I've recently acquired a CentOS 3.4 server which I eventually want to host some sites off. However, for the time being I'm using it as learning excercise. I'm reasonably comfortable with linux in general, compiling etc. but by no means an expert.
I have some queries over how exactly CentOS/Redhat El work, security wise.
I was initially worried that my OpenSSH server is reported as "OpenSSH_3.6.1p2". But after a bit of looking around it seems Redhat tend to backport only the security patches to older versions. Is there a database somewhere on the redhat site where I can see a version history etc.?
Would compiling my own version be better? (though obviously I lose the advantage of Redhat El). I just find it uncomfortable not knowing exactly what version is installed and what its been patched with. When a security vulnerability is discovered, is there long to wait before Redhat issues a fix? Added to the lag from CentOS releasing the patch it seems like it could be quite a while.
Apologies for the slightly long post, I'm just a bit confused on how best to handle this.