FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 06-28-2011, 03:31 PM
 
Default EXT : Fedora Server?

Burke, Thomas (ES) wrote:
> RH6.2 ... not RHEL. Yeah, *that* old.
>
> I considered going to 8.0 when it came out, but never did it.

No, you really should have gone to 9 (Shrike) - that was solid. I skipped
8, and went from 7.2 or 7.3 to 9. <g>
>
> I'm afraid my server might be nearing its last legs, and it's gained some
> wonkiness recently (I think I have an impending HW failure), so I'm

Yeah. I haven't needed one, being on just my own box, but I've just moved
into a house, and will be setting up a network, so I am considering what
to do: my current plan (forget the phone co's router) is to buy an
appliance, as they say (an inexpensive firewall/router), and put tomato or
dd-wrt on it, then run Bastille against *that*. It'll use a lot less
electricity than even a small computer.

> considering the upgrade to something new. Of course, this means I throw
> away all my ipchains stuff and move to iptables (or whatever is en vogue,
> these days), likely re-do my sendmail.cf, and several handfuls of other
> scripts & apps to get it working, but....

iptables. It really is easier than ipchains. You might find this old
article usefule
<http://www.techrepublic.com/article/migrating-from-ipchains-to-iptables/1055287>
>
> Maybe it's worth it.

I will say a lot of the defaults - as I said, I use CentOS - work right
out of the box. For iptables, you can make permanent changes by editing
/etc/sysconfig/iptables. You can see the current rules in effect by
iptables-save, which dumps by default to stdout, like a good *nix program
should.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 06-28-2011, 03:46 PM
"Marti, Robert"
 
Default EXT : Fedora Server?

> -----Original Message-----
> From: redhat-list-bounces@redhat.com [mailto:redhat-list-
> bounces@redhat.com] On Behalf Of m.roth@5-cent.us
> Sent: Tuesday, June 28, 2011 10:22 AM
> To: General Red Hat Linux discussion list
> Subject: RE: EXT :RE: Fedora Server?
>
> Marti, Robert wrote:
> >> bounces@redhat.com] On Behalf Of m.roth@5-cent.us Burke, Thomas
> (ES)
> >> wrote:
> >> > [mailto:redhat-list-bounces@redhat.com] On Behalf Of
> >> > m.roth@5-cent.us Marti, Robert wrote:
> >> >>> bounces@redhat.com] On Behalf Of Burke, Thomas (ES)
> >> >>>
> >> >>> I'm seriously considering upgrading my server to Fedora. All the
> >> <snip>
> >> > I concur. I would *NEVER* use fedora on a real server - it's
> >> > bleeding edge, not leading edge. If uptime is more important than
> >> > the n33t3st, c00l3st f38tur3s (esp. when they don't always work),
> >> > use something that's behind the times, like RHEL or CentOS.
> >> >
> >> > Well... The upgrade will be from RH 6.2.... So yeah, I'm not real
> >> > concerned with latest & greatest.
> >> >
> >> > But my uptime has been near 100% over the last 10 years or so...
> >>
> >> So, why are you even considering it... wait, are do you mean RH 6.2
> >> (10 years old), or RHEL, in which case, I didn't think 6.2 was out, only 6.1?
> >
> > He's likely being honest and saying it's a 10 year old box. That's a
> > bad thing. Get it on *anything* current... and if it's been on the
> > internet for 10 years, you should make sure it's actually still yours.
>
> Why? Until Aug of '09, I had a firewall/router box, running RH 9 (Shrike).
> Now, admittedly, it *was* a firewall/router, and I'd run Bastille Linux on it
> (which is a set of hardening scripts, not a distro), and to the best of my
> knowledge, having started that on 5.2? 6? all with Bastille, I never had an
> intrusion, and had been on broadband for about 10 years.
>
> mark

There have been absolutely zero remote root exploits on any kernel ever.

Except there have. Just because it works now and has worked for X years is not a reason to skip patching. Running a *very* EOL operating system (RHL9 went EOL in 2004ish, so running it in 2009 means *5* years without security updates. Are you insane?) means you don't get security updates. Bastille is a decent first step, but it is absolutely *not* a replacement for good security through updates.

Rob Marti

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 06-28-2011, 05:16 PM
"Burke, Thomas (ES)"
 
Default EXT : Fedora Server?

Yeah, this box serves HTTP, mail, and SSl to the outside world, and SAMBA to the inside. It's been hardened, and has never had an intrusion...

But, since updates have not been available for several years, and a new install will be a royal PITA (since I no longer have the install media), I figured I'd consider going to something newer.

-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com] On Behalf Of m.roth@5-cent.us
Sent: Tuesday, June 28, 2011 11:22 AM
To: General Red Hat Linux discussion list
Subject: RE: EXT :RE: Fedora Server?

Marti, Robert wrote:
>> bounces@redhat.com] On Behalf Of m.roth@5-cent.us
>> Burke, Thomas (ES) wrote:
>> > [mailto:redhat-list-bounces@redhat.com] On Behalf Of m.roth@5-cent.us
>> > Marti, Robert wrote:
>> >>> bounces@redhat.com] On Behalf Of Burke, Thomas (ES)
>> >>>
>> >>> I'm seriously considering upgrading my server to Fedora. All the
>> <snip>
>> > I concur. I would *NEVER* use fedora on a real server - it's bleeding
>> > edge, not leading edge. If uptime is more important than the n33t3st,
>> > c00l3st f38tur3s (esp. when they don't always work), use something
>> > that's behind the times, like RHEL or CentOS.
>> >
>> > Well... The upgrade will be from RH 6.2.... So yeah, I'm not real
>> > concerned with latest & greatest.
>> >
>> > But my uptime has been near 100% over the last 10 years or so...
>>
>> So, why are you even considering it... wait, are do you mean RH 6.2 (10
>> years old), or RHEL, in which case, I didn't think 6.2 was out, only 6.1?
>
> He's likely being honest and saying it's a 10 year old box. That's a bad
> thing. Get it on *anything* current... and if it's been on the internet
> for 10 years, you should make sure it's actually still yours.

Why? Until Aug of '09, I had a firewall/router box, running RH 9 (Shrike).
Now, admittedly, it *was* a firewall/router, and I'd run Bastille Linux on
it (which is a set of hardening scripts, not a distro), and to the best of
my knowledge, having started that on 5.2? 6? all with Bastille, I never
had an intrusion, and had been on broadband for about 10 years.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 06-28-2011, 05:21 PM
"Burke, Thomas (ES)"
 
Default EXT : Fedora Server?

Yeah, this used to have "roaring penguin" on it, and was my firewall to the outside world. Until I ditched DSL, and went to cable. Then I kept the config for a few years, until I went to FiOS... Their Actiontek router looks to have pretty good rules, and they don't allow a lot of stuff on "normal" ports, so I changed configs and pushed him back behind the firewall. So he has his own firewall inside the firewall, and things have to go through non-standard ports to get there, so really, it's pretty secure.

But yeah, this is my house. I share printers and file systems out to several rooms, both over a 100Mb switch and a 54Mb wireless connection. Http and sendmail talk over FiOS to the outside world, but the box only has a few users, so bandwidth isn't a big deal.

-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com] On Behalf Of m.roth@5-cent.us
Sent: Tuesday, June 28, 2011 11:32 AM
To: General Red Hat Linux discussion list
Subject: RE: EXT :RE: Fedora Server?

Burke, Thomas (ES) wrote:
> RH6.2 ... not RHEL. Yeah, *that* old.
>
> I considered going to 8.0 when it came out, but never did it.

No, you really should have gone to 9 (Shrike) - that was solid. I skipped
8, and went from 7.2 or 7.3 to 9. <g>
>
> I'm afraid my server might be nearing its last legs, and it's gained some
> wonkiness recently (I think I have an impending HW failure), so I'm

Yeah. I haven't needed one, being on just my own box, but I've just moved
into a house, and will be setting up a network, so I am considering what
to do: my current plan (forget the phone co's router) is to buy an
appliance, as they say (an inexpensive firewall/router), and put tomato or
dd-wrt on it, then run Bastille against *that*. It'll use a lot less
electricity than even a small computer.

> considering the upgrade to something new. Of course, this means I throw
> away all my ipchains stuff and move to iptables (or whatever is en vogue,
> these days), likely re-do my sendmail.cf, and several handfuls of other
> scripts & apps to get it working, but....

iptables. It really is easier than ipchains. You might find this old
article usefule
<http://www.techrepublic.com/article/migrating-from-ipchains-to-iptables/1055287>
>
> Maybe it's worth it.

I will say a lot of the defaults - as I said, I use CentOS - work right
out of the box. For iptables, you can make permanent changes by editing
/etc/sysconfig/iptables. You can see the current rules in effect by
iptables-save, which dumps by default to stdout, like a good *nix program
should.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 06-28-2011, 05:22 PM
 
Default EXT : Fedora Server?

Burke, Thomas (ES) wrote:
> Yeah, this box serves HTTP, mail, and SSl to the outside world, and SAMBA
> to the inside. It's been hardened, and has never had an intrusion...
>
> But, since updates have not been available for several years, and a new
> install will be a royal PITA (since I no longer have the install media), I
> figured I'd consider going to something newer.

In that case, I really would go to something a lot newer - even without an
intrusion, you're more vulnerable to things like DDoS.

Esp. if the budget's an issue, I'd suggest CentOS - it's built from RHEL
source; all that's different is the proprietary stuff. It tends to be
*very* solid, right out of the box.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 09:39 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org