Jump to content



Photo

Security for a home server

linux security server

  • Please log in to reply
16 replies to this topic

#16 +Karl L.

Karl L.

    xorangekiller

  • Tech Issues Solved: 15
  • Joined: 24-January 09
  • Location: Virginia, USA
  • OS: Debian Testing

Posted 26 April 2013 - 01:33

OTOH I can't be bothered to mess with SELinux.


That is a very common sentiment. Although SELinux is a very powerful security tool in the right hands, it is also a bit of a pain to setup and one of the things most often disabled on Red Hat distros. Although I currently have SELinux enabled and using carefully crafted security policies on all of the RHEL/CentOS servers I administer, it has taken significant time investment to wrangle SELinux into doing what I want. I have never had any serious security breaches on any of my Red Hat or Debian machines, so I'm not convinced that SELinux is actually worth the effort.

Noted. I'm also a Debian fan, just thought some aspects of Ubuntu might be better automated.


As far as I know there is nothing in Ubuntu server that is particularly better automated than Debian. Most of Canonical's work for Ubuntu server has been in commercial support (and Landscape). If you are thinking "automated" as in automatic updates (which was what I originally thought you were referring to), you can configure automatic updates in Debian fairly easily. Automatic updates are not enabled by default in Debian for a good reason - most system administrators prefer to tightly control updates so that they can meet their uptime quotas.

All my *nix servers are arch based.
Just because arch is a fast rolling release does not mean you have to update all the packages or use the versions on the web, most server orientated packages are compiled and packaged by me, including the kernel.


I believe that I called your choice insane a few posts up. Are you running Arch on servers in a production environment, is this a testing/development environment, or is it just your personal server?


#17 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 26 April 2013 - 08:51

I believe that I called your choice insane a few posts up. Are you running Arch on servers in a production environment, is this a testing/development environment, or is it just your personal server?

One is home server, one is production server, one is a dedicated firewall/IDS and one is a development/testing/compilation server.
Here's the production;
top - 09:50:33 up 42 days, 19:55, 1 user, load average: 0.00, 0.01, 0.05
Tasks: 112 total, 1 running, 111 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem: 3086264 total, 1954816 used, 1131448 free, 215900 buffers
KiB Swap: 1955240 total, 0 used, 1955240 free, 1000288 cached
Linux H3K-FP 3.8.2-1-grsec-selinux #1 SMP Mon Mar 4 18:43:02 GMT 2013 x86_64 GNU/Linux

No problems ;)



Click here to login or here to register to remove this ad, it's free!