[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] RaQ replacements

Subject: Re: [cobalt-developers] RaQ replacements
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Mon Jun 9 22:11:01 2003
Organization: nobaloney.net
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

Michael Stauber wrote:

> I worked a little with Ensim and Plesk boxes and from my security minded
> perespective there is one crucial problem:
> 
> You take a basic linux installation (RedHat, Debian, or whatever you prefer)
> and put the control panel on top of it. Plesk then installs its own mailer
> daemon, own web server, it's own MySQL and so on.

Plesk 5.x runs ONLY on RHL 7.1, 7.2, or 7.3.  The next version, 6.x will
also run in RHL 8; I don't know about 9 or earlier versions.  Plesk also
runs on FreeBSD 4.4.  Plesk runs on no other linux or unix system.

Ensim Pro runs only on RHL 7.3.  This information comes from the Plesk
and Ensim websites.

> Now what do you do in regards to security updates? Sure, Plesk provides
> security patches for all the software it brings aboard. But updating the
> underlying OS is up to you.
> 
> On a RedHat box you then need to be really careful with "up2date" when you
> fetch your patches for the OS. Or you risk that your Plesk installation (or
> parts of it) might get toasted once you install needed RedHat updates.

First of all, use apt instead of up2date; a lot easier, and no RHN pages
to have to deal with.

Second of all, we've heard from Plesk support that updating using RPMs
and either RHN or apt will NOT cause problems for the Plesk RPM
install.  This has been our experience as well.

The updates are a lot simpler than the juggling we have to do with the
Cobalt boxes.

> All the Plesk boxes I've seen so far had horrible security leaks half a year
> down the road, because the underlying OS was either never updated, or not
> updated properly.

Only because people don't update them.  Our Plesk systems and those we
manage for clients are always up-to-date; we automate it.

> An interesting alternative (aside from the Qbalt project) could be EnGarde
> Secure Linux:
> 
> http://store.guardiandigital.com/html/eng/products/software/esp_overview.shtml
> 
> I'll be trying it out within the next two weeks, but I like their security
> minded approach. However, the price tag on it is almost as impressive as the
> feature list.

And then you need to have a GUI administration package to work with it.

Jeff
-- 
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";

References:
- [cobalt-developers] RaQ replacements
  - From: John Thewlis
- Re: [cobalt-developers] RaQ replacements
  - From: Michael Stauber

Prev by Date: Re: [cobalt-developers] What does mean the numbers in CPU usage?
Next by Date: Re: [cobalt-developers] RaQ replacements
Previous by thread: Re: [cobalt-developers] RaQ replacements
Next by thread: FW: [cobalt-developers] RaQ replacements

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index