Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Simple Question about Red Hat security

Posted on 2003-10-27
Medium Priority
Last Modified: 2010-04-22

I never touch a red hat before but would like to know if using Red Hat O/S to run as a platform for webhosting.

how good is the security is ?  

i heard it will easily break in by hackers but since thousand people using it as well out there for hosting biz.

Anyone can clarify this ?

Question by:kunglao
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 12

Accepted Solution

paullamhkg earned 80 total points
ID: 9632012
Well personal idea, no matter what OS you are using, there will be a chance hack by the hackers, the only concern is how to secure your network and servers.

Someone like to use the hardware firewall like check points, someone like to use the linux box as firewall, so firewall will be the 1st gate to protect your network.

each OS nowaday have it's own security method, M$ Win2K or WinXP or Win2k3 have the security setting you can use. where as linux box also have ipchain or iptables to setup the rules etc...

And yes, lots of webhosting company using linux as the platform, and some use the freeBSD, some use linux, some mixed linux + freeBSD + Unix.

eg. http://www.webhosting.net/21.html, http://www.webhosting.com/pages/dedicated/os.shtml

Hope this info can help :)

Assisted Solution

mbarbos earned 80 total points
ID: 9632667
Easy to break in - that sounds like a M$ line.
No, a well secured linux server is actually very hard to break in. NetBSD is supposed to be even harder. Linux / Unix is a lot safer than windoze anyway, no matter what M$ sais.

IMHO you should first create a quite secure server and after that setup a firewall. A firewall is just a simple filter, it cannot make an unsecure server more secure, it just restricts a little bit what an attacker can do.

So, yes RedHat would be a good choice for your web server, a lot better than windoze with IIS.

Assisted Solution

jetnet earned 80 total points
ID: 9635538
Any OS is insecure, if you set it up wrong.  If I setup NetBSD with old versions of Samba, Sendmail, SSH, you name it, it can be exploited.  Some versions of *NIX systems take a stronger stance at security, but when it comes down to it, it ALL depends on how well the admin sets the computer up.

I have run RedHat on 40+ servers for an ISP for 3+ years.  We have had 1 known breakin, and that was due to neglagence of the admin that set the computer up.  After that one problem, we have not had a single known problem.  You have to know how to set the system up, and you have to know what to put on there, and what not to put on there.  If you do not need a service, DO NOT RUN IT.  Its that simple.  And most the time, you only get to know this stuff by trial and error, or by reading and asking questions.

Personally kunglao, if you want a very secure system for your company, *NIX is a VERY secure platform.  Have faith in *NIX systems, just dont be ignorant of what what can happen with your systems.  RedHat can be just as secure as any other flavor of OS out there.  Just play around with it.  

If your looking for INSANE security, look into selinux.  But expect hours and hours and HOURS of getting everything setup.  But once its done, you can basically give the root password out, and no one is going to be able to do anything to it.
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!


Assisted Solution

ajenkins earned 80 total points
ID: 9717615
Once it's done, nobody is going to be able to do anything on it?  Talk about worse than useless advice.  No networked system is ever totally secure.  Unix got more secure several years ago (Role Based Access Control, proper ACLs), and Linux is now getting there.  mbarbos is misinformed.  Windows NT was certified as secure by the US Government at a time when Linux and most flavours of Unix were not, and Windows 2000 server etc. is still easier to secure than most Linux distributions.  RedHat is the most hacked platform, last I heard.  If you think your system hasn't been broken into, chances are it has.  The hacker has probably installed replacement binaries or you are too stupid to see they've changed the password on an inactive account and started using that.

If you even have to ask a question like this, the answer is not to host your own website.  Get someone who is knowledgeable about web hosting and network security to do it for you.  They can have your web server sitting behind a properly configured stateful firewall, with a rule set so that only you can change your web pages, and most likely they can also do such things as traffic shaping, optimal routes, etc. too.  

If you really must host your site on your own Red Hat box, run all the security updates the vendor has available, and keep Apache etc current.  Use netstat -l to see what ports you have "listening".  You really shouldn't need much besides port 80 for your Web server (and 443 if you're hosting secure pages) and maybe 53 for DNS depending on how you're doing DNS resolution.  Make sure you have remote root logins disabled, and things like root logins for X disabled.  If you want to be able to update it remotely, enable port 22 and use scp/ssh to login and transfer files.  You can use su/sudo to do root-level operations. Then run something like Lokkit to help you set rules for iptables, and deny/ignore all ports but the ones you left open.  Even if you do all that, you'll probably still get owned, so make sure you make backups and keep your eye open for suspicious activity on your system.  Argh that was like explaining how to write your name holding a biro with your toes.  Silly question, silly answers, why?  

Expert Comment

ID: 9717880
Yeah, before you go off and make comments like that, why dont you check out SE Linux real fast.  Thats how they test the box out.  They set it up, then give out the root password, and see if anyone can break it. http://www.nsa.gov/selinux/  But thanks for the ever so confident comments.
LVL 22

Assisted Solution

pjedmond earned 80 total points
ID: 9718583
Red Hat is a mainstream version of Linux. As a result:

1.    There are more installations of Red Hat out there than most other Linux variants.
2.    There are more installations to hack.
3.    There are more successful hacks as much of the code is the same as many other Linux Variants.
4.    There are more publically hacked systems.
5.    Vulnerabilities are better publicised.
6.    Patches to solve vulnerabilities are more widely available.

....therefore shouldn't Red Hat be the most secure solution for webhosting available?

Answer is no....because:

1.    Most sysadmins don't keep security patches up to date because they have pressure on them to solve more high profile problems.
2.    Most people do not initially secure their server properly.
3.    Most people do not have sufficient time to check logs for probing attacks.
4.    Remember that the hacker has to be lucky once, and the sysadmin always!

Therefore, unless you have time to deal with and understand the becauses, then get someone else to host your system. If you do keep your system up2date (:)) and take the time to secure it properly, then RedHat systems can be as good as (if not better than) any of the alternatives as a wwebhosting solution.
LVL 22

Expert Comment

ID: 11716630
I think that mbarbos, jetnet, ajenkins and myself have all put in valuable input to what is actually a very vague question. Overall, I think we all agree that most Redhat Linux can be made as secure as is likely to be necesary for the asker of the question. It just depends on the amount of care taken.

Overall, I think the points ought to be split. (all 30 of them - hehehehe)
LVL 20

Expert Comment

ID: 11942647
We cannot split the points. We need at least 20 per expert  So in such cases the points go to the first correct answer ...

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question