Find the answer to your Linux question:
Results 1 to 8 of 8
Hi everybody, I want to build up a small but very secure "production-style" webserver box. My idea is to start with an old computer (say a PII or the like) ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2008
    Location
    Argentina
    Posts
    4

    Question Choosing the right distribution for a very secure webserver


    Hi everybody,

    I want to build up a small but very secure "production-style" webserver box. My idea is to start with an old computer (say a PII or the like) and put a very solid, stable and reliable server on a similarly solid OS platform. Which server I know for certain: Apache Tomcat. The problem is with the OS... I'm pretty sure that there must be some linux flavor that fullfils the task perfectly. But the question is... which one?

    I need your comments! If you point this or that distribution, please explain WHY you'd recomment it.

    Thanks in advance!
    yours,

    shandrio

  2. #2
    Linux Enthusiast L4Linux's Avatar
    Join Date
    Sep 2008
    Location
    Greece
    Posts
    583
    Welcome to the forums!
    All major distributions are safe and solid and in most cases it is very easy to install apache,mysql, php,etc. Have you used Linux before?
    You could also go for BSD, its developers are suppossed to be more "paranoid"(in the good sense of the word) than the ones of Linux. The con to BSD though is that it has fewer users, so it will probably be more difficult to get help for any issue you 'll face.

  3. #3
    Linux Enthusiast meton_magis's Avatar
    Join Date
    Oct 2006
    Location
    arizona
    Posts
    699
    The problem with security, is that you are always going to be taking someone elses word for it. If you want to be REALLY secure, look into linux from scratch. you can audit all source code (though all GNU software, as well as apache (and some others, the openBSD stuff like openSSH is well known to be secure) is usualy taken as secure.)

    But this takes alot of work. If your looking for an easy route, i'd go with CentOS, and monitor RHEL for any security warnings, and adjust as proper. But any secure program can be completely undone by an ignorant admin, so make sure to think in a security mindset at all times.
    New to the internet, technical forums, or the hacker / open source community??
    Read this to learn good posting habits http://www.catb.org/~esr/faqs/smart-questions.html

    RHCE for RHEL version 5
    RHCT for RHEL version 4

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Oct 2008
    Location
    Argentina
    Posts
    4
    Quote Originally Posted by L4Linux View Post
    Welcome to the forums!
    All major distributions are safe and solid and in most cases it is very easy to install apache,mysql, php,etc. Have you used Linux before?
    You could also go for BSD, its developers are suppossed to be more "paranoid"(in the good sense of the word) than the ones of Linux. The con to BSD though is that it has fewer users, so it will probably be more difficult to get help for any issue you 'll face.
    Thank you! And yes, I've been using linux for quite some long. I started with Redhat 5 through 8, later Mandrake and now I'm trying the new boom: Ubuntu. I like what you say about "paranoid" programmers of BSD. I'm quite one myself! What about security updates? Is BSD always up-to-date?

    Quote Originally Posted by meton_magis View Post
    The problem with security, is that you are always going to be taking someone elses word for it. If you want to be REALLY secure, look into linux from scratch. you can audit all source code (though all GNU software, as well as apache (and some others, the openBSD stuff like openSSH is well known to be secure) is usualy taken as secure.)

    But this takes alot of work. If your looking for an easy route, i'd go with CentOS, and monitor RHEL for any security warnings, and adjust as proper. But any secure program can be completely undone by an ignorant admin, so make sure to think in a security mindset at all times.
    Auditing Linux code seems like something "extreme" to me. I remember I once downloaded the source code of the kernel and just tried to read some for the fun of it. Oh my god... I never thought that C could actualy even be written that way! haha Forget about that. Perhaps I'd dare look into some most-probably-unsecure rutines of some HTTP connection code looking for probable buffer overflows or the like. But once again... is it worth the effort? Probably you'll always end, like you correctly said, just having to trust in somebody else's words.

    I've never heard of CentOS nor RHEL, so I have some homework to do... find out more about them.
    Finaly, I agree completly with your last statement. You could eventualy have an almost-prefectly secure system... but if you administer it badly, It's all worth nothing!

    Thank you both for your feedback!

  6. #5
    Linux Engineer GNU-Fan's Avatar
    Join Date
    Mar 2008
    Posts
    935
    Well, in order to evaluate something on security you have to look at where the most break ins occur. And in the world of GNU/Linux and *BSD, it is very rarely a hole in the core system that gets exploited.

    It is stuff like stupid obvious passwords, widely opened PHP scripts or insane file permissions that get boxes rooted on a daily basis.

    I've been using Debian Stable on my servers for years. They deliver security updates in a timely manner and the software is configured to sane defaults. But this all didn't help me if I were to do ONE single stupidity, like installing PHP scripts somebody anonymous had written.

    You may shake your head now, but go to some random defacement site to see how independent of the OS the statistic is. (The market share of server's OS taken into account, of course )
    Debian GNU/Linux -- You know you want it.

  7. #6
    Linux Enthusiast L4Linux's Avatar
    Join Date
    Sep 2008
    Location
    Greece
    Posts
    583
    RHEL is Red Hat Enterprise Linux. CentOS is a recompile of RHEL, basically RHEL without the brand name of Red Hat and its support.

  8. #7
    Just Joined!
    Join Date
    Oct 2008
    Location
    Argentina
    Posts
    4
    Thanks GNU-Fan for your recomendation!

    and L4Linux... I've used RHL for quite some time. I can't belive I didn't realize the acronym!
    RHEL is surely out of my reach since I don't have that much money to spend... but I'll sure investigate more about CentOS. It seems quite interesting. What about the updates? does no support mean no updates too?

  9. #8
    oz
    oz is offline
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,733
    Quote Originally Posted by shandrio View Post
    What about the updates? does no support mean no updates too?
    You get updates, just no paid support channel.
    oz

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •