On Saturday, November 12, 2011 03:59 PM, Nataraj wrote: > I believe the standard desktop uses Ubuntu's own installer. The Ubuntu > server and the 'alternative' distribution use the debian installer. I > fought with it at first, but it is much more flexible than the redhat > installer. You can build arbitrary LVM/raid configurations with it and > you can also go into the shell from the installer and customize things > that you can't with the redhat installer. Last time I tried, you could not do lvm on raid and it was acknowledged as such on the ubuntu-installer/ubuntu-devel-discuss list. Arbitrary lvm/raid and lvm on raid has been possible on anaconda for quite a while. >> 3- I don't know about having a server being forced to connect to the >> internet before you can even begin to secure >> it up. But the only way to really install it is to do that. Wait til you >> see the insecure firewall setup if gave me too.. > I've not experienced any distribution to provide a great default > firewall setup. What I do notice about Ubuntu server is there are very > few services running in the default install, so if you probe a newly > installed machine, it's not very vulnerable. I usually run new installs > behind my Internet firewall anyway. I like doing a basic install and > then adding the services that I want to enable, rather then a server > install that comes up with dozens of services that you may not need and > you have to turn them all off to secure the machine. Nobody said anything about any distribution providing a 'great' default setup. Someone said something about dozens of firewall management tools but in reality, they were all solutions that drive you insane. Redhat/Centos = service iptables save. End of story. >> 4- I picked the virtual host package, as the machine will hold guest >> OS's (presumably ubuntu). > I do like CentOS/Redhat 6 better as a virtualization server. Thing to > realize here is that Redhat is leading the development effort for KVM, > libvirt etc, so Ubuntu's code lags behind redhat. For the current > stable Ubuntu 10.04 LTS release Ubuntu lags behind redhat 6 and since > 10.04 LTS is a stable release it doesn't just get arbitrary updates > unless they are security fixes. Sometimes stuff don't get updates at all. Even when working patches have been provided. Maybe only some Canonical maintained packages get backports. > > One thing I like about Ubuntu/debian is the /etc/network/interfaces file > over /etc/sysconfig/network-scripts /etc/sysconfig/network. I must say that that is one thing among others nice in Debian. Just like runparts is from Debian. > Just another flavor of linux. There are various packages that can be > installed to do this for you. ufw is one of them. I prefer to use my > own scripts though. Using your own scripts is the only sane way to do things...ufw, fwbuilder, even shorewall are just either inadequate, inflexible or way too complicated to trace/optimize things.