[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SUSE 9.0 Pro Production Quality?



Gar,




Hi Eric,

You didn't say wheteher you were going to use SUSE 9.0 for a Production server or as Work stations, and whether you have
Microsoft boxes on your local net and further
how, if at all, you were going to connect to the net.
The answers to those questions all affect "our" answer.
I am currently using SUSE 9.0 on a mail relay and proxy server and this is the mode I would be using SUSE or any other Linux distro. I am not currently using Samba or any other package to allow my MS boxes to connect to Linux servers. I may in the furture for a file server or printer server. We currently have a fractional T1 and have an excellent firewall. I am the Sys Admin so I hope I answered that in enough detail.

The reason I mentioned apt-get was that from what I've read and heard, it provides a very consistent and stable package management system and tends to not break thens when patches or software is applied. On my servers I usually only install security patches and bug fixes. From what others have said, the enterprise versions tend to use older and more tested code vs. the 9.0 Pro version. This is what Debian appears to do as well. What I wanted to make sure was that I wasn't using something like RH's Fedora with SUSE 9.0 :)

Thanks again,

Eric


You did mention "apt-get".

There is an "apt-get" feature for SuSE
I don't use it, but others do:
(you can google for it, but be sure to read the "cautions")

I use "fou4s" to get my security patches from SuSE (rather than YOU).
I run fou4s  in the "interactive mode, so my last step is:

   fou4s -i --inversecolor --interactive

see:  http://fou4s.gaugusch.at/

I run the stock SuSE kernel and download that separetly
much like Sandu Mihai suggested on  9/8/2004
http://lists.suse.com/archive/suse-security/2004-Sep/0050.html

That's why I run fou4s in the interactive mode,
if I see a kernel update I skip it and handle it separetly.

On some rpms I won't use the "patch rpm" but
prefer the "complete" rpm which I get from my local mirror, or:
http://www.suse.co.uk/uk/private/download/updates/90_i386.html

I have run SuSE 8.0, 8.1, 8.2 and 9.0 as a "workstation,
and found it to be "rock solid".  I use both KDE and Mozilla,
and only problems I run into is when I try leading edge stuff.

Givn that, and that this is a security list,
if you (or your System Admin) doesn't have extensive UNIX or Linux
experience I would strongly suggest that you pay someone who does
to help set up your separate firewall box.

I believe that would be money well spent whether you used
SuSE, Redhat, or Debian on your firewall box.

Hope this helps,
Gar


--
______________________________________________________________________

Eric Kahklen, MS
530 4th Ave. W. Seattle, WA



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here