Mario Galan <[EMAIL PROTECTED]> writes:
> But yesterday I was having a look at www.securityfocus.com and
> I was very surprised when I saw that there are several known security
> holes in our distro that aren't listed in the updates page.
You're unlikely to get a detailed response unless you mention what these
problems where ... the less time someone has to spend working out what
your problem is, the more time they have to working out how to fix
it. (That's a point I'm making not necessarily to Mario, but to mailing
list people in general (Also see Pj's recent mail))
> - What should I do to have a secure system?. Well, I know I could be
> reading bugtraq list and security docs all day but I have no time for
> such things.
There is much more to security than updating all packages. I'd suggest
getting one of the many books on security and reading that as a start
point, for example:
- Only run necessary services
+ Disable those you don't need (ipchains, inetd.conf, hosts.deny)
+ Even better don't even install them!
- Limit access to services you do need to those that need it
- Read package documentation (Especially things as what user a service
runs as!)
> - Is Mandrake a secure distribution?
No distribution is *secure* as such, it's a question of whether it is
*securable* and that is where Linux (Not any particular distro) wins
over other OS's (No flamewar intended ...)
Lee
--
| Lee Willis Fixed cost Internet access available @
| Application Developer http://www.plus.net
| PlusNet Technologies Ltd
+----------"PlusNet - The smarter way to Internet"----------
