<quote who="Penguin"> > I am trying to figure out what kernel I should use, for the next 6 > months at least anyway. Security is my main objective, most other > things can go to the wall if they conflict. > > But I would like my Nvidia card to work with a 2.2 kernel, and I > would like to be able to use cdrecord/xcd-roast, and other goodies > too. I need to be able to run XFree 4.1. I would like to be able > to have sound, using a SoundBlaster 128 Live card. > > I would prefer iptables, since I know it has a LOG option to record > all incoming and outgoing like a packet sniffer for my modem > dialup connection - does ipchains with the 2.2 kernel have a > comparable option? I want to see if when I log into my POP3 server > if my user and pass is sent in clear, etc etc. I want to see > everything passing on the wire. > > Can I use iptables with a 2.2 kernel?
not as far as i know > Given that I am super paranoid, maybe my old Debian 2.2r2 Potato is > the best bet for me. Is there any reason why I may not be able to > upgrade X to XFree 4.1 with this version of Potato? it is possible through unofficial debs, run a search for xfree4 and potato and you should find a url pretty quick (last time i checked it took about 2-3 minutes). some minor problems may occur(at least did last time i tried it) but they are easily worked around in most cases. that said, i highly reccomend 2.2 over 2.4 anyday. as someone who runs about 35 linux servers and workstations (maybe more, i haven't tried counting). all of my systems are 2.2. I use the openwall patch from www.openwall.com/linux. it makes a system a little more secure. 2.4 for me is not stable yet, i have read some reports that 2.4.16 is considered to be the "2.4.0" as in the first "stable" 2.4 kernel. so for me that means wait another year before testing it. i'd like to use iptables too, but if i needed a better firewall i would use freebsd or openbsd rather then use linux 2.4 at this point. im confident it will stabilize it will just take a while more. if you want to sniff your POP3 traffic then use tcpdump or something. if your using POP3 then you are sending your password in clear text, POP3 is not an encrypted protocol. you can get better results from tcpdump if your goal is to sniff traffic. I don't have a sound blaster live but i do have a nvidia geforce MX200 on one of my desktops, its rock solid under 2.2 i use it everyday for mostly video capture and unreal tournament and i haven't rebooted since i installed a new CDRW about 2 months ago. i also burn cds regularly on that machine(have burned about 60 sofar..). on my desktop at work i have a G400 and another CDRW(plextor) and have burned about 30-40 cds since i last rebooted about 220 days ago. my soundcard of choice is the SB PCI 128(es1370/1371), rock solid, sounds good, drivers are excellent. no midi though, but i dont need midi. only place i run linux 2.4 is on my dreamcast since thats the only kernel that runs on it i think. once linux 2.4 gets to the point of 1 update every 3-4 months then i may consider testing it, also when it gets to the point where people are no longer scrambling to the latest release that fixes critical bugs in the previous release. 2.2 has been at this state(IMO) since 2.2.10 (with the exception of 2.2.11->~2.2.13, 2.2.11 was a real bad apple). i did not deploy 2.2 in production until 2.2.10, my next deployment kernel i think was 2.2.14. now my current is 2.2.19(not 2.2.20 yet). there were some minor security issues in later kernels, but since all of my systems have no untrusted users its not a rush to update to them, infact with the exception of only 2 systems, the only users that have shell access also know the root password(total of 2 people). hope this helps.. nate
