[TriLUG] Server: Debian or Mandrake?

Tanner Lovelace lovelace at wayfarer.org
Tue Apr 22 21:50:37 EDT 2003 

On Tuesday, April 22, 2003, at 01:24 PM, Chris Hedemark wrote:

>> 2) Security
>
> I prefer the minimalist approach that Debian takes, which makes it 
> easier to stay on top of package upgrades.  Mandrake & Red Hat are 
> what I call "kitchen sink distros" as they dump a ton of stuff on your 
> system that you'll probably never need, and if you don't remove it 
> you're going to have to stay on top of security upgrades for.
>
[...]
> I'm going to be going through a more serious evaluation of other Linux 
> platforms shortly and Debian is on the short list of distros to check 
> out.  Mandrake is not, largely because (1) of the kitchen sink 
> approach and (2) bleeding edge/experimental bias.  Long term stability 
> is more important to me, and I have a lot of outward facing servers so 
> security is also very important.

Chris,

If security is high on your list of features, you really *should* look
at Mandrake.  They are the only distribution I've seen that includes
an integrated security manager (msec) that lets you define the level
of security you want.  Actually, if you want an independent evaluation
of it, ask Jeremy Portzer.  I recently gave him an account on my
Mandrake server and he can tell you about what we needed to do
to let him be able to do what he wanted to do.  Because I use msec
at the highest level, things were so locked down that when I first
gave him the account, there wasn't much he could do (i.e. he couldn't
even run rpm).

I said I don't know of any other distribution that has an integrated
security manager, but I'm sure my breadth of knowledge of distributions
could be better.  Does anyone else know of a distribution that includes
an integrated security manager?  I know Bastille Linux used to be an
add on product for RedHat (and Mandrake used to include that before
msec), and there are specialized distributions like OWL (which I don't
really count, since it's fairly small), but are there any mainstream
distributions that include an integrated security manager?  I'd love
to hear about them.

Cheers,
Tanner

More information about the TriLUG mailing list