[CentOS] Redhat vs centos vs ubuntu

Thu Nov 10 13:44:12 UTC 2011
Bob Hoffman <bob at bobhoffman.com>

This is  a continuation of the thread about redhat vs centos and the 
thought of moving from centos
due to redhats new business model. Forgive the length, but I had to share.

I went ahead and downloaded the 5 year supported version of ubuntu server.
You think centos/redhat is a bit tough or not polished?
One day with ubuntu server and you will look at centos install and setup 
as a god!

Where do I begin?

1- you download the iso, burn a cd. But guess what? It is only a small 
boot setup (about 600mb).
The install actually sets up your eth port and then SLOWLY downloads a 
base set of packages.
Then when you are done with your drive set up, you get to pick a package.
Then it downloads and installs, asking you a few questions as it does.
Then it upgrades itself.
About 40 minutes due to the downloads for me...

2- uses a really lame 1980 DOS version of a text installer. It does not 
and will not use a basic vid driver install
which means your setting up of lvms and such during the install is 
really fun.

3- I don't know about having a server being forced to connect to the 
internet before you can even begin to secure
it up. But the only way to really install it is to do that. Wait til you 
see the insecure firewall setup if gave me too..

4- I picked the virtual host package, as the machine will hold guest 
OS's (presumably ubuntu).

5- booted up fine.

6- uses upstart and init, mixed up a bit. Upstart, BY DESIGN AND 
ACCORDING TO DOCUMENTATION is new and
still being built so they do not want to put any documentation out on it 
yet. This makes chkconfig and things like
that useless. Hence, if you want to know what is running, set to run, 
etc, you need to dig in multiple folders and
read the scripts. There is no other way. What a horror.

7- The install, of the virtual host, added libvirt. It did not however 
install things like virt-install or any other virt software.
Infact, no guest installation tools were added, though things like virsh 
were installed. Sigh.

8- The firewall and network do not have the scripts folder. You have to 
build your own firewall file and add scripts
to make it over ride the stock one via the eth you want to use it 
for....wtf?

9- here is the firewall, for a virtual host, that should not have 
anything but port 22 open as far as the initial install
should (at least in my opinion).....Ubuntu starts with this....
(remember, ubuntu forces you to be online to install and this is how it 
protects your server)

I was not blocked on a single port going from my desktop to my server 
via my router. ALL PORTS were accessible.
This is out of the box. Shell 22 was open from all my computers. Not 
listed in the firewall as open.
You can see it is quite different than the centos stock and I think 
ubuntu is a 'run away' install.

There is no bridge set up in the network interface files either. There 
is no bridge set up.
The firewall is looking at virbr0 but there is no such configuration I 
could find in the
etc folder, anywhere.
Very odd.

# Generated by iptables-save v1.4.4 on Mon Nov  7 23:35:47 2011
*nat
:PREROUTING ACCEPT [84:12492]
:POSTROUTING ACCEPT [9:626]
:OUTPUT ACCEPT [9:626]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j 
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j 
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Mon Nov  7 23:35:47 2011
# Generated by iptables-save v1.4.4 on Mon Nov  7 23:35:47 2011
*filter
:INPUT ACCEPT [3701:295955]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [793:1276008]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state 
RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Mon Nov  7 23:35:47 2011


In closing, it is down to suse or back to centos and just pray redhat 
turns around. Maybe scientific linux.
Ubuntu is not ready for prime time and a HUGE step backwards. It is not 
cutting edge and very insecure.

So maybe centos, even if a year or two behind, is way better than ubuntu 
will ever be.


I took a shot at paid support.
You have to send them a contact mail. I did.
After 3 days sent them another.
2 days later, no response from that one either.

down to suse or back to centos.

One good thing about ubuntu was the bug redhat has for the ati onboard 
video is not an issue making
no errors on boot and no long hang time that centos was causing me.