Default config for some services

[William Hooper]

Pedro Fernandes Macedo said:
> I'm looking for some help here..
> Today , while talking to my boss, he said that , when comparing two
> boxes , one running Suse and other running Redhat/Fedora , the Suse box
> is more secure then the Redhat/Fedora box.. He said that running nessus
> on both showed that suse was more secure..
> Anyone knows why?
> He mentioned something about the default config for apache , as an
> example... Maybe we could find out what are these "security flaws" so we
> can create an RFE on bugzilla to make a default install safer to
> everyone...

It depends a lot on the specific issues.  IIRC nessus does a number of
"you have installed this version of x so it _may_ be vulnerable to y"...
but using version numbers doesn't tell the whole story (see
http://www.redhat.com/advice/speaks_backport.html ).  Determining "how
secure" something is involves a lot of checking, not just one tool.

-- 
William Hooper