Pedro Fernandes Macedo said: > I'm looking for some help here.. > Today , while talking to my boss, he said that , when comparing two > boxes , one running Suse and other running Redhat/Fedora , the Suse box > is more secure then the Redhat/Fedora box.. He said that running nessus > on both showed that suse was more secure.. > Anyone knows why? > He mentioned something about the default config for apache , as an > example... Maybe we could find out what are these "security flaws" so we > can create an RFE on bugzilla to make a default install safer to > everyone... It depends a lot on the specific issues. IIRC nessus does a number of "you have installed this version of x so it _may_ be vulnerable to y"... but using version numbers doesn't tell the whole story (see http://www.redhat.com/advice/speaks_backport.html ). Determining "how secure" something is involves a lot of checking, not just one tool. -- William Hooper
