On Wed, 15 Apr 2009 11:03:26 +1000 Null Ack <[email protected]> wrote: >Considering some noise happening in the blog space over a Linux >magazine article about security problems with Ubuntu server I think we >should re-visit this topic. The article is at: > >http://www.linux-mag.com/id/7297/2/ > >The key criticisms of Ubuntu server raised by Linux magazine are: > >1. Default permissions of users home dirs open by default >2. Install allows for blank mysql root password >3. Allowing system accounts unnecessary shell session authority >4. Nonsensical deamons listening on the network despite other >configurations servicing those needs > >In our previous discussion on this topic here, I introduced some >personal concerns I have with Ubuntu desktop security with: > >1. No firewall enabled by default >2. That AppArmor is providing a false sense of safety for users in >controlling the damage zero day exploits could potentially do. >AppArmor only protects one daemon, CUPS. By default it does very >little. > >The reality is that other desktop distros such as Fedora have a far >stronger set of security features than our beloved Ubuntu, > I guess I was hallucinating working on the apparmor profile for clamav-daemon and freshclam (also run as a daemon) today.
I have yet to work on a customer server that was Red Hat/Fedora based where SE Linux was not disabled, so whatever theoretical advantages it might have, in practice without a well trained guru to manage it, it does no good at all. Most of the article is not terribly accurate (see the today's archives of the ubuntu-server mail list for details). Scott K -- Ubuntu-devel-discuss mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
