Linux and BSD security

View Poll Results: Would you use AO's rss feed (if made available)

Voters
9. You may not vote on this poll
  • Sure thing, I'm using your crappy version atm..

    7 77.78%
  • No.. I don't like/know/do rss !

    0 0%
  • I don't care . .

    2 22.22%
Results 1 to 10 of 10

Thread: Linux and BSD security

  1. #1
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177

    Linux and BSD security

    I'm starting this thread for two reasons:

    1. I'm bored.

    2. Front page hasn't had a good discussion in a while.

    So, the point of this thread, is, for example, Slackware, more secure than redhat? I was reading the other day on either the links at gnu.org or fsf.org that showed red hat Linux having more security holes than Debian.

    I understand the kernel is the same for these, but the packages are different. So I want to start a discussion. Are certain distros more secure than others? Is Slackware really a more secure distro of Linux?

    Now I know there are a few things you can do to secure each and every distro, but by default is Slack more secured than Redhat? Is debian more secure than Slack?

    What are your opinions on all of this?

    I think SuSE is very secure. It comes with a firewall that is set, and everything updated before it even boots for the first time. Slackware doesn't seem to have very many holes either.

    Now just speaking about the kernel, is the Linux kernel more secure than the Free BSD kernel? A look at http://www.freebsd.org seems to show that Free BSD has had more updates than Slackware. The installs for these two OSs are nearly the same. But is Slack actually more secure than Free BSD?

    Open BSD claims alot of security by default, but is it really? They to have to update. I think Open BSD is very secured, and the team for Open BSD should be applauded for the code auditing idea. But is Open BSD really as secure as it claims? Anyone who has real experiance, I invite you to discuss this.

    Net BSD seems to never be talked about here. I'v used it very briefly and had no real problems, but what about the security aspect? Is it better than that of Linux? This is not a flame bait thread, but is one actually more secure than the other?

    Can Linux or BSD actually BE more secure than one or another? SuSE Linux comes with nearly 5,000 packages....That is A LOT! So saying it has had more updates than one or another, you should first think about that. It comes with more software than any other OS I have ever seen. I mean really now, what other OS have YOU used that needs two DVDs?

    Remember that more applications and mroe code, means more chance for a hole to be found. Windows comes with damn near nothing for software and it STILL has all of these horrible security patches. And all of them require a damned reboot.

    I'd like to keep the Linux distrobutions separated in terms of packages for a part of this. Also, I would like to bring up the trusted Linux distros. The ones with modified kernels. They obviously have been tweaked for security, so I'd like to separate them from the others like Slack, Debian, and SuSe.

    If you can, please quite any sources with links when you bring something up. Real world experiance is also a plus if anyone can tell about times when they tested security for an OS and found it to be better.

    Also, stability/Reliability:

    I have yet to see Linux crash and need a reboot from it. But the same is with Free BSD. Free BSD has obviouse strength in reliability, but is it more reliable than Linux?

    Reply, keep this thread going, help to keep the front page more than tech support questions.

    If you want to bring Windows or DOS or any other OS into this discussion, than go ahead.

    But When talkign about Windows security, try to keep it down. I want people to laugh because I'v said something funny, not because someone brings up Windows ME into the reliability categorey

    Links to other sites on the net are more than welcome.

    As for flaming....I have absolutly no right to tell you not too. I do it more than alot of other people.

  2. #2
    What about mandrake 9.2 for shear cutting edge it SH*** on everything up there evan windows Xwhatever would be hard to keep up!!

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Posts
    121
    Suse is very good... still a newbie but very pleased...and it can help you when migrating from windows..but final option maybe should be debian ithink it is more secure...and it does not belong to a f**king company...
    Is that the place where I am supposed to say sth clever and brilliant so that everybody understands how clever nice guy I am????
    Screw you guys I am going home!-Kartman

  4. #4
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    553
    <offtopic>
    What happened to the polls? Im browsing this in Mozilla and instead of radio buttons they are check boxes. Is something b0rked, or is that how the polls are now setup here?
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    I like Libranet (debian), but for security OpenBSD (www.openbsd.org) is the way to go ,the OS is designed with security in mind, true its not as user friendly as Redhat etc... but if you need a server or even a firewall its a very good choice (its used as a firewall in a few places I know - done a couple of pen tests against them and they perform well)

    As for Windows, if you lock it down (really lock it down doing all the things you should) then it isn`t too bad on the security fornt (setting myself up for a bashing here I fear..) Win 2k, and 2003 can be locked down. However reliability is still an issue, and they too tend to slowly deteriorate over time.

    I think Redhat is suffering due to the effort to make it appeal to all the Windows users of the world, so more and more is being jammed into it which is resulting in holes appearing. I wonder what will happen now though with the move to fedora?

    Nokia use a BSD derived OS on their firewalls which is good for a firewall but a pain in the ass to use (no functionality whatsoever) but it does the job its designed to do, tests on checkpoint usually don`t show up much if the admin has done their job (which is afterall going to be a determining factor in the security of whatever OS you want to use).

    Thats a start, could talk all night, but need sleep....
    Quis custodiet ipsos custodes

  6. #6
    Senior Member
    Join Date
    Feb 2003
    Posts
    109
    Panther. 'nuf said.
    $person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
    SecureVision

  7. #7
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by Syini666
    <offtopic>
    What happened to the polls? Im browsing this in Mozilla and instead of radio buttons they are check boxes. Is something b0rked, or is that how the polls are now setup here?
    I did that. I set it up so you can vote more than one thing because hardly anyone here uses only one OS. So basically you can select multiple things.

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    I'm going to go with it depends on the services you decide to run. I'd like to say a lot, but i'll go with a few people have read the article I did for one of the newsletters and my post in Addicts. I had a mandrake 9.1 server rooted in less than 48 hours. However I put it up live on the default install with no patches.. no upgrades.. just straight from the CD. I had samba running and ssh.. both servers were vulnerable to a few exploits. This right here shows you that you can't judge out of the box software. If gore releases a distro, a new root exploit comes out for ssh and then I release a distro. Mine may SEEM more secure because I'll have more than likely included the patched/updated version of ssh. However if you install gores and update and patch everything and open minimal ports and use the firewall that's set-up during install and you install mine with every service running and no firewall or protection.. his will seem more secure. I think that plain and simple it comes down to the experience and knowledge level's of the operator/administrator... Even then people with experience still make mistakes and miss things. Hell if you want to start comparing default installs, run the install for Win 2k3 and then take like MDK 9.2... or Slack 9.. or hell even RH 7.3... and put them live on the net, the odds are the linux box will be successfully hit first. Sure you may get virus/worm infections in Win... but the possibility for attacking vulnerable services on the nix machine will be endless. There's no such thing as a secure install out of the box... only the illusion of security.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  9. #9
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Kind of pissing me off that no one has really tried to start a discussion here, or talked much about the subject. Anyway, here is a links I found:

    http://www.cotse.com/nix/os/bsd/stealth_os.html

  10. #10
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    I didn't reply because I missed the post first time round. OK, I personally use Slackware and have found it to be pretty damned good security wise. You do have to setup iptables manually rather than have simple preset rules (like low, medium and high), but it still rocks. The only problem with Slack is that until you get used to it, stuff is a bit of a pain to setup. However, with swaret installed, Slacware use starts getting easier and easier. Plus, I'd recommend it as the second distro while you're still learning Linux because you'll get used to editing the configuration files that exist on any Linux distro, thereby doing fine even if you're stuck without X somewhere.
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •