I have recently started working on a web store. One of the requirements from my bank that I had to fulfill was a PCI compliance test. One major part of PCI compliance is to pass a vulnerability scan. On my server (a lightweight VPS), I am running Ubuntu 10.04 LTS (just keep reading... This is about Gentoo, I promise
). The scan determined that I was using a version of PHP that is prone to multiple exploits, and so I failed the scan. I always keep the system up to date, it's just that the stable version of PHP in Ubuntu 10.04 has these vulnerabilities. I eventually passed the test by compiling my own version of PHP.Now, the problem is, since at this point it looks like I might have to look out for a lot of software myself, I am beginning to look for a new distribution, or perhaps another way to solve this problem.
As a remedy, I was thinking about going for Gentoo. While my system will never reach the stability of, say, Ubuntu or Redhat, I will have very little, if any, security issues since Gentoo is much more cutting edge. My VPS provider also offers it as one of the choices, so that's another mark out of the way.
I have used and performed multiple desktop installations of Gentoo myself also, so maintaining and configuring is also mostly non-issue.
However, one thing that I will need to know is how to configure a kernel to work on a VPS. I have used genkernel earlier today on a VPS node. Unsurprisingly, the O/S did not boot back up. Not a big deal, since this was a test node.
I am guessing I should be looking at this guide in order to make it work out?
http://www.gentoo.org/doc/en/xen-guide.xml
Anyways, before I waste any more time on this... Is this even a good idea what I am about to do? I really don't want to regret moving a server to Gentoo...
Suggestions and ideas much appreciated.
