[KLUG Members] Security setup ...

[Bruce Smith]

> >I've been playing around with Ubuntu, and they seem to
> >have their system configured the same way as OS-X, where all admin GUI's
> >run sudo and the user has to enter their own password instead of the
> >root password.  (which is frustrating if you don't know that and you
> >can't get it to take root's password in the dialog box :)
> >
> >Is that the security model of the future for Linux? 
> 
> I am not so sure that security (hardened OS) is a high priority for glitz
> distros such as SuSE... such distros seem bent on headed down a Windowsish
> path.
> 
> I suspect distros such as Ubuntu (which we have looked at as well) will always
> be a nitch portion of the market. As you said, it just works different (more
> secure) than the status quo thinking of most people, and people are typically
> resistant to change, even if it makes them safer.

Since you think SuSE is Window'ish, and Ubuntu is just a nitch, what is
your current distro of choice?  (I'm not arguing with your claims)

I'm currently using SuSE for most things since it does the job fairly
well for the least amount of work on my part.  I'm also very impressed
with Ubuntu, the little I've used it.  If SuSE ever pisses me off, I'd
give Ubuntu a real hard look for a desktop (maybe not a server).

> The one gripe with Ubuntu is their lack of a firewall in the standard
> configuration. They justify their decision by having no daemons listening on
> the outside interface... but that still leaves the box wide open for a TCP/IP
> stack security breach for example. Just like all adminish commands should be
> sudo'ed, all boxes should have a firewall, period. There is enough junk folks
> can do with bad packets and such, just have the firewall toss that stuff and
> allow the OS to not give the junk a second thought.

Yes, I think a firewall would be a easy and very worthwhile addition to
Ubuntu.

But since I'd currently only consider Ubuntu as a desktop, and my
desktops are behind a firewall anyway, I could live without a firewall
on all of my desktops, with the exception of my laptop, which I'd
probably roll my own firewall.

 - BS