On Fri, May 11, 2001 at 10:11:45AM -0500, Young, C Bryan wrote: > informed and preferably unbiased position (hard to come by in forums where > GNU/Linux or BSD are discussed), I'd MUCH appreciate it.
I use FreeBSD and Debian at work, and am often forced to deal with security issues on Redhat. IMHO, Debian's security update model is best, followed by FreeBSD then Redhat. > 1) In a couple of places, I've seen people criticize Debian's security > because the stable release uses 'out-of-date' packages. My understanding is > that Debian developers apply security patches to 'older' packages, while > leaving the 'bleeding edge' features out. All other things being equal, > will RH 7.1 or Debian Potato be more secure? The people who criticize Debian's policy (on that basis) don't know what they're talking about. When Debian makes a security release, that *all* it is. We don't add new features or release a package based on a new upstream version. Adding new features in a security release has the potential to introduce compatibility issues and confuse users. > 2) I've found that it is really easy to find/get help on RH questions -- > i.e., there are a lot of books in print that focus on RH. Can anyone give > me titles for essential Debian books? Most debian documentation is on line. See http://www.debian.org/doc/. Also check http://lists.debian.org. There are mailing lists for just about every issue with Debian, from security to laptop usage to IPv6 development. debian-user is great, too. > time (I'm thinking of something along the lines of Bastille Linux -- but a > typed out list of things to check for would suffice). I'm not aware of such a tool. In debian unstable (not what you want to run) there are Debian specific hardening tools. What I would do in this case is the following: dont' run inetd, don't run nfs related services. I believe there is a "Securing Debian HOWTO" somewhere, but I haven't seen it. It might give you some info. Subscribe to debian-security and debian-security-annouce for discussions and announcements relating to Debian security. Make sure you have the following line in /etc/apt/sources.list: deb http://security.debian.org/ potato/updates main contrib non-free HTH, noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
pgp2uSrH5D9HP.pgp
Description: PGP signature
