Hey folks,
I recently received an email about this site: http://www.mslinux.org
First thought it was for real. But then, guess these guys are inventing some serious trouble, copyright infringement for example.

I also want to know which linux distribution is the best for running a web / mail/ ftp server (in terms of ease of use, security, memory management, configuration and anything else that is a very important criterion).

TheWingThing.

Copyright infringement is not an issue here. Copyright laws allow for parody. Trademark infringement, however, is a separate issue, and the site does seem to run afoul of a few violations in that respect. Trademark violation is not exempted by parody.

Red Hat Linux accounts for about 70% of Linux distributions and is quick to release any patches and fixes in response to exploits. That may not quite answer your question, at least not entirely. You may find more helpful information at http://securityportal.com

In regard to distrubutions -

I prefer Slackware. I'm sure a big part of it is that it's what I've been using for five years. It's familiar. But it's also more secure out of the box, and easier to take to full security, compared to RedHat.

RedHat is more geared toward the desktop or the novice administrator. Slackware is a power users' distribution, and as such, it doesn't get in your way like RedHat. It also tends to favor more stable, releases of software. (Witness RedHat's inclusion of an incompatible development version of gcc in RedHat 7.)

That's my two cents, anyway...



[Edited by Travis on 10-18-2000 at 05:13 PM]

Now that site is funny.

If you take time to read some of the side comments I burst out laughing.

For a second I thought they were for real

later

David

I second that .. when I first saw it I was like "I can't believe it .. they gave in .. this is great .. wowowow ..." then in the corner of my eye I read "Microsoft Monkey Colony on Mars" .. I was " what the ..."

I'm still laughing ...

"We are already training the monkeys to do simple tasks like reboot the space ship when it blue screens"


I just can't stop laughing ...

LOL, I can't stop laughing about this one either. Can't wait for "msunix.net" to be done. :)

This site is true *geek humor*. ;)

Microsoft Linux includes a new Troubleshooting Daemon (crapd) that help you zero in on a solution if you ever have a problem.

My favorite part:

MS Linux is released under the provisions of the Gates Private License, which means you can freely use this Software on a single machine without warranty after having paid the purchase price and annual renewal fees.

Yeah... it's bad. But really really funny :D

Matt
mlightner@site5.com

That site is a great break from what we are used to seeing day in and out as host here. I think i found a resort :)

yes, I love it, but we all know M$ will eventually shut it down :(

Well, enjoy it while you can. Definitely one of the finer sites for any fashionable wannabe geek. (not that all of us aren't one anyway :D)

Well, God Gate$ also needs a laugh.
So I dont think he will shut this site down. It's good humour, right? Besides, it's some free publicity for M$ among the geeks. No matter whether M$ makes positive publicity or geeks make some funny publicity, geeks are gonna take it in the same way and draw their own conclusions about M$. So it doesn't really matter.
Everyone need$ a laugh. And God Gate$ is no exception. I guess he too will LHAO on seeing this site.
He needs to laugh more than anyone else to beat out the stress due to all the lawsuit headache. Or is will he be really stressed? He alone knows.

Is Slackware secure than RedHat? And is a readymade script/utility available to plug all the security holes in RHL in one go?

TheWingThing.

I would say that Slackware is more secure out of the box, but it still has things that need to be addressed, like any distribution.

I'm not aware of any scripts that will go through and plug up all the holes, but it wouldn't be a bad idea. There are different things that need to be addressed depending on the application, so it would need to ask a lot of questions anyway. (There is always a trade-off between security and usability.... some things you don't want to turn off unless you need to.)

Has anybody seen any good basic guides out there for baseline securing of a new Linux installation? If not, I can take a few minutes and whip one up.



[Edited by Travis on 10-19-2000 at 03:30 AM]

Hi Travis,
Please help me out in securing a new RHL server installed outta the box. Say, the potential security holes and how to fix them, for RHL 6.x
Is there a PDF tutorial or scripts available out there to do this? I don't want to trust an unknown scripts that may open up a backdoor.
I'll search if there is any thread on this or other forums and post it here.

Thanx.

Here are the first basic things I go through:

- Open up inetd.conf and turn nearly everything off. Only leave services running that you will be using. There are a lot of things turned on by default that you don't need, and more ports open = more potential ways to get in.

- If at all possible, turn off telnet and use ssh exclusively. (We do this for things that users don't need access to, like name servers and database servers.)

- Turn off all RPC services unless you really, really need them. (rpc.portmap, rpc.mountd, rpc.nfsd, etc.)

- Make sure the included versions of wuftpd and bind aren't vulnerable to the recent exploits that have circulated.

- Search for setuid programs/scripts:

find / \( -perm -004000 -o -perm -002000 \) -type f -print

...many things, like mount, are setuid and don't need to be. Normal users don't need to be mounting and unmounting filesystems, so there's no reason to leave another possible security risk lying around. This goes for a lot of other software.

- There was also a local root exploit discovered recently in glibc. Check with your distribution vendor for an updated version, or roll your own.


There is a lot more to do if you want ultimate security, but the above steps are a good start.

Travis,
I found out that RH has released RHL 7. Any idea about the security features/holes in Red Hat Linux 7 anyone?

Wing.

RH7 has a bug list literally about 2500 items long. I would wait on this one.

small potatoes compared to when win2000 was first released. It had a bug list that was 65,000 items long

David

Yeah, I guess there are some areas in which Linux just can't compete.... :)

There are some good doc to securize your RH6.2 that you can find on openna.com. I already posted the full url to that doc in 2 previous posts, so search for 'openna' and you will find it :)

There ia also a program that will plug & fix many of the seucirty problems in many programs. However, I can't recall the name, but it was something like bastion or keep or castle (along that name). Basically it fixed programs, made a nice firewall, etc.

Look at: http://www.freshmeat.net and use the search function, you may be lucky :)

Originally posted by Travis
Yeah, I guess there are some areas in which Linux just can't compete.... :)

true. Linux loses hands down on who has the most outstanding bugs in their os. Windows takes the prize.

David

Doesn't that sound familiar ;)

Thank ya Felix, Travis, BC and everyone else,
Yeah. Windows is the Gold medallist in the buglist race. Hey, isn't there a category in the Guinness book for buggy operating systems, sccurity holes and largest number of service patches in the shortest amount of time? Wish they could start a category for that. But I'm afraid M$ would exert their monopoly on that too. :wink:
I'll check out those sites that give the patches guys. Thanks again.
Wing.