[plug] Red Hat Linux 7 security,etc. problems?

Michael Hunt michael.j.hunt at usa.net
Thu Mar 1 23:30:52 WST 2001


> > (a) some of the more well-known problems with RH7, both
> security and other,
> > that hopefully I can use to persuade him it's just a bad option and he
> > should use something else,
>
> the default rh7 workstation didn't install apache, ftp or telnet on my
> machine
>
> however, details on tightening up rh are available in linux gazette
> www.linuxgazette.org I think from last November or October

I'm surprised that no one has mentioned the hardening scripts that are
around like bastille. I haven't looked at this for a while, but it used to
do a very good job with the 6.x versions of RedHat. It is sad but true that
one really needs to look beyond what the distibutors provide and use 3rd
party hardening script to "fix" the distros (and also reload over half the
OS in new "fixed" rpm's).

> > (b) one or more URLs that explain how he can turn off services, upgrade
> > known-buggy programs (and downgrade gcc to the stable version
> *sigh*), etc.
> > to turn a default RH7 install into something that doesn't suck
> quite so much.
>
> rh7 has kgcc (kernel gnu compiler) which is the previous stable version,
> to compile kernels you have to hack the make files.
>
> netscape 4.76 as distributed is buggy (crashes if you try and use adress
> book)
>
> 2.2.16 kernel as distributed doesn't work with vmware (get a warning
> about the cd rom drive not working)
>
>
> having installed rh7 with hindsght I would have installed either rh6 or
> another distro enirely

Ok I think someone needs to step up here and defend redhat !!! *grin* I can
understand where you are coming from security wise, but there is a fine line
between stable/secure and latest/potetnially insecure and buggy. RedHat 7.0
has tried to bring lots of goodies to its distro that has caused it to earn
a buggy reputation, but what do you expect of a point zero release ???
Security and stabilty only come when time has been commited to looking over
the code and this never happens in the latest and greatest version. 7.1
looks like going a long way to fixing the bugs and being aq good example of
a bug fix release rather than an introduces a whole bunch of new software
(and bigs) release.

Besides if it is security you are after then you just install Mandrake in
Paranoid mode and have a box that you can do very little with !!!! (Ok
slight exageration)

> gavin




More information about the plug mailing list