the certified hardware, then why break it by constant upgrades? If they followed kernel.org releases, they would have so many kernels to support which can become a bit of a nightmare in the long run.
 
Old 03-03-2007, 05:14 PM   #9
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
Security is inversely proportional to novelty. A newer kernel will have new features and could contain security flaws which haven't been discovered yet because the kernel is too new. If you let a kernel get too old however, not as many eyeballs are looking at it, so features since dropped in a very old kernel might have a defect that fewer people are looking for. "Given enough eyeballs, even the most difficult problems become shallow." Linus's Law.

Red Hat / Fedora Core use SE Linux which helps improve the security of the system. Even so, security is more a process than a state. A little carelessness can make any system insecure. ( I'm not referring to the original poster ).
 
Old 03-03-2007, 05:18 PM   #10
Electro
LQ Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
Sticking with kernel version 2.6.9 is a nightmare for me. My hardware will not work.

I do not like Redhat or Fedora because they dumb down Linux too much.
 
Old 03-03-2007, 05:32 PM   #11
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,276

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
Quote:
Originally Posted by Electro
Sticking with kernel version 2.6.9 is a nightmare for me. My hardware will not work.

I do not like Redhat or Fedora because they dumb down Linux too much.
On the other hand, at work I run very specialized high performance networking hardware that's only certified to work with specific distributions/kernels. The standardization/stability of RHEL or SLES is a godsend for those with similar needs. I don't consider it "dumbing down", I consider it providing a base platform which can host complex systems doing complex things, therefore letting corporate developers/IT staff worry about the higher level stuff without having to muck with the Linux platform. They can also be administered more easily.

The wonderful thing about Linux is the choice it brings. Heck, at home I run Slackware with a custom-built kernel and have been known to try bleeding edge development patches on occasion. However, some users, particularly in the corporate world, need a stable infrastructure with long-term support. There's no "right" or "wrong" approach -- it depends on the needs of the user in question.
 
Old 03-03-2007, 05:42 PM   #12
Jorophose
Member
 
Registered: Oct 2006
Location: Ontario, Canada
Distribution: Xubuntu 6.06!! =D
Posts: 137

Rep: Reputation: 15
Maybe OpenBSD? You might have a bit of a hard time learning it, but it's centered around security.
 
Old 03-03-2007, 05:57 PM   #13
Jaqui
Member
 
Registered: Jan 2006
Location: Vancouver BC
Distribution: LFS, SLak, Gentoo, Debian
Posts: 291

Rep: Reputation: 36
Debian was one of the first three distros to get a good security rating.
[ Slak and Suse were the other two ]

Any distro can be secure, if it is configured correctly for security.
[ Ubuntu, Kubuntu etc need major configuration changes to make them secure enough for corporate use, their complete disabling of the root account means you have to go to each system and re-enable it to get a corporate level of security back, on top of any other configuration changes needed to meet your security policy. ]

Yes, I would upgrade to a newer version of linux, RHEL4 is roughly equivalent to Red Hat Linux 14.
[ Red Hat's changes to their releases are why some companies are still using the very old RH9 ]

SELinux package is available for all distros, I have yet to see a distro that doesn't offer it for install.

Jorophose, you are right, any of the BSDs would be a very secure and stable os for a server, but they are not actually linux, they are a BSD.
OpenBSD has had ONE security flaw in the default configuration in ten years.
[ flaw caused by cofiguration. ]

The issues with the BSDs are only two:
the installer is not a "pretty gui installer"
[ which is not just the BSDs ]
The hardware support level of them is not quite extensive enough for anything other than server use.

I have seen system Administrators detail using openBSD for the servers, and any linux distro for desktop workstations as the best option. the strongest security on the servers, the stability and security of any unix on the workstations beats the malware enabling of MS Windows for security and stability hands down.

Last edited by Jaqui; 03-03-2007 at 06:01 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: New stable version of EnGarde Secure Linux hits the web LXer Syndicated Linux News 0 02-09-2007 03:21 PM
LXer: Secure Kerberized authentication on Solaris 10 using IBM AIX Version 5.3 LXer Syndicated Linux News 0 11-10-2006 01:54 PM
LXer: Why EnGarde Secure Linux is "Secure By Design" LXer Syndicated Linux News 0 10-10-2006 01:21 AM
how can I secure my nis server ?can I use openSSL to secure it form sniffing ? abhi_raj Linux - Networking 1 07-10-2006 07:19 AM


All times are GMT -5. The time now is 12:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration