On Thu, Jun 02, 2005 at 09:34:53AM -0400, Marc M wrote: > Hi, > > I work for a major defense contractor that is very tight with money at > times. Two years ago, before I came, they got RH 9 (bought or downloaded- > whatever). I guess that got deemed appropriate to buy at the time, and it > has been sitting here getting old ever since. The purpose of this server is > to run Symantec Manhunt on it as an IDS. They bought Manhunt at the same > time and never got around to deploying it until now. > > Now I am about to deploy a linux server (Dell) and I am trying to figure out > which version to go with - RH 9, FC 1-3, or whatever. I want it to be > redhat-based since I am the main admin, and I am more comfortable with that > than on debian based systems. > > On the other hand I am not sure what to do. My boss makes the argument that > we need to run the oldest, since he has seen versioning issues and conflicts > in this situation. However most of that is in the world of Windows which > does stupid things by default as we all know. > > In this scenario my argument is <still> that we should go with something > more recent. I don't like the idea of putting something out there that is so > old it isimpractical by today's standards, that am going to think is stupid. > I guess there is some wisdom in being able to keep the age of the OS in sync > with the age of the software, but in the linux realm, that really isn't the > same issue as it is in other areas - right? OTOH I don't want to do a 'yum > update' on the box and not be able to get updates because the version is so > <frickin'> old. I think FC2 would be a good choice. Although it is still > old, it at least is a little bit ahead of RH9. An additional concern - even > if I were to deploy FC2, I would probably want to upgrade that too. Is that > gonna be a problem? Can I upgrade versions of Fedora (2 to 3 to whatever) on > a production box without a lot of problems? Will yum do that cleanly and > consistently without a lot of headaches? > > Whatever choice I make is going to have to last for a good while. Does > anyone have any advice for this situation? > > Thanks in advance > > Marc > -- A major question to answer is what your need is for security patches, which might be proportional to the access to this server from the outside world. Or the possibility of hacking from inside. The unfortunate reality is that security might dictate your need to keep a server up-to-date. If you can't readily keep it up-to-date, you may be in for more work trying to run an old revision. -- ============================================================================ Neal Rhodes MNOP Ltd (770) 972-5430 President 4737 Habersham Ridge fax: (770) 978-4741 Lilburn (atlanta) GA 30047