[plug] Securing Redhat 9.0
Craig Ringer
craig at postnewspapers.com.au
Thu Oct 13 13:41:03 WST 2005
Goldie, Kathryn (RTSBS) wrote:
> Hi all
>
> I was wondering if anyone could give me some advice on security issues
> or vulnerabilities with Redhat 9.0.
"upgrade"
RH9 is seeing little or no work with security updates. The last time I
checked, Fedora Legacy was essentially inactive on the old versions of
RH. I wouldn't want to run RH9 it for an externally visible server if I
could possibly avoid it.
You might want to consider Red Hat Enterprise Linux, Fedora Core 4, or
Debian Sarge as possible options for a newer and hopefully more secure
system.
If you really must run RH9, I'd try to put a more modern box in front of
it and proxy very selectively to the RH9 box, blocking everything you
don't absolutely need to let through.
If the RH9 box must be directly facing the Internet I'd try to firewall
off everything you can possibly get away with, and I'd probably want to
build my own copies of the publically visible apps like Apache 2 rather
than use the old ones shipped with the OS. Note that even that won't
protect you against an unpatched security hole in, eg, zlib.
--
Craig Ringer
More information about the plug
mailing list