Putting server on the internet or not
Christofer C. Bell
christofer.c.bell at gmail.com
Thu Dec 15 10:16:44 UTC 2005
You guys are trying to make it sound like running a Linux machine on
the public Internet is some kind of nightmare of "lions and tigers and
bears" and that depiction couldn't be farther from the truth. I've
been running Linux machines connected to the public Internet since
1994 and only once has a machine ever been broken into (and that was
due to *my* laziness, nothing that was the fault of the operating
system -- it was also 8 years ago, and yes, I did track down who did
it, it was some kid and his friend in Florida. I'm in Kansas).
In short, if you keep up to date with security patches, turn off
non-essential services, and make conservative use of things like
tcp_wrappers and iptables, you really don't have a lot to worry about.
The only other suggestion I can make is to use the AllowUsers
directive in /etc/ssh/sshd_config.
You're not connecting an unpatched Windows machine to the Internet,
you're connecting a secure Linux machine to the Internet. These days
with things like the yum auto-update service available, you really
have to go out of your way to leave your machine open to attack.
I'm sure that some naysayer is going to come along and disagree with
everything I've just said, and that's to be expected on a large
mailing list. I'll say in advance that whatever rebuttal is posted is
a bunch of hogwash and fear mongering. :-P I think you'll enjoy
running your own Internet presence and I encourage you to take the
"I trust the Democrats to take away my money, which I can afford. I
trust the Republicans to take away my freedom, which I cannot."
More information about the fedora-list