FYI, your subject is WRONG. Linux is trademarked by Linus Torvalds, an employee of Transmeta. Calling RedHat "linux" is no more accurate than calling Debian "linux". To be more exact, it is Red Hat Linux v 7.0 AND Debian GNU/Linux v 2.2r2. I forsee only trouble if you continue to refer to Red Hat 7 as Linux 7 often on Debian mailinglists...
On Mon, 19 Feb 2001, Steve Rudd wrote: >Hi! > >I am frustrated with the linux 2.2 kernel. I have had two hacks in 3 months >and I am going broke rebuilding my server. The 2.2 kernel isn't the issue, your configuration is. Crackers don't often break in via insecurities in the kernel, they usually use a service or other program that they can get to remotely >I went out and bought Redhat 7, and got hacked 6 weeks later. Not surprising: .0 releases of RH are always risky. >I have been placed in contact with a guy who wants me to use Debian. But if >it based upon the same kernel as redhat, how is it going to be more secure? >I checked and found that A few things that RH does insecurely, Debian does a bit more securely. But that security comes at a cost of some of the "ease of use" features in Red Hat. >from (http://www.securityfocus.com/) >Security risks for years: 1997-2000 respectively: >Debian 3, 2, 32, 45, 12 >RedHat 6, 10, 49, 85, 20 There are three types of lies: lies, damn lies, and statistics. >So Debian is about twice as good as redhat, but that is not real reassuring. What do you want, OpenBSD-type security? Got a couple of four years to do a code audit? >I am considering joining the debian family, but am a bit concerned about >security. Right now, it sounds like you need to solve the PEBCAK issue first. Security is something that happens in the Sysadmin's mind first: once it's there, the most insecure OS in the world will become secure. Turn off all unneded services; update early and often; if something is widely considered buggy, consider alternatives; try breaking in [to your own computer, natch] yourself a couple of times--if you can do it, so can others; go on a SUID killing spree; countless things... >Just how much more secure is Debian than redhat? Slightly. Debian will probably give you the space you need to learn security before you get killed, while Red Hat compresses the learning curve, but leaves some obvious holes. >Thanks! > >Steve Rudd > > > -- I can be immature if I want to, because I'm mature enough to make my own decisions. Who is John Galt? [EMAIL PROTECTED]
