[rescue] Oh no! This poor Origin server.....

Patrick Finnegan pat at computer-refuge.org
Fri Apr 2 18:32:40 CST 2004 

On Friday 02 April 2004 17:24, N. Miller wrote:
> Hence my "paint a target on our back" comment.  We have
> the regular complement of hosted systems firewalling (multiple
> layers), IDS, etc.  But if we were to put Linux up there, we'd
> be having to filter a hell of a lot more noise out of the
> monitoring channel due to the increase in script kiddies hitting
> us.

I'm not sure I agree.  We keep our linux machines (for clustering, etc) 
very up to date, running Debian, and have yet to be broken into.  And 
yes, we watch the logs and would probably notice it.  On the other 
hand, in the last 12 months, we've had solaris boxes rooted a few 
times, but I think that was mostly because Sun failed to secure the box 
while it was here (and they were doing set-up) before handing over the 
keys.  After that mess, we started doing our own admin stuff on them 
before being "allowed to".

I seriously doubt that Linux is more hackable than, say, Solaris, if you 
keep it up to date.  I trust the Linux kernel community to release 
patches and admit problems much more than any proprietary software 
vendor.

And, don't forget bugs in some software, ie OpenSSH, are cross-platform, 
and affect everyone equally. :)

> Not to mention that I've yet to see a Linux box survive a load
> of 42+, much less be useable, as I've seen with Solaris on Sun
> Enterprise hardware.

Methinks you need to upgrade a machine when you've got that kind of 
load...  I'll admit that Linux doesn't gracefully handle high loads 
like most UNIXes, but unless someone just forkbombed you, you shouldn't 
have that problem.  And if you're competent, you can figure out who did 
it and drop by with a sledge to make sure it isn't repeated. ;)

> Yes, by personal experience, not hearsay--a U2E w/
> 512MB of RAM. I can't recall if it was single or dual proc.
> You could log actually log in on the console and do stuff...
> slowly.

Linux might not be perfect, but it's open, cross-platform, and getting 
better with time.  Don't forget Linux is just a baby still compared to 
UNIX.  An amazing baby that can do amazing things, but it's not "as 
mature".  That being said, the 2.6 kernel has some promise and is 
looking much better on high-end hardware than older versions.

Pat
-- 
Purdue University ITAP/RCS        ---  http://www.itap.purdue.edu/rcs/
The Computer Refuge               ---  http://computer-refuge.org

More information about the rescue mailing list