Hi, just curious as to how secure a Redhat machine is? I have a remote Redhat server and was wondering how hard it would be for someone to actually break in to the system? Is there a way around passwords? And what about getting in through ports such as port 80?

TIA

i don't think it's secure at all considering red hat doesn't support that OS anymore...

Yes I know it is Fedora now but how hard is it for someone to actually hack into? What things would I have to look out for? What should my tables look like for optimum security?

red hat 9 is not fedora... it's not the same thing... it would be ridiculous for someone concerned about security to install an unsupported OS such as RH9... having said that, the security guidelines you should follow while using fedora are pretty much the same guidelines you should follow on any distro... have yourself a look at the security forum, specially some of the stickies at the top... keep in mind that AFAIK fedora comes with built-in support for SELinux, which is something you might wanna look into if you are looking to "harden" your fedora box...

your iptables?? it depends on what you are doing on the box... the basic packet-filtering firewall concept is: block all packets, then add rules allowing only the packets which you need...

I was under the impression that Fedora replaced the Redhat project? What I am mainly concerned about is could someone easily gain access to files on the server? Is the basic server install secure enough? If not what distro should I go with instead?

I appreciate your input.

If you are allowing some sort of traffic to come through to your server, then your system can be compromised through security holes in applications such as mysql, apache etc. Having a distribution that provides security updates is better than sticking with an outdated distro without security updates regardless of how good you have configured your firewall.

the thing is that RH9 wasn't a project, it wasn't even community-driven... it had official support from red hat... fedora, on the other hand, is a community-driven project with no support from red hat...

Quote:

What I am mainly concerned about is could someone easily gain access to files on the server?

this is a very weird question... think about it... i mean, you could install an OpenBSD UNIX server and still get owned in a few minutes... my point is that the possibilities of getting owned depend much more on factors such as the competence of the system administrator and the availablility of timely patches than they do on the distro you choose... it's impossible to say if there are more possibilities of getting owned by installing a server running fedora than one running, say, slackware... it all boils down to how the sysadmin does his job and how well the distributor supports him (with patches, etc.)...

Quote:

Is the basic server install secure enough?

it's as good as any other bleeding-edge distro i guess... it does come with a big selling point, though: the SELinux thing, which is something that on most other distros has to be added afterwards - on fedora AFAIK it's included and you are given the choice to use it during the install...

http://selinux.sourceforge.net/

http://www.nsa.gov/selinux/

Quote:

If not what distro should I go with instead?

it's mostly a matter of personal taste, really... there's no reason why you wouldn't be able to do what you want with fedora...

keep in mind that there are distros designed with security as the primary goal... for example:

http://www.trustix.net/


also consider debian, which goes the opposite way of bleeding-edge design by prioritizing stability instead - something which is very much appreciated by most mission-critical server admins:

http://www.debian.org/

Try CentOS 4.0 . Fedora is a community driven OS who's primary developer is Red Hat. It is, however, NOT supported by Red Hat. It also changes very quickly and does feature upgrades, instead of just Bug Fixes and Security Updates. When Red Hat discontinued Red Hat Linux, it branched two ways. Fedora and Red Hat Enterprise Linux. RHEL is, however, geared for high end systems and expensive.

CentOS has taken all of the Source RPMs provided by Red Hat for RHEL, removed Red Hat's trademarks, recompiled them, and then distribute the result for free. So you get a free OS that is going to be supported for as long as Red Hat supports RHEL 4. The only thing you lose out on is Red Hat Network, which won't matter for a single server. It supports SELinux. You should definately take a look. Also, if there is an RPM built for RHEL 4 (or even 3 or 2.1 most of the time) it will install flawlessly on CentOS 4.

Thanks I'll look into this.... it's imperative that my server is VERY SECURE and VERY STABLE!

Sounds like debian is maybe what i am looking for.... stable and secure (well as secure as I can make it as the administrator).

Now that Red Hat doesn't support RHL 9 anymore, and Fedora is a community driven version; would Fedora become less reliable than RHL 9? RHL 9 is quite stable.

ummm, it's more than stable - IT'S STATIC (R.I.P.)...

it would be ridiculous to use an unmaintained OS (like RH9) if you are concerned about security...

fedora isn't stable (and it's not supposed to be) - it will never be stable cuz you can't be bleeding-edge and stable at the same time - but at least it's actively maintained...

If you dont want to run Fedora, you can always run the many RHEL clones out there. Yeah RH9 was a good distro but it is dead, its time for people to move on.

How about Centos 4... I guess that's a clone for RHEL 4 rite?

Read the 9th post in this thread (which I posted). It is practically identical to RHEL4, except it is missing a few commercial packages like RealPlayer, Flash and Adobe (which can be downloaded from the respective companies' websites). There is also CentOS 3 and 2.1, which are rebuilds of RHEL 3 and 2.1 respectively.