Yeah, I've always preferred slackware for it's simplicity over all the
bloatware and what-strange-app-am-I-supposed-to-edit-this-file-with-ware.
I do hear that libc install has some race conditions and/or buffer
overflows. Personally, I'd much rather run an OpenBSD box than a * Linux
box if it needed to be secure. Obviously there is significant work
involved with any machine on the internet but my experience is that
putting and keeping a Open (or probably just *BSD) box is a lot less time
and effort. With Linux I'm getting weekly e-mails about the latest buffer
overflow/exploit of x commonly used program that's guaranteed to be on the
machine. In general... keeping a Linux internet host just seems like too
much work. That and when I've looked at texts on hardening Linux it
involves reading a few ream size texts instead of the few pamphlet size
text I had to to get my OBSD box up. I do have to beg off and say I
haven't gone to any particular length to protect the box from local
attackers but at least I know exactly what all the servers are doing.

I guess my whole point is putting and maintaining a Linux inet box seems
like a whole heck of lot more work that it should have to be. I'd suggest
picking something less maintenance intensive.

Josh

__SIG__

On Thu, 21 Jun 2001, Spencer J Sinn wrote:

> Mike Hicks wrote:
> >
> > Heather Wagamon <hwagamon at andersonww.com> wrote:
> > >
> > > I've been thinking that I want to set up a personal Linux web/email
> > > server at home so I can learn linux easier and become more comfortable
> > > with it.  I was wondering... what's the best linux/unix to use?  I was
> > > thinking "Red Hat" since that's what we use here.
> >
> > Well, I'll just suggest that you make sure you're running a new
> > distribution.  The Honeynet Project discovered that, on average, it takes
> > about 72 hours for a default-install RedHat 6.2 box to get broken into.
> > Of course, I understand that stock Win98 with file sharing enabled is
> > pretty much just as bad..
> >
> > If this doesn't show the great importance security (and not leaving
> > everything turned on after an initial install), I don't know what does..
> >
> > http://www.counterpane.com/crypto-gram-0106.html
> >
> > --
> >  _  _  _  _ _  ___    _ _  _  ___ _ _  __   #define END.ARMS.CONTROL
> > / \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   /* Silo overflow */
> > \_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)
> > [ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]
> >
> >   ------------------------------------------------------------------------
> >    Part 1.2Type: application/pgp-signature
>
>
> I know with my old box, SuSE, I had mapped Apache to the outside IP and
> never had
> a problem. But I mapped FTP and Telnet outside for an IP Masquerading
> project a
> friend of mine was working on for the U and had the Ramen worm trying to
> get in
> after about two hours!! Since then I have gone back to Slackware, mostly
> to get
> more under-the-hood experience ( YAST was good and bad because it DIFY).
> If you are
> just doing it as a learning project, I wouldn't even worry about routing
> it to the
> outside world. Create a bunch of phony accounts on your home network and
> tear into
> it.
> _______________________________________________
> tclug-list mailing list
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
>