Hi all, i've got a few answers from people, and from the kind of answer i'm starting to think that i have not been clear enough in the first mail. So i apologize for this cross-posting, and for insisting on this thing, but i'd really like you all to get my point of view. I have that bit of knowledge of Unix that allows me to understand that Linuxconf is not the way to go for best system security; but it's the only way to go to make Linux acceptable in certain environments, when the other choice is WindowsNT. I can do, and i've done for years now, my system administration using config files etc.; but when i bring a Linux server in an office, i _must_ give them an easy admin tool, else they'll ask for NT. So, my point of view is a bit different from the usual BUGTRAQer's: not to achieve absolute security, but an "acceptable" level. Still thinking about the (very) small office server: this means that there will be no local users, or maybe only a few, trusted ones; on the local network there will be practically nobody experienced with unix, so no serious threat; but there will be an Internet connection, and the server should be as safe as possible against attacks from the external net. Now, forget about firewalls and the rest, that the small office cannot afford: at this point, to me, "acceptable" security means that it should at least be "quite" secure against exploits from non-local users, and safe against non-allowed IPs - at least as much as tcp-wrappers are. If this is impossible to obtain with linuxconf, then i'll have to turn to something else - COAST, maybe, if it is any better. No matter the choice, the point is that Linux, and Unix in general, desperately needs easy admin tools; now that they're coming, it would be crazy to have to drop them because they cannot guarantee _any_ security. Cheers, Sergio ------------------------------------------------------------------------- Sergio Ballestrero PratoNeXt s.r.l. System Manager Via Giotto 27 59100 Prato sergioat_private Tel 604350 - Fax 604454 -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:56:28 PDT