On Fri, 19 Jan 2001, Michael H. Warfield wrote:
> RedHat 6.2 was still installing rsh and rlogin for God's sake.
> They also had empty (i.e. insecure) hosts.allow and hosts.deny. At
> least they DID plug in decent values for /etc/securetty and start
> adding lsof to the install, so they ARE getting better with time. At
> one point, Bastille on top of RedHat was the only reasonable starting
> point I would recommend for anyone. RedHat 7.0 is better (hey, they
> even put in xinetd) but still not great and it's so unstable that of the
> three installations we've tried, one got jerked in under a day and the
> others lasted less than a month before "upgrading" to 6.2 and clamping
> down on the security. I wouldn't put 7.0 in a production system at
> this point.
No argument on the security issues. I think that RedHat really needs to
push the default installations to be far more secure than they are. I know
there is pressure to make installations 'user firendly', but I think that
intepreting 'user friendly' to mean 'everything enabled with open access'
(like Microsoft traditionally has) is a bad thing.
On the other hand, I'm guessing that if you have enough sense to read
redhat-list, then you have enough sense to take the good advice given
here, keep up to date with patches, and disable services you don't need,
and lock down those you do.
On the stability issue, I have heard a lot of people complain about 7.0,
but after installing or upgrading almost 100 machines now to 7.0, (with
over 75% being in a live, production environment), I can't say I've had any of
the problems people have complained about.
Well, I guess Oracle on 7.0 is a pain in the arse, and the Oracle servers
I did end up downgrading back to 6.2 to keep them running, but I'm no fan
of colsed source software in general, and Oracle in particular. I also
did have a few problems with the ABI changes with some C++ software, but
nothing a recompile couldn't fix permanently. I just guess I haven't had
anywhere near the types of problems others have complained about, and amrather
mystified.
Given that 7.0 is a huge improvement over 6.2 in security terms (thank you
for openssl/openssh), I still highly recommend people install 7.0.
thornton
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
