Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
best distro for a business server
- Thread starter MJAZ
- Start date
I'd use Red Hat's Enterprise Edition. They use older versions of stuff but it is very stable and very secure. It will cost a pretty penny but they also give you tech support and some commercial software that you can't get with the free or low cost distros. There are other distros that are just as good. I just happen to like RH. My main point is that you don't want to do something like this on the cheap.
Do not want to start a distro war but my opinion is that, if support is not strictly necessary, Debian is out-of-the-box more secure and faster than Red-Hat. Probably not as user friendly at first.
QatQat
Life is what happens when you are making other plans.
QatQat
Life is what happens when you are making other plans.
Well, if security is PRI-1 You might want to check out
OpenBSD Not strictly a Linux-distro, but claimed to bee the must secure OS around.
You can run Apache on it, version 1.3 I think.
OpenBSD Not strictly a Linux-distro, but claimed to bee the must secure OS around.
You can run Apache on it, version 1.3 I think.
I agree with QatQat that Debian is probably more sensible out of the box. However, Redhat has made considerable strides in their default configurations.
You could optionally add selinux as an overlay to your linux box and become factors more secure. And factors more annoyed.
Frankly, the distros out today probably represent very few of the real security issues you'll face. Kernel vulns are often hard to exploit without local access.
More likely, you'll see vulns from:
-- poor or late adoption of package upgrades for applications
-- poor coding practices for web-facing sites using loosely structured languages like PHP
-- leaving un-needed services and user accounts on the machines
-- poor password generation and expiration practices
-- SQL injection
-- untested F/OSS applications/web code
-- running services with unnecessary levels of privilege
-- stupid user tricks
These are all activities/responsibilities that a system administrator and a good security policy document must address. Your distribution may have a default position on some of the settings or enforcement, but ultimately security is an ongoing activity and does not come out of a box. Remember, new methods to exploit you are always under development.
D.E.R. Management - IT Project Management Consulting
You could optionally add selinux as an overlay to your linux box and become factors more secure. And factors more annoyed.
Frankly, the distros out today probably represent very few of the real security issues you'll face. Kernel vulns are often hard to exploit without local access.
More likely, you'll see vulns from:
-- poor or late adoption of package upgrades for applications
-- poor coding practices for web-facing sites using loosely structured languages like PHP
-- leaving un-needed services and user accounts on the machines
-- poor password generation and expiration practices
-- SQL injection
-- untested F/OSS applications/web code
-- running services with unnecessary levels of privilege
-- stupid user tricks
These are all activities/responsibilities that a system administrator and a good security policy document must address. Your distribution may have a default position on some of the settings or enforcement, but ultimately security is an ongoing activity and does not come out of a box. Remember, new methods to exploit you are always under development.
D.E.R. Management - IT Project Management Consulting
My $.02 worth:
The BIG issue is whether or not you are willing to pay for support ($$$). If a mid-large corp then no big deal. Go with RH or Novell SUSE ES 10. If not then all have "free" distros which are "exactly" the same and you get your support elsewhere. Elsewhere in my case has always proven to be better than the paid support in ALL situations.
I run multiple production servers using SUSE 10 (free version) and my updates come down automatically from state-side mirrors or germany directly. I am now playing with ubuntu and kubuntu which are debian based distros. So far I like a lot!!!
Also, take a GOOD HARD look at Xandros Server (also debian based) but comes with support. I've used Xandros in the past and have been very satisfied with their overall product.
So, the choice is yours...
The BIG issue is whether or not you are willing to pay for support ($$$). If a mid-large corp then no big deal. Go with RH or Novell SUSE ES 10. If not then all have "free" distros which are "exactly" the same and you get your support elsewhere. Elsewhere in my case has always proven to be better than the paid support in ALL situations.
I run multiple production servers using SUSE 10 (free version) and my updates come down automatically from state-side mirrors or germany directly. I am now playing with ubuntu and kubuntu which are debian based distros. So far I like a lot!!!
Also, take a GOOD HARD look at Xandros Server (also debian based) but comes with support. I've used Xandros in the past and have been very satisfied with their overall product.
So, the choice is yours...
- Status
Similar threads
