On Saturday, November 12, 2011 03:59 PM, Nataraj wrote:
I believe the standard desktop uses Ubuntu's own installer. The Ubuntu server and the 'alternative' distribution use the debian installer. I fought with it at first, but it is much more flexible than the redhat installer. You can build arbitrary LVM/raid configurations with it and you can also go into the shell from the installer and customize things that you can't with the redhat installer.
Last time I tried, you could not do lvm on raid and it was acknowledged as such on the ubuntu-installer/ubuntu-devel-discuss list. Arbitrary lvm/raid and lvm on raid has been possible on anaconda for quite a while.
3- I don't know about having a server being forced to connect to the internet before you can even begin to secure it up. But the only way to really install it is to do that. Wait til you see the insecure firewall setup if gave me too..
I've not experienced any distribution to provide a great default firewall setup. What I do notice about Ubuntu server is there are very few services running in the default install, so if you probe a newly installed machine, it's not very vulnerable. I usually run new installs behind my Internet firewall anyway. I like doing a basic install and then adding the services that I want to enable, rather then a server install that comes up with dozens of services that you may not need and you have to turn them all off to secure the machine.
Nobody said anything about any distribution providing a 'great' default setup. Someone said something about dozens of firewall management tools but in reality, they were all solutions that drive you insane.
Redhat/Centos = service iptables save. End of story.
4- I picked the virtual host package, as the machine will hold guest OS's (presumably ubuntu).
I do like CentOS/Redhat 6 better as a virtualization server. Thing to realize here is that Redhat is leading the development effort for KVM, libvirt etc, so Ubuntu's code lags behind redhat. For the current stable Ubuntu 10.04 LTS release Ubuntu lags behind redhat 6 and since 10.04 LTS is a stable release it doesn't just get arbitrary updates unless they are security fixes.
Sometimes stuff don't get updates at all. Even when working patches have been provided. Maybe only some Canonical maintained packages get backports.
One thing I like about Ubuntu/debian is the /etc/network/interfaces file over /etc/sysconfig/network-scripts /etc/sysconfig/network.
I must say that that is one thing among others nice in Debian. Just like runparts is from Debian.
Just another flavor of linux. There are various packages that can be installed to do this for you. ufw is one of them. I prefer to use my own scripts though.
Using your own scripts is the only sane way to do things...ufw, fwbuilder, even shorewall are just either inadequate, inflexible or way too complicated to trace/optimize things.