Results 1 to 11 of 11

Thread: CentOS Security Concerns

  1. #1
    Premium Member
    Join Date
    Jan 2008
    Posts
    1,496
    Thanks
    49
    Thanked 72 Times in 56 Posts
    Rep Power
    194
    Reputation
    792

    Default CentOS Security Concerns

    Unfortunately I am not familiar with Unix or Linux etc and most certainly I am no expert.

    I know of these OS systems and have had very basic introductions at different times in the past.
    It seems that they are on the "up" all the time. My computer Mag subscription always has something on them as well.

    To add to this we also have a new server being proposed in my work environment that will service a major customer of ours and guess what - the proposed OS is going to be CentOS V5.

    As a precaution questions are being asked about security e.g. Security patches and even AV - most people are ducking for cover with no real firm answers.

    Yes - risks are very low compared to windows based servers however it would be great to get some feedback from members in this forum from a real life experience view.

    The ideal situation would be confirmation from an organisation such as Trend that can provide a cost effective service to provide periodic security patches or AV updates.

    Any and all feedback will be much appreciated



Look Here ->
  • #2
    Premium Member
    Join Date
    Jan 2008
    Posts
    1,496
    Thanks
    49
    Thanked 72 Times in 56 Posts
    Rep Power
    194
    Reputation
    792

    Default

    Hmm... Yep this looks an unknown area

    One of the big drawbacks for going towards Linux....

  • #3
    Senior Member Globe's Avatar
    Join Date
    Jan 2008
    Location
    Lost In The Matrix.
    Posts
    908
    Thanks
    66
    Thanked 273 Times in 128 Posts
    Rep Power
    187
    Reputation
    1399

    Default

    CentOS is being proposed because it's free. i.e. no support. Your IT guy is expected to keep up with the latest patches etc.

    If you want support for that sort of stuff go Red Hat and pay the support bill, CentOS is virtually the same as Red Hat, just no support.

  • #4
    Premium Member
    Join Date
    Jan 2008
    Posts
    1,496
    Thanks
    49
    Thanked 72 Times in 56 Posts
    Rep Power
    194
    Reputation
    792

    Default

    Quote Originally Posted by Globe View Post
    If you want support for that sort of stuff go Red Hat and pay the support bill, CentOS is virtually the same as Red Hat, just no support.
    Thanks Buddy - this is interesting. Unfortunately the CentOS is being supplied via a 3rd Party vendor product.

    I suppose it is no wonder that I can not get a straight answer about this from them.


    Quote Originally Posted by Globe View Post
    CentOS is being proposed because it's free. i.e. no support. Your IT guy is expected to keep up with the latest patches etc.
    This could be an option, but how do our IT guys keep up with latest patches or possible Antivirus products

  • #5
    Senior Member Globe's Avatar
    Join Date
    Jan 2008
    Location
    Lost In The Matrix.
    Posts
    908
    Thanks
    66
    Thanked 273 Times in 128 Posts
    Rep Power
    187
    Reputation
    1399

    Default

    Quote Originally Posted by checkitout View Post
    Thanks Buddy - this is interesting. Unfortunately the CentOS is being supplied via a 3rd Party vendor product.

    I suppose it is no wonder that I can not get a straight answer about this from them.



    This could be an option, but how do our IT guys keep up with latest patches or possible Antivirus products
    I'm pretty sure CentOS isn't patched very often, and has a longish release cycle.

    As for AV, I'm pretty sure there isn't a commercial linux antivirus, I'm happy to be proven wrong though.

    I wouldn't worry too much about CentOS being vulnerable too much, half the internet runs on CentOS/Red Hat/Fedora.

    Check the official website for patches and more details on how it works.


  • #6
    Premium Member
    Join Date
    Jan 2008
    Posts
    1,496
    Thanks
    49
    Thanked 72 Times in 56 Posts
    Rep Power
    194
    Reputation
    792

    Default

    Personally yes I am not worried and I am sure the risk is very low.

    What I do have a problem with is that our customer would prefer knowing that a professional organisation is available to provide expert advice, security patching and Anti Virus apps.

    I can not understand why there is no such organisation.
    This is something someone can make money on - Hey low risk - this would be money for jam..

  • #7
    Premium Member

    Join Date
    Jan 2008
    Posts
    3,924
    Thanks
    4,938
    Thanked 3,801 Times in 1,583 Posts
    Rep Power
    1095
    Reputation
    41758

    Default

    There's nothing wrong with Unix or Linux. Unix and its derivatives are used very extensively for server operation and have been for decades.
    It sounds as if neither you nor your employer know sufficient about server operation, so why don't you contact a specialist independent IT company and get it done professionally?
    They can provide expert advice as well as ongoing maintenance leading to peace of mind for your company.
    Check the Yellow Pages in the IT section for a suitable company.
    This is surely the sensible way to go about it, especially as you say it is for a client.
    I'm not being derogatory, but it appears that you are only asking for trouble if you don't know what you are doing and have to ask for advice in this forum.

  • #8
    Premium Member
    Join Date
    Jan 2008
    Posts
    1,496
    Thanks
    49
    Thanked 72 Times in 56 Posts
    Rep Power
    194
    Reputation
    792

    Default

    Thanks Tristen - I appreciate your input.

    One of the main reasons for posting here was to get an independent review of the CentOS operating system.

    The vendor that is supplying the equipment is taking no responsibility for the OS and further will not make any recommendations of a 3rd Party support organisation to do it.

    A good vendor would either support everything including the OS and failing that they could also make a recommendation on a suitable 3rd party support organisation.

    At this time I will be asking for my upline managers to make a decision on what to do.

    This might include going for another product that has an OS other than CentOS, that is well known and well supported.

  • #9
    Senior Member toor's Avatar
    Join Date
    Jan 2008
    Posts
    812
    Thanks
    25
    Thanked 44 Times in 30 Posts
    Rep Power
    161
    Reputation
    206

    Default

    AV:

    Firewall:

    Brute force detection:

    what services is this box going to have running on it?

    CentOS is not that bad.

  • #10
    Premium Member
    Join Date
    Jan 2008
    Posts
    1,496
    Thanks
    49
    Thanked 72 Times in 56 Posts
    Rep Power
    194
    Reputation
    792

    Default

    Thanks Toor

    Yes I am sure CentOS is not bad. However in comparing with Red Hat for example, Red Hat seems to have more AV software suppliers supporting it.

    I will also send you a pm re the application running.

    BTW I can say it is not an email server, so as CLAM AV is designed specifically for email AV scanning it may not be suitable.

    If there is an organisation out there that can provide good AV and OS patching support for CentOS I would like to hear from them as I could have extra business for them.

  • #11
    Premium Member

    Join Date
    Jan 2008
    Posts
    3,924
    Thanks
    4,938
    Thanked 3,801 Times in 1,583 Posts
    Rep Power
    1095
    Reputation
    41758

    Default

    One of the main reasons for posting here was to get an independent review of the CentOS operating system.

    As you undoubtedly know, CentOS is a version of Linux as also is Redhat, Debian and Ubuntu to name a few.

    They all have in common, a version of the Linux kernel, which is the very heart of the operating system.

    I have no personal experience with CentOS so I am unable to comment further on its suitability for a server operating system.

    Why don't you visit some of the Linux forums?

    You will be able to ask appropriate questions and by reading you will
    expand your knowledge enormously.

    As CentOS is a bit of an unknown quantity, it might be wise to use a version of Linux, which already has wide acceptance as a server OS, such as SUSE.

    Its wide commercial use suggests that the security issues you have raised, would have already been significantly addressed.

    Reviews of various Linux distributions are available at Distrowatch

    For what it's worth, after a bit of investigation on the www, I found this at LinuxHelp

    What if I wanted to use Linux as a server ?

    If you are exclusively using Linux on the server side, then the GUI will lose its significance. You will be better off trying Debian. This Linux distribution gives stress on security and is considered to enjoy a large share of the Linux server market. Of course, you can also try RedHat or SuSe for the same. But the situation at your work place also play an important role in selecting a distribution for the server.
    Did you know, Debian is the only Linux distribution that supports architectures
    other than x86/IA32, Intel 64 bit, AMD 64 bit and PowerPC ? More over, Debian is not controlled by any corporation or single entity and it is maintained exclusively through donations and volunteer support.
    Last edited by tristen; 29-01-09 at 05:21 PM.

  • Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •