RE: [suse-security] SUSE 9.0 Pro Production Quality?
Eric Kahklen wrote on Thu Sep 09 2004 - 16:53:23 CEST: :
I had a discussion with my local LUG and a member had some interesting threads to share. Basically it showed that SUSE 9.0 is not really a production level version. > For production level use, it is recommended to go with the Enterprise version of SUSE.
---<text snipped>---- Hi Eric, You didn't say wheteher you were going to use SUSE 9.0 for a Production server or as Work stations, and whether you have Microsoft boxes on your local net and further how, if at all, you were going to connect to the net. The answers to those questions all affect "our" answer. You did mention "apt-get". There is an "apt-get" feature for SuSE I don't use it, but others do: (you can google for it, but be sure to read the "cautions") I use "fou4s" to get my security patches from SuSE (rather than YOU). I run fou4s in the "interactive mode, so my last step is: fou4s -i --inversecolor --interactive see: http://fou4s.gaugusch.at/ I run the stock SuSE kernel and download that separetly much like Sandu Mihai suggested on 9/8/2004 http://lists.suse.com/archive/suse-security/2004-Sep/0050.html That's why I run fou4s in the interactive mode, if I see a kernel update I skip it and handle it separetly. On some rpms I won't use the "patch rpm" but prefer the "complete" rpm which I get from my local mirror, or: http://www.suse.co.uk/uk/private/download/updates/90_i386.html I have run SuSE 8.0, 8.1, 8.2 and 9.0 as a "workstation, and found it to be "rock solid". I use both KDE and Mozilla, and only problems I run into is when I try leading edge stuff. Givn that, and that this is a security list, if you (or your System Admin) doesn't have extensive UNIX or Linux experience I would strongly suggest that you pay someone who does to help set up your separate firewall box. I believe that would be money well spent whether you used SuSE, Redhat, or Debian on your firewall box. Hope this helps, Gar -- Mark Twain: "Sorry I wrote such a long email; I didn't have time to write a short one." -- __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp
Gar,
Hi Eric,
You didn't say wheteher you were going to use SUSE 9.0 for a Production server or as Work stations, and whether you have Microsoft boxes on your local net and further how, if at all, you were going to connect to the net. The answers to those questions all affect "our" answer.
I am currently using SUSE 9.0 on a mail relay and proxy server and this is the mode I would be using SUSE or any other Linux distro. I am not currently using Samba or any other package to allow my MS boxes to connect to Linux servers. I may in the furture for a file server or printer server. We currently have a fractional T1 and have an excellent firewall. I am the Sys Admin so I hope I answered that in enough detail. The reason I mentioned apt-get was that from what I've read and heard, it provides a very consistent and stable package management system and tends to not break thens when patches or software is applied. On my servers I usually only install security patches and bug fixes. From what others have said, the enterprise versions tend to use older and more tested code vs. the 9.0 Pro version. This is what Debian appears to do as well. What I wanted to make sure was that I wasn't using something like RH's Fedora with SUSE 9.0 :) Thanks again, Eric
You did mention "apt-get".
There is an "apt-get" feature for SuSE I don't use it, but others do: (you can google for it, but be sure to read the "cautions")
I use "fou4s" to get my security patches from SuSE (rather than YOU). I run fou4s in the "interactive mode, so my last step is:
fou4s -i --inversecolor --interactive
see: http://fou4s.gaugusch.at/
I run the stock SuSE kernel and download that separetly much like Sandu Mihai suggested on 9/8/2004 http://lists.suse.com/archive/suse-security/2004-Sep/0050.html
That's why I run fou4s in the interactive mode, if I see a kernel update I skip it and handle it separetly.
On some rpms I won't use the "patch rpm" but prefer the "complete" rpm which I get from my local mirror, or: http://www.suse.co.uk/uk/private/download/updates/90_i386.html
I have run SuSE 8.0, 8.1, 8.2 and 9.0 as a "workstation, and found it to be "rock solid". I use both KDE and Mozilla, and only problems I run into is when I try leading edge stuff.
Givn that, and that this is a security list, if you (or your System Admin) doesn't have extensive UNIX or Linux experience I would strongly suggest that you pay someone who does to help set up your separate firewall box.
I believe that would be money well spent whether you used SuSE, Redhat, or Debian on your firewall box.
Hope this helps, Gar
-- ______________________________________________________________________ Eric Kahklen, MS 530 4th Ave. W. Seattle, WA
--- Eric Kahklen
The reason I mentioned apt-get was that from what I've read and heard, it provides a very consistent and stable package management system...
quite the contrary, i think.. i've had the opportunity to use apt-get earlier in the year, to upgrade my 8.2 laptop with some later packages.. it broke a lot of stuff in KDE.. including OpenOffice, MPlayer, Kmail e.t.c... i could go on.. for a production system, i wouldn't recommend apt.. while it looks attractive because the more recent packages, i'd prefer sticking with the updates SuSE have seriously audited and adapted for the current system you are running.. it's a huge risk to use apt for your production system.. the last thing you want running is the latest Linux-2.6 kernel unchecked by SuSE... as for workstations, if you use Linux (and not vendor W) as your primary daily work tool, i wouldn't recommend apt either, except for very specific packages.. problem with apt is that it may have several dependencies that may cause the system to break.. use apt on a box you just play with, at home or something.. or maybe where it's built for, Debian.. i wouldn't touch it on my SuSE boxes.. Mark. _______________________________ Do you Yahoo!? Shop for Back-to-School deals on Yahoo! Shopping. http://shopping.yahoo.com/backtoschool
I agree, I was referring more to apt-get on a Debian box. I generally don't like using other package management systems on a production box. Eric Mark Tinka wrote:
--- Eric Kahklen
wrote: The reason I mentioned apt-get was that from what I've read and heard, it provides a very consistent and stable package management system...
quite the contrary, i think.. i've had the opportunity to use apt-get earlier in the year, to upgrade my 8.2 laptop with some later packages.. it broke a lot of stuff in KDE.. including OpenOffice, MPlayer, Kmail e.t.c... i could go on..
for a production system, i wouldn't recommend apt.. while it looks attractive because the more recent packages, i'd prefer sticking with the updates SuSE have seriously audited and adapted for the current system you are running.. it's a huge risk to use apt for your production system.. the last thing you want running is the latest Linux-2.6 kernel unchecked by SuSE...
as for workstations, if you use Linux (and not vendor W) as your primary daily work tool, i wouldn't recommend apt either, except for very specific packages.. problem with apt is that it may have several dependencies that may cause the system to break..
use apt on a box you just play with, at home or something.. or maybe where it's built for, Debian.. i wouldn't touch it on my SuSE boxes..
Mark.
_______________________________ Do you Yahoo!? Shop for Back-to-School deals on Yahoo! Shopping. http://shopping.yahoo.com/backtoschool
-- ______________________________________________________________________ Eric Kahklen, MS 530 4th Ave. W. Seattle, WA
YAST2 and Swaret (Slackware) are the two best package update utilities known to man. Don't kid yourself otherwise. On Friday 10 September 2004 12:30, Mark Tinka wrote:
--- Eric Kahklen
wrote: The reason I mentioned apt-get was that from what I've read and heard, it provides a very consistent and stable package management system...
quite the contrary, i think.. i've had the opportunity to use apt-get earlier in the year, to upgrade my 8.2 laptop with some later packages.. it broke a lot of stuff in KDE.. including OpenOffice, MPlayer, Kmail e.t.c... i could go on..
for a production system, i wouldn't recommend apt.. while it looks attractive because the more recent packages, i'd prefer sticking with the updates SuSE have seriously audited and adapted for the current system you are running.. it's a huge risk to use apt for your production system.. the last thing you want running is the latest Linux-2.6 kernel unchecked by SuSE...
as for workstations, if you use Linux (and not vendor W) as your primary daily work tool, i wouldn't recommend apt either, except for very specific packages.. problem with apt is that it may have several dependencies that may cause the system to break..
use apt on a box you just play with, at home or something.. or maybe where it's built for, Debian.. i wouldn't touch it on my SuSE boxes..
Mark.
_______________________________ Do you Yahoo!? Shop for Back-to-School deals on Yahoo! Shopping. http://shopping.yahoo.com/backtoschool
Agree on YaST2. Never had a problem since 6.3 On Fri, 2004-09-10 at 16:41, Allen wrote:
YAST2 and Swaret (Slackware) are the two best package update utilities known to man. Don't kid yourself otherwise.
On Friday 10 September 2004 12:30, Mark Tinka wrote:
--- Eric Kahklen
wrote: The reason I mentioned apt-get was that from what I've read and heard, it provides a very consistent and stable package management system...
quite the contrary, i think.. i've had the opportunity to use apt-get earlier in the year, to upgrade my 8.2 laptop with some later packages.. it broke a lot of stuff in KDE.. including OpenOffice, MPlayer, Kmail e.t.c... i could go on..
for a production system, i wouldn't recommend apt.. while it looks attractive because the more recent packages, i'd prefer sticking with the updates SuSE have seriously audited and adapted for the current system you are running.. it's a huge risk to use apt for your production system.. the last thing you want running is the latest Linux-2.6 kernel unchecked by SuSE...
as for workstations, if you use Linux (and not vendor W) as your primary daily work tool, i wouldn't recommend apt either, except for very specific packages.. problem with apt is that it may have several dependencies that may cause the system to break..
use apt on a box you just play with, at home or something.. or maybe where it's built for, Debian.. i wouldn't touch it on my SuSE boxes..
Mark.
_______________________________ Do you Yahoo!? Shop for Back-to-School deals on Yahoo! Shopping. http://shopping.yahoo.com/backtoschool
participants (5)
-
Allen
-
Eric Kahklen
-
GarUlbricht7@netscape.net
-
Mark Tinka
-
melissad