Gilbert Sebenste wrote:
On Mon, 26 Jan 2009, Dan Vietor wrote:
I haven't moved to Fedora 10 yet but I have just recently downloaded
Fedora 10 and was planning on putting it on a system soon. I'm running
Fedora 9 on the development systems and CentOS 5.2 on the operational
systems.
The problem that I have with later versions of Linux is that SELinux
keeps locking out more and more of the operating system. Also, X11
security keeps getting stronger. So you have to figure out how to work
around a more secure system. I generally disable SELinux because it
just gets in the way of almost everything I do. Only recently has
SELinux offered enough options and configuration to allow third party
software to run well with it.
Yeah, I'm having trouble with that in F10.
The common wisdom is to disable SE Linux completely unless you really
NEED that level of security, and lock down your IPTables firewall. I
have attacks almost daily but they rarely succeed. We also run
'DenyHosts' on all machines to take care of the dictionary attacks on
ssh and other similar ports.
The problem with CentOS 5 is that its based on Fedora 6 which is by
Linux standards getting old (released in Dec 2006). I did notice that
CentOS does break with Red Hat Enterprise in some areas... like it uses
Firefox 3 whereas RHEL5 still uses Firefox 1.5 and CentOS uses a newer
version of yum.
Good.
And you can use the EPEL repository and get newer code.
I haven't heard any rumblings about a new RHEL version coming out.
Wikipedia says first quarter 2010, FWIW.
start hearing about RHEL version 6 soon. But RH did just announce 5.3
which should be coming to a CentOS distribution shortly.
about every 18-24 months.
I would recommend moving to CentOS 5.2.
If CentOS 5.3 is due out soon, I might hang a little longer and play with
that. We'll see.
Go with 5.2 now and update when 5.3 comes out.
A couple of caveats for the CentOS uninitiated. Don't try a
major-release "upgrade": That requires a sand the disk rebuild, not an
upgrade.
Minor-release updates work well. You're looking for, eg., a CentOS 5
repository to update against, not a 5.1 or 5.2 or such. Minor releases
go to the big sites, and "just work".
We do NOT do automatic updates on production systems. We occasionally
do bulk updates when we have a good-weather day and no obvious problems.
Auto-update is asking for production-system problems, IMNSHO.
--
Gerry Creager -- gerry.creager@xxxxxxxx
Texas Mesonet -- AATLT, Texas A&M University
Cell: 979.229.5301 Office: 979.458.4020 FAX: 979.862.3983
Office: 1700 Research Parkway Ste 160, TAMU, College Station, TX 77843
