Re: FW: debian newbie questions -- security
hi ya ethan
yeah... think redhat boxes are usually sitting ducks for
wanna be hackers and script kiddies...
i concur, not that it matters, that all distro is basically
the same and hackable...including debian...
debian does provide a nice automated way to update itself should someone
wanna do it...
- apt-get update
- apt-get upgrade
very simple to do ... on a regular basis... if needed
- suse/redhat is now starting to provide automated "update"
services ... wonder how many people will break stuff instead
of fixing whatever it was supposed to fix..
all distro suffers from the same possible attacks...
- kernel buffer/stack problems unless it each distro tweeks it
and/or create unique kernel problems
- cron is a nice app they like to attack
- bind is a nice app they like to attack
- web servers is a nice app they like to attack
- sendmail is another puppy...granted debian prefers exim
- udpates should always be tested on a guine pig machine before going
live on a production server
have fun
alvin
http://www.Linux-sec.net
On Fri, 11 May 2001, Ethan Benson wrote:
> On Sat, May 12, 2001 at 10:19:49AM +1000, Matt Chipman wrote:
> >
> > frankly i dont know how anyone applies alll those Red Hat updates, they must
> > have more time than me ...
>
> they don't.
>
> i have yet to meet a redhat box that was not already rooted, or in a
> very rootable state. (as in no security updates installed).
>
> to be fair many security holes affect all distributions that include
> the package (assuming its installed), debian however has a much saner
> and more efficient means for users to install security updates, and in
> many cases the vulnerable program is not installed by default anyway.
>
> --
> Ethan Benson
> http://www.alaska.net/~erbenson/
>
Reply to: