Simple Question about Red Hat security

kunglao used Ask the Experts™

I never touch a red hat before but would like to know if using Red Hat O/S to run as a platform for webhosting.

how good is the security is ?  

i heard it will easily break in by hackers but since thousand people using it as well out there for hosting biz.

Anyone can clarify this ?

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Well personal idea, no matter what OS you are using, there will be a chance hack by the hackers, the only concern is how to secure your network and servers.

Someone like to use the hardware firewall like check points, someone like to use the linux box as firewall, so firewall will be the 1st gate to protect your network.

each OS nowaday have it's own security method, M$ Win2K or WinXP or Win2k3 have the security setting you can use. where as linux box also have ipchain or iptables to setup the rules etc...

And yes, lots of webhosting company using linux as the platform, and some use the freeBSD, some use linux, some mixed linux + freeBSD + Unix.


Hope this info can help :)
Mihai BarbosTrying to tame bits. They're nasty.
Easy to break in - that sounds like a M$ line.
No, a well secured linux server is actually very hard to break in. NetBSD is supposed to be even harder. Linux / Unix is a lot safer than windoze anyway, no matter what M$ sais.

IMHO you should first create a quite secure server and after that setup a firewall. A firewall is just a simple filter, it cannot make an unsecure server more secure, it just restricts a little bit what an attacker can do.

So, yes RedHat would be a good choice for your web server, a lot better than windoze with IIS.
Any OS is insecure, if you set it up wrong.  If I setup NetBSD with old versions of Samba, Sendmail, SSH, you name it, it can be exploited.  Some versions of *NIX systems take a stronger stance at security, but when it comes down to it, it ALL depends on how well the admin sets the computer up.

I have run RedHat on 40+ servers for an ISP for 3+ years.  We have had 1 known breakin, and that was due to neglagence of the admin that set the computer up.  After that one problem, we have not had a single known problem.  You have to know how to set the system up, and you have to know what to put on there, and what not to put on there.  If you do not need a service, DO NOT RUN IT.  Its that simple.  And most the time, you only get to know this stuff by trial and error, or by reading and asking questions.

Personally kunglao, if you want a very secure system for your company, *NIX is a VERY secure platform.  Have faith in *NIX systems, just dont be ignorant of what what can happen with your systems.  RedHat can be just as secure as any other flavor of OS out there.  Just play around with it.  

If your looking for INSANE security, look into selinux.  But expect hours and hours and HOURS of getting everything setup.  But once its done, you can basically give the root password out, and no one is going to be able to do anything to it.
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Once it's done, nobody is going to be able to do anything on it?  Talk about worse than useless advice.  No networked system is ever totally secure.  Unix got more secure several years ago (Role Based Access Control, proper ACLs), and Linux is now getting there.  mbarbos is misinformed.  Windows NT was certified as secure by the US Government at a time when Linux and most flavours of Unix were not, and Windows 2000 server etc. is still easier to secure than most Linux distributions.  RedHat is the most hacked platform, last I heard.  If you think your system hasn't been broken into, chances are it has.  The hacker has probably installed replacement binaries or you are too stupid to see they've changed the password on an inactive account and started using that.

If you even have to ask a question like this, the answer is not to host your own website.  Get someone who is knowledgeable about web hosting and network security to do it for you.  They can have your web server sitting behind a properly configured stateful firewall, with a rule set so that only you can change your web pages, and most likely they can also do such things as traffic shaping, optimal routes, etc. too.  

If you really must host your site on your own Red Hat box, run all the security updates the vendor has available, and keep Apache etc current.  Use netstat -l to see what ports you have "listening".  You really shouldn't need much besides port 80 for your Web server (and 443 if you're hosting secure pages) and maybe 53 for DNS depending on how you're doing DNS resolution.  Make sure you have remote root logins disabled, and things like root logins for X disabled.  If you want to be able to update it remotely, enable port 22 and use scp/ssh to login and transfer files.  You can use su/sudo to do root-level operations. Then run something like Lokkit to help you set rules for iptables, and deny/ignore all ports but the ones you left open.  Even if you do all that, you'll probably still get owned, so make sure you make backups and keep your eye open for suspicious activity on your system.  Argh that was like explaining how to write your name holding a biro with your toes.  Silly question, silly answers, why?  

Yeah, before you go off and make comments like that, why dont you check out SE Linux real fast.  Thats how they test the box out.  They set it up, then give out the root password, and see if anyone can break it.  But thanks for the ever so confident comments.
Top Expert 2006
Red Hat is a mainstream version of Linux. As a result:

1.    There are more installations of Red Hat out there than most other Linux variants.
2.    There are more installations to hack.
3.    There are more successful hacks as much of the code is the same as many other Linux Variants.
4.    There are more publically hacked systems.
5.    Vulnerabilities are better publicised.
6.    Patches to solve vulnerabilities are more widely available.

....therefore shouldn't Red Hat be the most secure solution for webhosting available?

Answer is no....because:

1.    Most sysadmins don't keep security patches up to date because they have pressure on them to solve more high profile problems.
2.    Most people do not initially secure their server properly.
3.    Most people do not have sufficient time to check logs for probing attacks.
4.    Remember that the hacker has to be lucky once, and the sysadmin always!

Therefore, unless you have time to deal with and understand the becauses, then get someone else to host your system. If you do keep your system up2date (:)) and take the time to secure it properly, then RedHat systems can be as good as (if not better than) any of the alternatives as a wwebhosting solution.
Top Expert 2006

I think that mbarbos, jetnet, ajenkins and myself have all put in valuable input to what is actually a very vague question. Overall, I think we all agree that most Redhat Linux can be made as secure as is likely to be necesary for the asker of the question. It just depends on the amount of care taken.

Overall, I think the points ought to be split. (all 30 of them - hehehehe)

We cannot split the points. We need at least 20 per expert  So in such cases the points go to the first correct answer ...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial