[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora vs Tao vs CentOs as servers



On Mon, 2004-12-20 at 02:47, Ow Mun Heng wrote:
> I know this has been discussed, but it was more toward, is FC stable
> enought for use as a production server etc.
> 
> I'm looking more towards the limited life_span of FC compared to it's
> RHEL counterpart. (which is where tao linux/CentOs etc... comes into the
> picture)

I don't understand the angst many people have over this question.  For a
production site there are several approaches you can take.  

1. buy support from a vendor (RH, SUSE, SUN)

2. Run a "free" OS that provides updates and upgrade when they EOL your
version.

3. Run a "free" OS and update until they EOL it but keep it in
production as long as you can as is with the last updates.

4. Run a "free" OS but build your critical packages (apache, postgresql,
php, sendmail, spamassassin, etc) from sources.  Monitor the lists for
those packages and apply patches that are relevant to your particular
needs.

In all cases above run a good updated firewall between your systems and
the Internet.  This limits what is exposed on your systems.  Naturally
harden the systems as much as you can by disabling any un-needed
services and use a system firewall as well.  Implement tripwire to
monitor for changes.  Production systems once in place should not change
much except for log files and database files.  Monitor log files and
system resources.  Setup snort to monitor network traffic looking for
non-characteristic traffic patterns.  

Any of these options will work.  Personally I believe option 4 for a
production system is the way to go.  You don't have rpm support for many
packages you might run but you can easily upgrade to new versions or
apply patches as needed.  You could generate your own rpms which I don't
think is that much more difficult.  

The key here is to run good firewalls and intrusion detection tools so
you know quickly if/when there is a problem.  Limiting what is exposed
means you don't have to worry about a large number of potential
exploits.  

Many sites run systems with ancient OSes with no problems.  Is that
optimum, probably not.  But you can make it work while minimizing the
risk.

So pick a version and use it.  Don't get caught up in the update daily
rat race that many people seem to get stuck in.

  
-- 
Scot L. Harris
webid cfl rr com

No animal should ever jump on the dining room furniture unless
absolutely certain he can hold his own in conversation.
		-- Fran Lebowitz 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]