great post!!
maybe turn one of these 386's sittong around into a firewall router:rolleyes:
better FreeBSD though hehe!
Printable View
great post!!
maybe turn one of these 386's sittong around into a firewall router:rolleyes:
better FreeBSD though hehe!
Is there a reason you are limiting yourself to maintained distributions?
Regardless of the flavor, security is truly dependent upon the configuration of the system. I agree that some distributions have a leg up on others, but I don't think you can have a "one size fits all solution". Some of the best advice ever given about security was the simplest: don't run services you don't need and keep up with patches.
As always there are plenty of sites (some very good ones have been listed in this thread) to help.
Good luck on your search.
instronics: I didn't mean just the Devil Linux, but I fully agree with you that Security updates should generally be done manually or pushed from a trusted interal source (i.e. through group policy in an AD domain). Also, even RHN prompts you to see if you want the available updates. You can always choose to ignore them (a pretty simple task so I've found). One thing I choose to ignore on my RH 8 test box is kernel updates. I would prefer to update the kernel myself (when I get around to it). I totally see your point though. Devil Linux sounds great. I am really going to have to get my hands on a copy of it just to play around with it at the very least.
Cheers
t2k2
Fedora Core 2 offers selinux as an install option. At the install prompt add selinux and you are on your way to a whole new world.
Of course RedHat changed a few of the defaults to selinux just to make life interesting.
Gentoo comes with selinux just as FC does. AFAIK SELinux is just a hacked kernel to provide some additional features. I never saw, really, a need for using it on my mobile machine, but maybe I'll recompile my kernel.
The hardened 2.6.7 kernel I'm using has those options built too although it's not listed as a selinux source.
It's more than a hacked kernel. Its a whole new world. It's not just rwx anymore. Each program is setup to run only the parts of the system that it needs. If you need to change named.conf you need to have rights to named and root does not necessarily get those rights.
I wish I knew more about the system but here is a great link
http://people.redhat.com/kwade/fedor...elinux-faq-en/