Security update and hardware: To Slackware or not to Slackware...
I'm strongly considering switching my home desktop PC over to Slackware and could do with some advice to make sure that I know what I'm getting in to.
Background My first experiments with linux some years ago were with "Vector Linux" (a Slackware derivative) which I chose at the time because it is aimed at older hardware and came on a single CD (I was on dial-up at the time.) Vector served me very well for the educational experience until I trashed my system (a nasty accident with a shell script run as root, containing something a bit like "rm -Rf /", you don't want to know... although perhaps that was the most important lesson!) After that I went through the "Linux from Scratch" book and learned a great deal more. I ran the resulting BLFS system for a couple of years without any problems and really got to know what was going on. I then came to upgrade my PC and no longer had the time or the inclination to go through the "from scratch" process all over again. I installed a flavour of ubuntu about a year ago and enjoyed it for a while. It certainly did what I needed; it gave me a working system without installing every linux program under the sun but also allowed me to install a wide range of extra packages so that I could get on with work that I needed my PC for. Over time, however, I've fallen a little out of love with ubuntu. My general approach to running my system is "if it ain't broke don't fix it." I spend the time tweaking ubuntu to make the system more like I want it and then an upgrade comes out and I have to start again. The first upgrade I did was remarkably easy but since then they have appeared less and less robust, suffering from glitches preventing various things from working properly without intervention. I've started to feel that lack of control inherent in using such a distribution. I haven't even upgraded to the 7.10 version because ubuntu appears to be going in a direction that isn't compatible with what I want out of *my* desktop. So, to slackware. Every time I have distribution woes, slackware seems to catch my eye. Simple things like the BSD style init scripts appeal, the reputation for stability and control too. All this sounds like sound reasoning for experimenting with slackware in the near future. Questions start here... After this long background essay, the questions I have are actually relatively simple: 1) Once the system is installed from whatever CD/DVD method I choose, do I then need to install the packages from the "patches" section of the ftp site in order to get up to date with security issues? If I choose not to install one of the extra package managers will subscribing myself to the security mailing list (and acting on the advice) be sufficient to keep me out of trouble? 2) I'm likely to compile my own kernel in order to get the rt2500 wifi module to work. To get the nvidia driver to work, do I just follow the steps on nvidia's website or is there are more slackware oriented way to do it? |
My personal choice for keeping my Slackware systems patched is slackpkg, which is in the extras directory of Slackware. If you point it at the stable branch (NOT current), and run it when needed, it works well.
|
I highly recommend Slackware. Like you I've run a number of distros over the years, but, I always come home to my favourite.
I've just finished a week long experiment running Debian Lenny on my main work station. There's nothing wrong with Debian, I do have one Debian 4.0r1 box at home. But, it isn't Slackware. I'm currently re-installing Slack 12 on my main work station. It is good to be home:-) |
While updating packages with security fixes is good practice in general, I really find it to be unecessary actually.. Usually hiding behind a router is sufficient enough to keep you out of trouble security wise. That and keeping as many services off as possible. I haven't installed a firewall or ran updates on windows for 3 years or more without incident. On linux, your 100 times less likely for anything to happen than you are on Windows. Not interested a debate about my above statements just incase anyone is thinking about it... ;) That's just my preference.
I typically just do a fresh install of a newly released Slackware when it comes out and that's it. I don't even upgrade the stock kernel anymore unless I need some extra support that the stock one doesn't have. Up to you. But yea. Keep an eye on the Security Updates yourself and 'upgradepkg' when necessary. And their are automated proceedures as mentioned above but I've seen those cause a world of trouble in the past. I'd prefer a hand-on approach personally. I think most people arrive at a crossroads where you are now and Slackware or one of the 3 major BSD's is where you'll end up for good. Nvidia driver should install without incident. Just download the .run file from their web site and run it at the init3 command prompt before you 'startx'. Change your driver line in xorg.conf and that's that. I think the nvidia install process will even do it for you if you want. |
I'm just finishing up patching my shiny new install of Slackware 12.0; I just finished downloading all of the security patches that are available that I want from the friendly Utah Slackware mirror ( they have kicking download speeds).
Then all you need to do to install all of them at once is issue one command at a root shell prompt: #upgradepkg *.tgz And that is it:-) My Slack box is happily chugging away now upgrading all security patches:-) |
I had a strange dream last night and through it I came to the realization that if you want a stable system you must NOT upgrade everything, only in the case of security issues and never something major. It makes sense. Now I understand why Slackware is so stable and secure. This I think is a major thing that separates Slackware from other distros. For example, Ubuntu, Gentoo, FC, and many other mainstream distros upgrade things as soon as they come out, and later they realize that one thing breaks another and yet another breaks another, and then the system goes down. Debian is an exception, along with a few others in that they don't quite rush to be at the bleeding edge. So, that's also a reasonable choice. But, Slackware helps you learn Linux a lot better than other distros, and the BSD-style init scripts make it very easy to understand what happens in part of the boot-up process and to customize it. I personally don't like package managers with dependency management, because they cause more problems than they solve (at least from my experience). However, you could use slapt-get if you want a better package manager.
Security-wise, remember to install updates when they come out, get an 'rc.firewall' script up and running, add a user other than root and don't run dangerous things as root, and disable processes that don't need to be up and are using or listening on external ports. That's pretty much what I do, and I haven't been haxxored yet. There's also rkhunter to check for rootkits. |
Quote:
|
Quote:
Just finished setting up my new Slackware system. I also downloaded rkhunter 1.3.0 from Sourceforge.net. Scanned my system, all clean. |
Quote:
more sane than those of any of the "friendly" distros. Quote:
generic kernel as the base, and then happily chip away on it 'til you have what suits you best :} Cheers, Tink |
Quote:
rooted... How is your router/firewall going to stop an exploit in firefox? Or if you happen to run any service like smtp or http open to the great unwashed, will your router do deep packet inspection, and protect you from Layer-7 attacks? And feel free not to discuss this, but I think that readers need to be warned, and am most happy to ignore your lack of interest in a discussion, and post my view on the matter anyway. Cheers, Tink |
Yes, security should always be a multi-layered approach from networks, applications, system, and most importantly the user.
Sure Slackware is definitely more stable and secure than most other distros by default, "but you are only as strong your weakest link" (usually that seems to be the user). I think joining the security mailing list is a good idea. Even if you don't use (or have installed) the software that is patched you at least have an idea of what's going on. Bookmark the server of your choice because ftp.slackware is usually slow. I keep all my packages separated by Slackbuilds, OfficialSlackPackages, etc. When I need to install or upgrade a system I can just use them straight up. |
Quote:
Quote:
Quote:
Quote:
Quote:
Code:
Starting Nmap 4.20 ( http://insecure.org ) at 2007-12-03 00:32 EST Yes, I agree. Users should be warned. Yes, I'm being stupid by running as root. Yes, I'm complacent with security updates. But If someone finds a way to exploit me because of an old png version then so be it. Chances of that happening are slim indeed. In 6 to 8 months I'll be caught up because of the new Slackware version that I install. |
Quote:
Quote:
|
Quote:
There's alot more detail in my DRI link in my sig. |
Quote:
Well, my box is as secure as I can make it with all of the latest security patches. I run my unit as a regular user. I try to practice safe surfing:-) I love Slackware.:cool: |
Quote:
Due to personal constraints, I don't think I have the time to go back to recompiling the world so I will probably not go back to Slackware but I'm just curious. I guess this is the best sub-forum to ask, in Debian I already know the answers I would get. |
Quote:
Technically there is nothing that I dislike about Debian, it has a robust package-management system and is secure by default. This suits me very well as I am a security/stability junky and love Slack, Debian, and FreeBSD. I guess the one draw back for me about Debian is that the distro is very slow to adopt newer software(a philosophical choice). I do realize that I can get a lot of the newer stuff in Sid, but I'm not willing to give up stability to get newer, secure software. For example, on my old Lenny box (that I formatted yesterday) Fire Fox was at version 2.0.0.8 and Thunderbird was at 1.5x. I prefer to run a newer, more secure browser and e-mail client; Slackware recently released FF 2.0.0.11 and offers Thunderbird 2.0.0.9(in security updates). My intention is not to offend my friends in the Debian forum as Debian is a first rate distro and I continue to avidly use it. I always come home though to Slackware as my first choice for my favourite *nix. I'm running two fully-patched Slackware 12.0 boxes at home:-) |
Quote:
I do use stop gap measures to counter my not updating anything. It's not like I'm completely oblivious to sane security practices. Believe it or not, I along with 3 others, manage over 300 computers at the Human Ecology Dept of OSU. Mixed Win/Mac environment. That probably has a bearing on why I choose not to do it at home. I have too many things to do when I get home besides continuing to work. Quote:
I'm certainly not suggesting anyone run as root all the time or even implying that it would probably be ok just because of my expierence with doing it. This computer is nothing but a development box and it doesn't make alot of sense for me to be constantly using sudo/su all the time. I am a bigger threat to my system than anyone else is by running as root. Statistically speaking, that's fact. |
Quote:
Only stupid people never change their mind. It's been since several days I wanted to posted this question, too bad I choose you ;) Quote:
Quote:
A package can not enter directly in testing. It needs at least 10 days (unless it's priority high==security).. Because newer things are considered untested (from a debian point of view) and then unstable by default. Debian state does not rely on the upstream state: a stable upstream will start unstable in debian. Also packages which do not work on 11 architectures will not go to testing. Annoying for me (in this only case, I grab it from Unstable), good for people running Dinosaurs.. FF 2.0.0.11 entered mmmhh yesterday :) Quote:
I don't want to hijack the thread and get stabbed by slackers, I go back to my cave :D ++ |
Quote:
|
Quote:
Like these crazy gentooists :) |
Quote:
Cheers, Tink |
Quote:
At least I'm using a free software ;) :D :D Actually it was accepted in unstable on the 2nd but it was packaged on the 1st :) |
Quote:
Good talking to you, man:-) |
Quote:
later, hitest:) |
Quote:
As many Slackers do, I do compile quite a lot of my own software, but I almost never compile anything that is available as an official package. Plus, if I need to setup another machine I just use the packages I have already made; I don't recompile (the world) them again. This is definitely more selective and intelligent than recompiling half (or even a whole) system just for a few new packages (and their supposed missing/outdated/"too new" dependencies). |
Quote:
10.2 was released in 2005. Cheers, Tink |
Quote:
@ nx5000 I think you're incorrectly grouping Slackware with Gentoo ... no, no, they are very different, and I can see that you have never tried either one (or maybe only Gentoo, but I doubt it). Besides, how can you learn without doing ? If all you know is apt-get, what do you do when a package isn't in the repo ? You don't use it ? What about when there's something wrong with the kernel on a particular machine, what do you do ? Do you try to compile your own ? Can you ? Would you ? * readies machete 1d12 * |
Wow so many replies! Were you bored among slackers or what? :)
Sorry Vrajgh.. I won't surrender. On the 1st of december debian packaged iceweasel for sparc powerpc mipsel ia64 hppa i386 amd64 alpha 8 points :) Quote:
Quote:
And no, as I said, the first linux distribution that crossed my PC was the first one I got as a CD, ~10 years ago. It was the jungle on my PC :) At the time I was using rpms and sometimes recompiling. Quote:
We've got the biggest.. ...repository :) Quote:
My video driver lacks one byte of c code that is not integrated in testing and without this byte, kernel lockup sometimes. So this is currently my only recompiled stuff that I use everyday. Quote:
Yes I can but I compile it the debian way :) I'm not really in IT so I don't have much experience with a lot of hardware. But I do have my own kernel, which is at the minimum 0.001% faster than the default one. At least, it's smaller. At least I can say that the welcome is good in slackware forum. Thanks for the replies! |
Well, as the OP I ought to jump into the discussion and thank everyone for the replies that were directly relevant to me and for everyone else on their asides. It's always interesting to see where discussions lead and what different people think! :) I
As for me, when I get around to it I'll have a play with Slackware. My system isn't actually broken at the moment so it might take me a while to build up the motivation! The posts on this thread have given me some idea of what I'll need to do post install and I'm in the process of looking through my configs to find any obscure tweaks in my current config that I might have to copy in the next install. I'll probably continue the wanderings from distro to distro that everyone does. Oddly though, I tend to stick with the same distro for at least a year before moving on. I read a lot of newbie threads about people who've tried out half a dozen within the first month or two. That sounds too much like hard work for me! |
All times are GMT -5. The time now is 11:00 PM. |