Hi,

I know many of you have experience with setting up, maintaining and running Red Hat 7.2 based servers 24x7. Just what is the security and reliability like? It seems most companies offering dedicated and managed servers put Red Hat 7.2 on them. Since Red Hat 7.2 servers seem to be most popular, I'm wondering:

1) If set up from scratch the proper way -- do you believe a Red Hat 7.2 based system can be made 100% secure and still be usable by hosting customers and resellers? And if so, what you feel the proper way to set it up to make it 100% secure is? If not, please share why you feel a Red Hat 7.2 system cannot be made 100% secure. I'm wondering about things other than just "install the default install and apply all patches", of course. Thanks.

Moreover, how often do you find the Red Hat 7.2 based servers you are familiar with get cracked/hacked? What are the most common reasons why -- especially for those systems kept up to date and patched?

After "burning it to the ground" and reinstalling everything, assuming it was kept patched, up to date and configured correctly, what reason is there to expect the cracker won't be back and get in the exact same way? Do you feel you can prevent a repeat performance? Do you run any IDS type stuff on your boxes to prevent crackers doing the same thing over and over again?

2) How robust do you find a Red Hat 7.2 based server as typically configured for dedicated or managed hosting for resellers and retail hosting customers can be made to be?

What has your experience and observation about the security and reliability of Red Hat 7.2 been? What are the most important factors in making a Red Hat 7.2 based server as close to 100% secure and reliable for hosting and reseller customers as possible?


Thank you very much for sharing.

Louis

I can't resist.... 100% secure? Unplug it! ;)

RedHat 7.2 works great for both our shared and managed servers.

As far as security goes, there are lots of sites you can read about 'hardening linux' or 'linux security'.

Most important things of course are turning off unused services (if it's only a webserver, it should respond only on 80 and 443) and keeping current on patches (redhat watch list and bugtraq are a good start, there's a nice little script called 'updateme' which helps too).

You cannot make a server 100% secure, no matter what operating system it is. There is no magic bullet. If you want security, you must administer the server continuously with a mind for security.

A Red Hat system can be made very secure by a competent admin. To start, you need to turn off any unneeded services and applications, keep on top of patches both for the operating system and all installed applications, restrict access, and have a sound security policy.

Of course you can't just secure it and then forget about it -- you need to keep up with new security vulnerabilities and regularly audit your server's security.

Hi,

Thanks for your replies. I'm aware that one needs to turn off unneeded services, stay updated and patched. I know there are no guarantees when it comes to security. I know how the system is maintained has lots to do with how secure and reliable any system is.

Red Hat is what's commonly chosen over other choices like Free or Open BSD. Since the popularity of Red Hat 7.x is the reality of what one is most likely for a host to have, what I'm wondering is this:

Let's say one does all those sorts of basic security things. Assuming one keeps up with patches, just how close or far away from 100% secure have you found Red Hat 7.2 based servers to be in actual practice?

Are there things about Linux itself or the Red Hat 7.2 distro in particular that make it very, very hard to secure -- vulnerabilities to buffer overflows that just keep coming up, ways for people to escalate their privlages to root -- that sort of thing no matter what you do to try and keep it cracker proof?

Basically, do you find that if you do the normal stuff like keep the system patched, that you just don't get your systems cracked? Or do you find your Red Hat 7.2 systems getting cracked no matter what you do to try and secure them?

Also, do you find the Red Hat 7.2 based systems just run and run -- even under full load for months at a time -- or that they just crash at random times if worked heavily?

That is, how robust and reliable have you found them to be in practice? I'm not refering to user error or hardware problems bringing things down. I'm refering to a properly set up and maintained system that runs and runs -- then either continues to do so or crashes for no apparent reason after a certian point under load no matter how well one maintains the system. Which is it with Red Hat 7.2?

I'm just wondering what folks' real world experiences with Red Hat 7.2 based systems have been.


Thanks for sharing,

Louis

Personally I think you aren't really using your brain too much right now. Most people wouldn't compromise their image by saying "whatever I do to my systems to secure them, I keep getting hacked. I dont know what to do" or "man my systems crash left and right, no matter how I administrate them." I mean have some more common sense. If your looking for unbias remarks don't post a question in an area where people "advertise".

Cut him some slack, it's a legit question in general.

We experienced a security compromise years ago on RedHat 6.2, before we were extremely vigilant about patches. Today it's an absolute requirement, and while we see crackers bouncing off our systems every freaking day, we haven't experienced any further trouble.

As far as crashes go, the OS crashes we've experienced under RH 7.2 had to do with experimental kernel patches we were running, not anything to do with the RH distro.

Originally posted by stlouislouis
Hi,

I know many of you have experience with setting up, maintaining and running Red Hat 7.2 based servers 24x7. Just what is the security and reliability like? It seems most companies offering dedicated and managed servers put Red Hat 7.2 on them. Since Red Hat 7.2 servers seem to be most popular, I'm wondering:

1) If set up from scratch the proper way -- do you believe a Red Hat 7.2 based system can be made 100% secure and still be usable by hosting customers and resellers? And if so, what you feel the proper way to set it up to make it 100% secure is? If not, please share why you feel a Red Hat 7.2 system cannot be made 100% secure. I'm wondering about things other than just "install the default install and apply all patches", of course. Thanks.

Moreover, how often do you find the Red Hat 7.2 based servers you are familiar with get cracked/hacked? What are the most common reasons why -- especially for those systems kept up to date and patched?

After "burning it to the ground" and reinstalling everything, assuming it was kept patched, up to date and configured correctly, what reason is there to expect the cracker won't be back and get in the exact same way? Do you feel you can prevent a repeat performance? Do you run any IDS type stuff on your boxes to prevent crackers doing the same thing over and over again?

2) How robust do you find a Red Hat 7.2 based server as typically configured for dedicated or managed hosting for resellers and retail hosting customers can be made to be?

What has your experience and observation about the security and reliability of Red Hat 7.2 been? What are the most important factors in making a Red Hat 7.2 based server as close to 100% secure and reliable for hosting and reseller customers as possible?


Thank you very much for sharing.

Louis

If you're really concerned about security, don't use linux. Linux is free if your time is worth nothing. There is more proactive code auditing in the BSD community, specifically within the OpenBSD group. That is not to FreeBSD, being more popular hasn't benefited (you can always try binary emulation under OpenBSD, it's what I used to do to use netscape; not too bad) because it has.

I'll admit, I'm a BSD bigot. But so so many things in *BSD are _so_ much cleaner than in Linux, and it goes a lot deeper than userland. Like... why is the routing table a linked list in linux but a binary tree based on netmask in BSD?

Hi, Jambler, magnafix and manmythlgnd,

Jambler: I can see you points. So, anyone who doesn't want to post their reply can drop me an e-mail. I won't reveal who told me what; I'm just trying to get an idea of the reliability and security of Red Hat 7.2 as hosting companies experience it in day to day operation. I'll keep your points in mind in how I ask for replies in the future; I wasn't considering your valid point when I posted. Thanks.

magnafix: Thanks for sharing!

manmythlgnd: I also strongly favor FreeBSD for web servers over Linux for security reasons -- based on what I've read other's experiences have been. However, since many, many hosting places offer Red Hat 7.2 based systems, I was wondering what people find it's security and reliability to be like in actual use. It would be nice if folks could say we've found if you do 1...2...3...N that you no longer will find your systems getting cracked or crashing periodically; i.e. is Red Hat 7.2, or Linux in general *inherently* capable of being 100% secured and 100% reliable? Or not? For that matter, is FreeBSD? Comments appreciated!

I know *BSD has a reputation for being extremely reliable and secure if configured correctly. I didn't mention *BSD originally, because I really wanted to know about people's views on Red Hat 7.2 based systems in particular since they are so popular -- rather than mention *BSD and have this thread just be a Linux .vs BSD debate. However, since that genie is now out of the bottle on this thread, please -- anyone -- share your points of view on RH 7.2 OR the same for *BSD. Please feel free to e-mail me if you don't want to publically post -- or just post under a different handle, I guess.

Thanks one and all for sharing! I care about the issues of security and reliability very much. That's why I'm asking. For those choosing a hosting platform OS, the sharing here will be most helpful. Thank you!


Take care,

Louis

I wasn't going to reply, because you asked a lot of questions, and it would take too long to reply, but I have to reply to what manmythlgnd said. :)

If wouldn't use Linux as a firewall, but then I wouldn't use OpenBSD either if I had an option to use something better.

Linux is plenty secure for hosting web sites, even with multiple users. Of course this post is my opinion, which is quite different than manmythlgnd's opinion.