[rescue] Oh no! This poor Origin server.....

[Joshua Boyd]

On Fri, Apr 02, 2004 at 12:21:51PM -0500, Linc Fessenden wrote:

> > Really?  I'm more comfortable putting Solaris on the net than I am
> > linux.  And system administration is not my trade either, and linux is
> > what I spend 8 to 24 hours a day staring at.
> 
> I hear this kind of comment quite a bit and I have to say that since I
> know you to be a competent admin, you *must* be using a really bad
> incarnation of Linux.  I have had a bunch of Slackware boxes on the net
> for *years* without 1 single problem.  I simply turned off the offending
> services (telnet, ftp, etc) slapped on chkrootkit, and portsentry, and I
> do the occasional upgrade of apache, openssl, and ssh and there ya have
> it.  I have seen every kind and type of attack trying to be applied and
> sent around in my logs but haven't had narry a problem because of it.

It seems to me that to secure solaris, you just follow the
fixsolaris.txt guide, then install ipf and write your rules.

I'm not saying that linux can't be secured.  I'm just saying it seems to
involve pain and compromise every time I've thought about it.

For the machine I currently have colocated (a U5), I tried both NetBSD
and Linux (Aurora, though people have since told me I should have used 
Gentoo) before giving up in frustration and going with Solaris.  Part of
it was fighting with the package management system (on NetBSD) and
configuration tools (linux), and perhaps a large part was incompatible
applications (sbcl being a major one).

On the other hand, one of my file servers at home is a Redhat 9 machine,
and the other workstation is a Debian machine, and my workstation at
work is a Redhat 7.3 machine.

Actually, I don't use the machines at home much this year so far.  There
is just something about going to work at 8 and coming home after 2 that
makes using my home computers unappealing.  I really should turn them
off to save electricity as I don't think I've touched them at all in two
weeks.