[CentOS] Redhat vs centos vs ubuntu

Thu Nov 10 15:33:38 UTC 2011
Craig White <craig.white at ttiltd.com>

On Nov 10, 2011, at 6:44 AM, Bob Hoffman wrote:

> This is  a continuation of the thread about redhat vs centos and the 
> thought of moving from centos
> due to redhats new business model. Forgive the length, but I had to share.
> I went ahead and downloaded the 5 year supported version of ubuntu server.
> You think centos/redhat is a bit tough or not polished?
> One day with ubuntu server and you will look at centos install and setup 
> as a god!
> Where do I begin?
> 1- you download the iso, burn a cd. But guess what? It is only a small 
> boot setup (about 600mb).
> The install actually sets up your eth port and then SLOWLY downloads a 
> base set of packages.
> Then when you are done with your drive set up, you get to pick a package.
> Then it downloads and installs, asking you a few questions as it does.
> Then it upgrades itself.
> About 40 minutes due to the downloads for me...
you can turn off networking or unplug the cable if you you only want a base install and don't want it to install the latest updates out of the box.
> 2- uses a really lame 1980 DOS version of a text installer. It does not 
> and will not use a basic vid driver install
> which means your setting up of lvms and such during the install is 
> really fun.
ubuntu server is basic (no x) - it's a small footprint install. Most people who do servers prefer this.

As for setting up LVM's and such... it's pretty much the same as any RH... just looks different
> 3- I don't know about having a server being forced to connect to the 
> internet before you can even begin to secure
> it up. But the only way to really install it is to do that. Wait til you 
> see the insecure firewall setup if gave me too.
again, you don't have to connect to the internet to install
> 4- I picked the virtual host package, as the machine will hold guest 
> OS's (presumably ubuntu).
> 5- booted up fine.
> 6- uses upstart and init, mixed up a bit. Upstart, BY DESIGN AND 
> still being built so they do not want to put any documentation out on it 
> yet. This makes chkconfig and things like
> that useless. Hence, if you want to know what is running, set to run, 
> etc, you need to dig in multiple folders and
> read the scripts. There is no other way. What a horror.
RHEL v6 (and CentOS 6) use upstart too... life has all sorts of curveballs
> 7- The install, of the virtual host, added libvirt. It did not however 
> install things like virt-install or any other virt software.
> Infact, no guest installation tools were added, though things like virsh 
> were installed. Sigh.
> 8- The firewall and network do not have the scripts folder. You have to 
> build your own firewall file and add scripts
> to make it over ride the stock one via the eth you want to use it 
> for....wtf?
all sorts of packages for firewall management.

apt-cache search firewall | wc -l

why be content with the minimal firewall tool when you actually can have a choice?
> 9- here is the firewall, for a virtual host, that should not have 
> anything but port 22 open as far as the initial install
> should (at least in my opinion).....Ubuntu starts with this....
> (remember, ubuntu forces you to be online to install and this is how it 
> protects your server)
nothing like chaining lack of understanding to dramatize
> I was not blocked on a single port going from my desktop to my server 
> via my router. ALL PORTS were accessible.
> This is out of the box. Shell 22 was open from all my computers. Not 
> listed in the firewall as open.
> You can see it is quite different than the centos stock and I think 
> ubuntu is a 'run away' install.
sure - there's a difference but you're chaining again.
> There is no bridge set up in the network interface files either. There 
> is no bridge set up.
> The firewall is looking at virbr0 but there is no such configuration I 
> could find in the
> etc folder, anywhere.
> Very odd.
> # Generated by iptables-save v1.4.4 on Mon Nov  7 23:35:47 2011
> *nat
> :OUTPUT ACCEPT [9:626]
> -A POSTROUTING -s ! -d -p tcp -j 
> MASQUERADE --to-ports 1024-65535
> -A POSTROUTING -s ! -d -p udp -j 
> MASQUERADE --to-ports 1024-65535
> # Completed on Mon Nov  7 23:35:47 2011
> # Generated by iptables-save v1.4.4 on Mon Nov  7 23:35:47 2011
> *filter
> :INPUT ACCEPT [3701:295955]
> :OUTPUT ACCEPT [793:1276008]
> -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
> -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
> -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
> -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
> -A FORWARD -d -o virbr0 -m state --state 
> -A FORWARD -s -i virbr0 -j ACCEPT
> -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
> -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
> -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
> # Completed on Mon Nov  7 23:35:47 2011
> In closing, it is down to suse or back to centos and just pray redhat 
> turns around. Maybe scientific linux.
> Ubuntu is not ready for prime time and a HUGE step backwards. It is not 
> cutting edge and very insecure.
> So maybe centos, even if a year or two behind, is way better than ubuntu 
> will ever be.
It's different - not better, not worse (save for the fact that with Ubuntu I have been able to get timely updates this year). Also, I much prefer their packaging of Apache & BIND9 to Red Hat's.

I personally love their minimal installation CD, from the text based install to the minimal package install, etc. and think that their minimal approach is vastly superior to Red Hat (and all downstream packagers) installer that is slow and bloated. I can typically get a vm spun up with Ubuntu in about 5 mins and it takes much longer to install a CentOS vm.

If your expectation was that you could take your limited knowledge base and apply it equally across all Linux distributions and expect it to behave as a Red Hat derived system, then all other distributions will disappoint you.