LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-10-2006, 06:31 PM   #1
profoX
Member
 
Registered: Apr 2006
Location: Belgium
Distribution: Archlinux / Debian / Ubuntu
Posts: 37

Rep: Reputation: 15
Questions regarding security/stability on a server in a datacentre


Hello everyone.

I use Linux mainly on my desktop computers and as a local server.

But now I am planning to set up a server in a datacentre.
Which distribution aims at good stability and security ?
Would Debian 3.1 Sarge be a good idea ?

And what about security ?
What should I do / keep an eye on ?

Should I search for (or compile my own) kernel with PaX or GRsecurity patches ?

How about updating when there are security issues ?
When there is a new version of Apache (or Lighttpd) for example, I have to upgrade and restart the httpd service ?
And how about kernel security updates ?
I would have to reboot, right ?
But that won't be good for the uptime

I guess big webhosts do it by clustering, but I only have $ to put 1 server in a datacentre.

Thanks in advance!
 
Old 06-10-2006, 08:03 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
I believe that some of the municipalities that have converted to linux have opted to roll their own debian based distro for the city rather than Licensing Red Hat or SuSE. However, they may have more people who can keep track of security upgrades and manually apply the patches that they need.

You will probably want to read a book on Linux Servers and hardening Linux before you even think of installing a server. For servers, less is better. They have much less installed on them then a desktop would. It is easier securing and maintaining a server that only offers one service. Most security updates won't even apply because you don't have that software installed, for one example. There will be less to keep track of in the logs, and you are able to do things like calculating the md5 sums of all of the programs and libraries before the server goes on line, and storing them on a CD if needed for reference later. This would be more difficult to track if you had a lot of software or services installed.

Red Hat servers use SELinux for security. SuSE supports it, but they offer App Armor as a easier to maintain alternative. This may be more of an issue if you have a large number of desktops running linux.

Yes, you would need to reboot after a kernel upgrade. You may also need to rebuild some kernel modules as well. Often, a server will have a custom built kernel. Such a kernel would be pruned of many of the modules that are in a stock kernel. But this could entail patching the source, and building the kernel on another machine. A secure server won't even have gcc installed, or it will be uninstalled after the server is built.

If you are responsible for this server, and you are the most familiar with Debian, I think it would be best to stick with what you know. You will have enough work to do planning exactly what packages are needed, how to keep up with patches, a backup/restore plan, and recovering from any failures.

I'm sure others on this site can provide you with better first hand advice. I would recommend drawing up a checklist of everything that you need to do before starting, and then keep a notebook recording everything that you do as you install the system.
 
Old 06-10-2006, 08:32 PM   #3
profoX
Member
 
Registered: Apr 2006
Location: Belgium
Distribution: Archlinux / Debian / Ubuntu
Posts: 37

Original Poster
Rep: Reputation: 15
Okay, thanks for the information!
More advice is always welcome, of course.
 
  


Reply

Tags
grsecurity, security, server, stability


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Security and Stability Updates for Firefox Released LXer Syndicated Linux News 0 04-14-2006 05:03 PM
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 01:02 AM
probably one of the most basic security questions... breezewax Linux - Security 11 10-10-2004 12:30 PM
several security questions Levitate Linux - Security 11 08-19-2004 12:02 PM
System stability/performance, Linux vs WinXP questions... hollywoodb Linux - General 1 11-15-2003 04:41 PM


All times are GMT -5. The time now is 09:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration