| View previous topic :: View next topic |
| Author |
Message |
nadir-san
Apprentice
Joined: 29 May 2004
Posts: 174
Location: Ireland
|
 Posted: Wed Dec 22, 2004 9:29 am Post subject: |
 |
|
mmm, I think your best argument is that openbsd is run by paranoid freaks and they should either run freebsd or linux, and if they run linux they should run gentoo.
They run Solaris here at work (for oracle), but if I move up the chain of command ill push gentoo for the web servers.
Not sure how Gentoo would handle Oracle.
Also I dont see the problem with GNU/Linux running too many processes, it hardly affects performance in any noticble way.
There are also licence issues. It could be argued that the GNU licence is more stable  although Im sure BSD heads would have a thing or too to say about that.
Personally I dont have anything against bsd, I think its great, I just prefer Gentoo.  |
|
| Back to top |
|
 |
R.D.Olivaw
n00b
Joined: 11 Nov 2004
Posts: 34
Location: Geneva, Switzerland
|
| Posted: Wed Dec 22, 2004 10:32 am Post subject: |
|
|
| amiatrome wrote: | | Perhaps you would like to base your decision on statistics? Do read the FAQ regarding OS detection limitations. |
If we wanted to base our OS decision on statistics, we'd be on windows/ie forums now.  |
|
| Back to top |
|
|
Cossins
Veteran
Joined: 21 Mar 2003
Posts: 1136
Location: Copenhagen, Denmark
|
| Posted: Wed Dec 22, 2004 3:00 pm Post subject: |
|
|
| Pwnz3r wrote: | | Cossins wrote: | | Your last point is valid, however, "works for me" isn't... |
Do not take my word for it. Ask other people who do the same thing that I do, but my point is not invalid just because it works for me. Saying that is just arrogant and useless seeing that I never said Gentoo was the best and l33test or something. Look here.... |
No, but "works for me" isn't an argument... For the reasons I stated above, Gentoo is in most cases unsuitable on a server.
| Pwnz3r wrote: | | myself wrote: | | There is no problem with Gentoo on a server IMO |
Have any idea what IMO means? |
In this case "IMO" doesn't make any sense - there are problems with running Gentoo on a server! I refer to my previous posts.
- Simon
_________________
who cares |
|
| Back to top |
|
|
emil
n00b
Joined: 10 Feb 2003
Posts: 44
Location: Ireland
|
| Posted: Wed Dec 22, 2004 4:14 pm Post subject: |
|
|
| nadir-san wrote: |
There are also licence issues. It could be argued that the GNU licence is more stable although Im sure BSD heads would have a thing or too to say about that. |
Could you explain what you mean by this? |
|
| Back to top |
|
|
amiatrome
Apprentice
Joined: 28 Jun 2004
Posts: 180
Location: Campus | Arena Country Club | Home
|
| Posted: Wed Dec 22, 2004 5:35 pm Post subject: |
|
|
| R.D.Olivaw wrote: | | amiatrome wrote: | | Perhaps you would like to base your decision on statistics? Do read the FAQ regarding OS detection limitations. |
If we wanted to base our OS decision on statistics, we'd be on windows/ie forums now. |
I take it that you haven't studied those statistics from NetCraft? There is no way in hell those statistics are a push for Windows.
_________________
blog | homepage | alias | prompts |
|
| Back to top |
|
|
Cossins
Veteran
Joined: 21 Mar 2003
Posts: 1136
Location: Copenhagen, Denmark
|
| Posted: Wed Dec 22, 2004 9:09 pm Post subject: |
|
|
| amiatrome wrote: | | R.D.Olivaw wrote: | | amiatrome wrote: | | Perhaps you would like to base your decision on statistics? Do read the FAQ regarding OS detection limitations. |
If we wanted to base our OS decision on statistics, we'd be on windows/ie forums now. |
I take it that you haven't studied those statistics from NetCraft? There is no way in hell those statistics are a push for Windows. |
And there's no way you got it...
Statistics: Most people use Windows. By your argument, he should use what most people use. Figure out the rest for yourself.
- Simon
_________________
who cares |
|
| Back to top |
|
|
ColeSlaw
Apprentice
Joined: 19 Sep 2003
Posts: 176
Location: Kearney, NE USA
|
| Posted: Wed Dec 22, 2004 9:30 pm Post subject: |
|
|
| Cossins wrote: | | amiatrome wrote: | | R.D.Olivaw wrote: | | amiatrome wrote: | | Perhaps you would like to base your decision on statistics? Do read the FAQ regarding OS detection limitations. |
If we wanted to base our OS decision on statistics, we'd be on windows/ie forums now. |
I take it that you haven't studied those statistics from NetCraft? There is no way in hell those statistics are a push for Windows. |
And there's no way you got it...
Statistics: Most people use Windows. By your argument, he should use what most people use. Figure out the rest for yourself.
- Simon |
Most people may use Windows, but the statistics that are being refered to are for server uptime. As seen from the statistics, the top 50 uptimes on netcraft don't show a single windows server, and in fact, are all some variety of BSD. Since the conversation is mainly about (web) servers, I believe that is is incorrect to say most people use windows. For desktop that would be true, but I believe that netcraft shows that Apache is more popular than IIS at any rate. (I suppose from those stats, everybody could be running Windows OS, with Apache Server, but I find it doubtful)
At any rate, if you look at statistics alone, they would seem to point to BSD as the "best" server. (Best being judged in this instance entirely off of uptime)
_________________
My Folding@home Stats!
Join the GLUE folding Team! |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Thu Dec 23, 2004 5:56 am Post subject: |
|
|
I've been unimpressed with this thread so far
1. number of processes
Why this even got mentioned is beyond me. Your base OS can be 7 processes or 14 processes and you're not going to see any difference. They are both doing the same thing. This isn't windows where your default OS install is starting up all sorts of nonsense that needs to be killed off.
2. in house talent
You have one Gentoo guy, one BSD guy, and one openBSD guy. You can push Gentoo, but BSD is a much easier sell unless there is some hardware or software you have that BSD can't support. Also if Gentoo breaks you're going to have to fix it until the other guys get up to speed. Whereas you've got atleast two guys who can fix BSD off the bat.
3. openbsd doesn't scale
They just got smp this year, IIRC. Fine for an office firewall not worth my time for production.
4. stupid netscraft statistics
Go to netcraft and look at their method. Then notice how it mentions that Linux has a 32bit TCP counter. Realize that most Linux boxes will not show an uptime of greater than 497 days becuase of this.
5. compile times
Production networks do upgrades in off peak hours. nice and distcc are your friends. Without doing anything special Postgres takes exactly 10 minutes to install on a dual PIII 1.4 w/ 4GB of RAM. I can live with degraded services for 10 minutes at 3am.
I run Gentoo on 10 servers now. It's not everything I want it to be, but for the most part it's better than the alternatives. I'm okay with BSD, but I've never cared for it as an OS, we run a few things that BSD won't support, and have more Linux talent as a team.
You can get screwed on any OS with any upgrade, but doing frequent updates, like emege -u world, ever week is going to increase the likelihood of problems. Don't do that. Portage still has issues with reverse dependencies, so as admin you'll have to watch your own back. BSD does a better job with that though portage tends to be more flexible.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
amiatrome
Apprentice
Joined: 28 Jun 2004
Posts: 180
Location: Campus | Arena Country Club | Home
|
| Posted: Thu Dec 23, 2004 7:40 am Post subject: |
|
|
I am detecting hints of unwarranted contempt from Cossins towards me and Kashani towards well, everyone else. Better watch it guys. You just needlessly made the thread sour. Maybe it's just me. But I won't waste any more time here. 
_________________
blog | homepage | alias | prompts |
|
| Back to top |
|
|
Cossins
Veteran
Joined: 21 Mar 2003
Posts: 1136
Location: Copenhagen, Denmark
|
| Posted: Thu Dec 23, 2004 4:59 pm Post subject: |
|
|
| amiatrome wrote: | | I am detecting hints of unwarranted contempt from Cossins towards me and Kashani towards well, everyone else. Better watch it guys. You just needlessly made the thread sour. Maybe it's just me. But I won't waste any more time here. |
Oh, I didn't mean to spew contempt. I'm sorry if I offended anyone.
I'm just tired of the aforementioned Gentoo-l33t attitude. Gentoo is not the best choice for everything for everyone. Some people need to recognize that.
- Simon
_________________
who cares |
|
| Back to top |
|
|
Carlo
Developer
Joined: 12 Aug 2002
Posts: 3356
|
| Posted: Thu Dec 23, 2004 5:30 pm Post subject: |
|
|
| kashani wrote: | 2. in house talent
You have one Gentoo guy, one BSD guy, and one openBSD guy. You can push Gentoo, but BSD is a much easier sell unless there is some hardware or software you have that BSD can't support. Also if Gentoo breaks you're going to have to fix it until the other guys get up to speed. Whereas you've got atleast two guys who can fix BSD off the bat. |
If you're the Gentoo guy, while the others are BSD guys this won't be your position. Maybe pointing out that Gentoo wants to be a meta-distribution, including *BSD may be the strongest point you can make to a) get the BSD guys interested in Gentoo and b) showing your boss that it is (or will be) possible to take advantage of e.g. Linux, *BSD, MacOS,... while still standardizing - on Gentoo.
_________________
Please make sure that you have searched for an answer to a question after reading all the relevant docs. |
|
| Back to top |
|
|
nsahoo
l33t
Joined: 17 Jul 2003
Posts: 618
|
| Posted: Thu Dec 23, 2004 7:03 pm Post subject: |
|
|
| codergeek42 wrote: | | Trevoke wrote: | | Yes - SEVEN. |
 |
That should have been
SE7EN
|
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Thu Dec 23, 2004 9:24 pm Post subject: |
|
|
| amiatrome wrote: | | I am detecting hints of unwarranted contempt from Cossins towards me and Kashani towards well, everyone else. Better watch it guys. You just needlessly made the thread sour. Maybe it's just me. But I won't waste any more time here. |
Actually the problem was this thread was it being needlessly based in hearsay and outright misinformation. Seriously, some of that was the biggest clown shoes discussion I've seen in a long time.
Friends, Gentoo-ers, admins, lend me your ears. I come to bury this thread, not to praise it.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
Nicom
Guru
Joined: 30 Jan 2003
Posts: 380
|
| Posted: Fri Dec 24, 2004 8:22 am Post subject: |
|
|
| kashani wrote: |
2. in house talent
You have one Gentoo guy, one BSD guy, and one openBSD guy. You can push Gentoo, but BSD is a much easier sell unless there is some hardware or software you have that BSD can't support. Also if Gentoo breaks you're going to have to fix it until the other guys get up to speed. Whereas you've got atleast two guys who can fix BSD off the bat.
|
| Quote: |
My boss would like to get standardized on nix-like OS. Seeing as I'm the local Linux guy, and responsible for maintenance, new projects, and most anything that happens on our *nix servers, I'm strongly pushing for Gentoo. |
From that I gather that it'll be him dealing with this project primarily, and he seems alot more familiar with gentoo than freebsd. |
|
| Back to top |
|
|
fdamstra
n00b
Joined: 11 Feb 2004
Posts: 39
Location: Grand Rapids, MI
|
| Posted: Fri Dec 24, 2004 3:14 pm Post subject: |
|
|
| mocnicom wrote: | | From that I gather that it'll be him dealing with this project primarily, and he seems alot more familiar with gentoo than freebsd. |
One of the BSD fans is a VP, and busy with other things. The other technically works for a different company (kinda like a subsidiary). While both will be available in extreme emergencies, I will be handling the day to day administration and development on these boxes.
While I am perfectly content to have a mix of BSD and Gentoo for our servers, the aforementioned VP is disenchanted with the OS sprawl. (If I truly had my way, we'd run the DNS and Mail servers on BSD, but my custom development on Gentoo). Given that he wants to standardize, I'd rather use the OS I'm most familiar with and find easiest to maintain: Gentoo.
The main server I'm concerned about is not a standard LAMP box; The software I'm writing will integrate with a number of heterogenous systems and provide and utilize a number of custom services. On my initial tests with FreeBSD, it didn't take me long to find libraries that wouldn't compile and software that simply did not appear to be supported. While I imagine with some effort I could have found a way around the stumbling blocks I ran into (e.g. virtual users with vsftpd, problems with an obscure CPAN library for iSeries communications), it remains that with Gentoo either (a) it just works, or (b) I have the know-how to breeze right by any problems.
At my previous job, I've run Gentoo as a LAMP server for nearly a year (and other Linux distros before that). I'm familiar and comfortable with off-hours compiling, selectively choosing my updates, and so forth. I'm comfortable with Gentoo as a server OS, and there's not an issue raised in this thread that actually concerns me. I want a server that offers great security and stability along with a high level of software compatibility. To the best of my knowledge, the BSD's excel at the first two, but Gentoo (under a competent admin, which I believe I am). While I don't think standardizing on a BSD would hamstring me, I do think I would be inconvenienced for very little benefit. |
|
| Back to top |
|
|
popcan
n00b
Joined: 27 Nov 2004
Posts: 33
Location: bath, ny
|
| Posted: Fri Dec 24, 2004 9:51 pm Post subject: |
|
|
i'm not a master server admin, i'm just a college kid who's decent with *nix, so take that into account with this
this past semester, i was in charge of setting up a non-windows based multicasting imaging system for a forty workstation lab. and the choice came down to whether we would use freebsd or gentoo. so i took a week and read up on optimizing both for server environments, and installed and configured freebsd 4.10 stable and gentoo, on identical pentium 3 machines (nothing really robust i'm afraid). i used the tuning manual for freebsd (man tuning) and used no optimizations in the make.conf, gentoo was a 2.6.7 hardened grsec system with nptl compiled -O2 with the infrastructure team's use flag recommendations.
in benchmark testing, the freebsd box outperformed gentoo by at least fifty percent in all situations i can recall (i have no numbers right now, i'm on vacation), and is really easy to lock down in basic matters (the security levels options, automatically setting the kernel immutable, randomized counters in the tcp stack, firewall, strong service control through rc.conf). it also can run linux binaries via the compatbility layer (i only tested it with a statically-linked udpcast binary which is what i ended up using to distribute the images, and it seemed to work nicely, not that udpcast is an in depth program). however, it was relatively easy to set up a similar configuration in linux, just by hand instead of a sysctl.
as no one else in the department knows freebsd, the end choice was to use gentoo (the lab and classes teach linux, not bsd), but i would happily deploy freebsd if they had given me the chance. the OS you should use is the one you think is the most capable for the environment. gentoo is extremely adaptable, and IMO scalable and standardized if you nfs mount the portage tree, build packages and do network-wide updates with cfengine or any of the dozens of alternatives that linux is great at providing. freebsd has the ports system, the idea on which portage is based, from source compilation of the system for the environment, strong out of the box security, but has a smaller user base than linux, and the core os is written by a team, instead of pulling independent projectst together as gentoo does. freebsd is also an port of unix for the x86, instead of a clone, and there are statistics showing it's stability.
basically, i like freebsd. i like gentoo. but you know your specific needs more than i ever will, so you have to weigh the fact that linux isn't quite as fast or stable for some things, and *bsd just can't be used in every environment, and push for the one that's ideal. |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Sat Dec 25, 2004 6:26 pm Post subject: |
|
|
| fdamstra wrote: |
One of the BSD fans is a VP, and busy with other things. The other technically works for a different company (kinda like a subsidiary). While both will be available in extreme emergencies, I will be handling the day to day administration and development on these boxes. |
<snip>
If you're the Admin Guy and you find it to be easier to develop under Linux then go that route. My point originally was if you're on the fence about both go with the one that makes your life easier. That's how I got Gentoo into this job in the first place. The qmail package was easy to install, I didn't need to patch it, and no one had built a big mail server for doing large mailings to our users. I picked Gentoo and as long as it worked for the most part, no one caged.
In this case it looks like Gentoo is going to make your more productive. Also Gentoo, aka BSD Linux is a pretty easy sell most of the time though you will want to make sure they know the differences before you spring it on them. We even turned that into a joke at work. Redhat is for idiots, Gentoo is for morons. Both have their oddities and once group or another has remarked how one OS or the other is "dumb". Gentoo though seems to be less dumb as time goes on.
Development. That's a hard one for me to talk about since I don't develop. I do know a number of guys that prefer BSD and some prefer Linux. I can say the most talented group I know, their application was fully multithreaded, had its own mutex pool, and handled a thousand transaction a sec. They preferred Solaris, then Linux, and hated BSD citing a number of problems you mentioned. They did actually did do a port to Linux which they complained constantly about, but saw it as the future due to lower hardware costs and better threading coming out in 2.6. I don't know if that's a real endorsement for Linux or not.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
weezl
n00b
Joined: 26 Dec 2003
Posts: 3
Location: Sioux Falls, South Dakota
|
| Posted: Mon Dec 27, 2004 10:04 pm Post subject: glsa-check |
|
|
As far as security goes, I think GLSA-check is one of the big selling points for Gentoo on production servers.
I generally take the "don't touch it if it's working" approach to production machines, since I don't want to bring things crashing down because I thought of a new CFLAG to add. The only time I want to emerge a new package is if there's a good reason. 'glsa-check --test all' will list all the good reasons. |
|
| Back to top |
|
|
Syntaxis
Guru
Joined: 28 Apr 2002
Posts: 511
Location: London, UK
|
| Posted: Tue Dec 28, 2004 4:01 pm Post subject: Re: glsa-check |
|
|
| weezl wrote: | | As far as security goes, I think GLSA-check is one of the big selling points for Gentoo on production servers. |
Why? Pretty much every major distro has something similar. Moreover, they've had working implementations for years whereas GLSA-check has only been around since March (see coverage in GWN) and is considered beta by the devs.
| Quote: | | I generally take the "don't touch it if it's working" approach to production machines |
How is Gentoo superior in this regard to distributions which backport the security updates as opposed to just upgrading to the latest version of the software every time a vulnerability is discovered?
It's certainly possible to argue that Gentoo makes up for these deficiencies in other areas, but trying to present shortcomings as strengths makes for very poor advocacy.
_________________
The Debian User Forums - help them grow! |
|
| Back to top |
|
|
hununu
n00b
Joined: 24 Dec 2003
Posts: 6
|
| Posted: Tue Dec 28, 2004 4:20 pm Post subject: |
|
|
This topic in this forum is bound to have bias in it, and the initial question was ill-formed to start with. That said, I really can't recommend gentoo for production servers and I'll try to explain why:
1) In any serious production server, you don't care about 0-5% optimization, you care about stability. This means that --USE flags holy grail idea that gentoo provides is irrelevant and counterproductive.
2) Gentoo requires much more time and care to upgrade, mantain, etc. This is because Linux is a kernel and gentoo is really just a bunch of many many many ebuilds and this means that potentially many many more things can go wrong. This is not my opinion, this is mathematics talking.
I have been using FreeBSD for years for servers and using gentoo for desktop for a couple years. My fellows sysadmins all agree that gentoo is nice for desktop, but it's not on their list to move servers to linux/gentoo unless it's needed for some particular reason, which is ok. One should use the best OS for every task.
You really need to decide whether you want to mantain 10 machines on a kind of bleeding edge or you want to maintain 10 machines on a release tag of FreeBSD that has been tested by thousands/millions(?) of users. This means that these users have tested EXACTLY the same code, not some particular combination of ebuilds... this make a great difference.
FreeBSD is an OS and it's really easy to upgrade/mantain. I've seen comments about down-time, etc, etc. This clearly shows ignorance regarding FreeBSD administration, which is ok in a gentoo forum I guess. If you know what you are doing (which I hope for every FreeBSD sysadmin), the only downtime you will have in 99% of the upgrades/updates will be the reboot time for the new kernel/world. I upgraded 4.x machines to 5.x with *minimal* downtime.
By the way, if you are really concerned about security, you should really play with FreeBSD and explore the jail concept. It's unique and widely used. It works.
Do not take any of my comments with offense as I didn't mean to. I apologize if I have offended anyone.
ps: I'd also recommend OpenBSD for PF/CARP situations, but I'd take FreeBSD for every other server task.
BA |
|
| Back to top |
|
|
Syntaxis
Guru
Joined: 28 Apr 2002
Posts: 511
Location: London, UK
|
| Posted: Tue Dec 28, 2004 5:52 pm Post subject: |
|
|
| hununu wrote: | | By the way, if you are really concerned about security, you should really play with FreeBSD and explore the jail concept. It's unique and widely used. It works. |
All he needs to do to have a play with jails is recompile his kernel. RSBAC has a jail module:
| http://rsbac.org/documentation/models.php#jail wrote: | | The JAIL module provides a superset of the FreeBSD jail functionality (except individual kernel level hostnames). |
_________________
The Debian User Forums - help them grow! |
|
| Back to top |
|
|
eagle_cz
Apprentice
Joined: 06 Jun 2003
Posts: 214
|
| Posted: Tue Dec 28, 2004 6:15 pm Post subject: |
|
|
| amiatrome wrote: | | Perhaps you would like to base your decision on statistics? Do read the FAQ regarding OS detection limitations. |
lol look at the versions of their systems  |
|
| Back to top |
|
|
hununu
n00b
Joined: 24 Dec 2003
Posts: 6
|
| Posted: Tue Dec 28, 2004 6:26 pm Post subject: |
|
|
| Syntaxis wrote: | | hununu wrote: | | By the way, if you are really concerned about security, you should really play with FreeBSD and explore the jail concept. It's unique and widely used. It works. |
All he needs to do to have a play with jails is recompile his kernel. RSBAC has a jail module:
| http://rsbac.org/documentation/models.php#jail wrote: | | The JAIL module provides a superset of the FreeBSD jail functionality (except individual kernel level hostnames). |
|
That's fine if you are willing to use a much less used and tested system instead of a system that is working for years. It always depends if you have the time and possibility to experiment and play with kernel patches, or if you want something that works and has a track record of its own. Let alone the work you have to go through if you have 10-20-30 machines.
FreeBSD jails are now a de facto standard and practice among sysadmins as well as a respected features of FreeBSD. You simply did a copy paste of the webpage. Do you have extensive personal experience with it ? I mean 2+ years. Was 1.2.1 released 2+ years ago? They mention it is stable since 2000 but what major distros have it as a standard? How can such an important security feature be missing? It puzzles me but I believe it is either due to complications or another lack of standardization on linux world. |
|
| Back to top |
|
|
beandog
Bodhisattva
Joined: 04 May 2003
Posts: 2072
Location: /usa/utah
|
| Posted: Tue Dec 28, 2004 6:35 pm Post subject: |
|
|
| fdamstra wrote: | ... Given that he wants to standardize, I'd rather use the OS I'm most familiar with and find easiest to maintain: Gentoo.
... On my initial tests with FreeBSD, it didn't take me long to find libraries that wouldn't compile and software that simply did not appear to be supported. While I imagine with some effort I could have found a way around the stumbling blocks I ran into (e.g. virtual users with vsftpd, problems with an obscure CPAN library for iSeries communications), it remains that with Gentoo either (a) it just works, or (b) I have the know-how to breeze right by any problems.
At my previous job, I've run Gentoo as a LAMP server for nearly a year (and other Linux distros before that). I'm familiar and comfortable with off-hours compiling, selectively choosing my updates, and so forth. I'm comfortable with Gentoo as a server OS, and there's not an issue raised in this thread that actually concerns me. I want a server that offers great security and stability along with a high level of software compatibility. To the best of my knowledge, the BSD's excel at the first two, but Gentoo (under a competent admin, which I believe I am). While I don't think standardizing on a BSD would hamstring me, I do think I would be inconvenienced for very little benefit. |
fdamstra,
I think you've hit the nail on the head there with your own response.
The principle of the matter is that you're going to be most effective/secure with the distribution that you know how to manage the best. That could be Gentoo/Debian/Redhat/Windows -- doesn't matter, and switching to something else just to "trust" it to be secure while you have no idea what is going on, is not a good idea imo. There's going to be a learning curve if you switch to something else, no matter what. But all the benefits of the other distros don't mean jack squat if you don't know what your boxes are doing.
I would love to try out one of the BSDs as well on one of my production boxes at work, but I'm not going to throw it up there until I know how to take care of it. In the meantime, what works best is simply what you know best.
Good luck!
Steve
_________________
If it ain't broke, tweak it. dvds | blurays | blog | wiki |
|
| Back to top |
|
|
Syntaxis
Guru
Joined: 28 Apr 2002
Posts: 511
Location: London, UK
|
| Posted: Tue Dec 28, 2004 10:22 pm Post subject: |
|
|
| hununu wrote: | | It always depends if you have the time and possibility to experiment and play with kernel patches |
As opposed to the time and effort required to experiment and play with a whole new OS?
| Quote: | | FreeBSD jails are now a de facto standard and practice among sysadmins |
This is meaningless rhetoric. Windows is a de facto standard and practice among sysadmins as well. So what?
| Quote: | | Was 1.2.1 released 2+ years ago? |
Yes.
| Quote: | | what major distros have it as a standard? |
All the major distributions are multi-purpose; it wouldn't make sense to enable by default something that only a very small percentage of their userbase is going to want.
Both Debian and Gentoo offer official packages/ebuilds that provide an RSBAC-enabled kernel and all the necessary userland utilities. Admittedly, neither comes with policy out of the box, but apparently RSBAC's "AUTH" module allows policy to be automatically generated on a per-application basis as described in Gentoo's RSBAC QuickStart Guide, although I'm not sure how well this works.
There are also numerous smaller distributions which focus more strongly on out-of-the-box security, e.g. the Debian-based Adamantix, that do provide pre-generated policy as well.
Anyway, you seem to have misunderstood my last post. I was just pointing out that you were wrong when you said that FreeBSD's jail functionality was unique; I wasn't trying to argue that RSBAC's implementation is superior (although it might be - its author certainly thinks so). I'll leave that to others to judge, though personally I wouldn't switch to FreeBSD just to get my hands on its jail implementation.
_________________
The Debian User Forums - help them grow! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo Chat
