On Mon, 2004-12-20 at 02:47, Ow Mun Heng wrote: > I know this has been discussed, but it was more toward, is FC stable > enought for use as a production server etc. > > I'm looking more towards the limited life_span of FC compared to it's > RHEL counterpart. (which is where tao linux/CentOs etc... comes into the > picture) I don't understand the angst many people have over this question. For a production site there are several approaches you can take. 1. buy support from a vendor (RH, SUSE, SUN) 2. Run a "free" OS that provides updates and upgrade when they EOL your version. 3. Run a "free" OS and update until they EOL it but keep it in production as long as you can as is with the last updates. 4. Run a "free" OS but build your critical packages (apache, postgresql, php, sendmail, spamassassin, etc) from sources. Monitor the lists for those packages and apply patches that are relevant to your particular needs. In all cases above run a good updated firewall between your systems and the Internet. This limits what is exposed on your systems. Naturally harden the systems as much as you can by disabling any un-needed services and use a system firewall as well. Implement tripwire to monitor for changes. Production systems once in place should not change much except for log files and database files. Monitor log files and system resources. Setup snort to monitor network traffic looking for non-characteristic traffic patterns. Any of these options will work. Personally I believe option 4 for a production system is the way to go. You don't have rpm support for many packages you might run but you can easily upgrade to new versions or apply patches as needed. You could generate your own rpms which I don't think is that much more difficult. The key here is to run good firewalls and intrusion detection tools so you know quickly if/when there is a problem. Limiting what is exposed means you don't have to worry about a large number of potential exploits. Many sites run systems with ancient OSes with no problems. Is that optimum, probably not. But you can make it work while minimizing the risk. So pick a version and use it. Don't get caught up in the update daily rat race that many people seem to get stuck in. -- Scot L. Harris webid@xxxxxxxxxx No animal should ever jump on the dining room furniture unless absolutely certain he can hold his own in conversation. -- Fran Lebowitz
