Menu
▾
▴
Re: [Devil-Linux-discuss] New to DL : Some more questions?
|
From: Zenny <gar...@gm...> - 2012-03-22 16:20:05
|
Thanks for reply. My impressions are inline below: On 3/22/12, Bruce Smith <bw...@re...> wrote: > The server version has extra hardening against attacks, such as grsecurity > and a few other things. The non-server does not have these extra > hardening, it's more of a "standard" Linux distro. > > Basically if you're going to expose Devil-Linux directly to the internet, > such as a firewall or a web server or DNS server, you're a little safer > running the non-server version. If you're running DL as an internal server > behind a firewall (i.e. Samba), not exposed directly to the internet, then > the server version might run better for you. That's because > grsecurity sometimes mistakes high resource using server processes as some > kind of attack and kills them. But when I checked the non-server version, the kernel also has grsecurity patch installed: #uname -a Linux Devil 3.2.11-grsec Then even the non-server version is also vulnerable to false-positive assumption of the gresecurity patch, isn't it? > > If you're running server processes on the non-server version that start > dying for unknown reasons, switch to the server version and see if that > fixes your problems. And it's never a good idea to run internal servers on > your internet firewall, hence the two distinct versions of Devil-Linux. Thanks for the clarification. As for me, I may never prefer to run extra services (except those applications needed to make other applications behind NAT of the firewall to run (like siproxd). BTW, how does the failover and loadbalancing be achieved in DL? I did see pound, but wouldn't nginx be better instead of pound (I did see apache and thttpd under services)? Another question is: by default the firewall service (I gues iptables?) is enabled. Is it necessary to enable both firewall and shorewall if I try to use shorewall wrapper scripts? How can I add additional applications and services to the DL box, I meant customization? Where can I find documentation for 1.6 version? How exactly DevilLinux excel from something like openwall/zeroshell? Thanks for sharing interesting work! > > - BS > |
