Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: openSUSE vs Ubuntu security

  1. #1
    Join Date
    Sep 2009
    Location
    Pakistan
    Posts
    201

    Post openSUSE vs Ubuntu security

    openSUSE vs Ubuntu in terms of security...
    Which one is more secure?

  2. #2
    platinum NNTP User

    Default Re: openSUSE vs Ubuntu security

    BrownieCat wrote:
    > openSUSE vs Ubuntu in terms of security...
    > Which one is more secure?


    i can only suppose your question is:

    Which default install is the most secure?

    because if a security expert tunes both (after the install), they will
    be equally secure--since openSUSE is Linux and Ubuntu is Linux, and
    the flavor of Linux picked has nothing whatsoever to do with the level
    of security available to _any_ Linux..

    the answer to the relative merits of the default install question is
    then:

    it is a matter of opinion, circumstance and need...and therefore no
    clear cut answer like "This one is better than the other." is possible..

    that said, i can add: with just a few changes to openSUSE's default
    install i'm pretty comfortable with what i have..

    and, since i've never installed Ubuntu (though i have installed Red
    Hat, Fedora, Mandrake, Mandrivia, Knoppix, Puppy, DSL, Xandros and
    several others) i can't even give you an opinion other than: it
    depends on what _you_ want (level of paranoia) and need (where and how
    will you operate it...are you trying to keep dorm friends out, or
    professional crackers, or spambot network builders, or the NSA, or
    who??)..

    i do remember others talking about some of the decisions made by the
    Ubuntu folks (to make it easier for micro$ofties to transition) that
    made their setup more prone to cracking...but, i don't recall what
    those were/are..

    --
    platinum

  3. #3
    Join Date
    Jun 2008
    Location
    Connecticut, USA
    Posts
    2,295
    Blog Entries
    1

    Default Re: openSUSE vs Ubuntu security

    That's a tough question.

    One issue I have with Ubuntu is the ability for somebody to drop into root from the start up splash screen without a password out-of-the-box.

    I was surprised that I had to open my firewall for sharing a printer in Ubuntu, but then again I've had to manually open a firewall port for Samba file sharing in openSUSE (receiving, not hosting).

    A while ago I was in some obscure website I cannot recall which had embedded video on it. Ubuntu would not run it but openSUSE ran it without questions. Not sure if this is a good thing or not, but it was a difference between the two. (Note: it could have been a Silverlight video not Flash for all I know).
    "Linux provides freedom, problem is most users don't know what it is or how to use it." ~me
    Friends don't let Friends wear red shirts on away parties!
    Linux User #477531 | Danbury Area Computer Society (www.dacs.org)

  4. #4

    Default Re: openSUSE vs Ubuntu security

    The question is an easy one. Everybody who has a proper security team would not have let the OpenSSL lack-of-randomness bug slip in.

  5. #5

    Default Re: openSUSE vs Ubuntu security

    Both in general are more secure then windows to be sure, Ubuntu and openSUSE seem to be on par with eachother.
    Of course security bugs are bound to pop up no matter what OS you use.

  6. #6

    Default Re: openSUSE vs Ubuntu security

    Due to the "great" idea of setting "Use the same Password for root" as default in the installer when adding the first _restricted_ user, openSUSE is now as "secure" as a standard Ubuntu installation.

    The only difference is, you can easily uncheck this "feature" during installation, but as many new users will just doing it the "Windows turned me into some kind of "analphabetic retard" by teaching me to ignore all message boxes or help windows not read what the OS tells me"-way, it is not very difficult to guess the outcome.

    As a consequence, getting the password of the normal, restricted user working on that machine, you are able to get root access, now how "secure" is that?

    I hope this will be changed in the future, it's just plain utter stupid to set this as a default.

    If it already has been changed (my last "new installation" of an openSUSE version is some time ago), then it's a step into the right direction.

    People (or distributions) who still think "sudo" should be used as the standard (and in default setting only!) way to do system administration, are completely incompetent on security matters and should not be considered when talking about "secure" setups.

    Just my 0,02 €uros.

  7. #7
    platinum NNTP User

    Default Re: openSUSE vs Ubuntu security

    i agree!

    --
    platinum

  8. #8
    Join Date
    Jun 2008
    Location
    Connecticut, USA
    Posts
    2,295
    Blog Entries
    1

    Default Re: openSUSE vs Ubuntu security

    Quote Originally Posted by Akoellh View Post
    As a consequence, getting the password of the normal, restricted user working on that machine, you are able to get root access, now how "secure" is that?
    Trying to figure out the user's username AND the password instead of knowing one piece (username = root) and just needing the second?
    "Linux provides freedom, problem is most users don't know what it is or how to use it." ~me
    Friends don't let Friends wear red shirts on away parties!
    Linux User #477531 | Danbury Area Computer Society (www.dacs.org)

  9. #9

    Default Re: openSUSE vs Ubuntu security

    1) On a system with secure configuration, you will not be allowed to login as root remotely, no matter if you knew his password.

    2) How many remote attacks start with a _direct_ login as root?

  10. #10

    Default Re: openSUSE vs Ubuntu security

    3) If you have several users on a "we use sudo instead of su"-system you will have several users with potentially weak passwords.

    If you give them elevated rights via sudo for all actions (aka "the Ubuntu way", although this then has to be done explicitely for anyone but the first user), you gain one potential security hole per new user.

    The whole concept is flawed due to the simple fact, that sudo was never designed for that job.

    Sudo is a great tool if used for its real purpose and used in secure way to give _certain_ users only elevated privileges for _certain_ commands.

    Let me show you an example:

    Code:
    axel@Fatboy:~> sudo zypper up
    axel's password:
    Daten des Repositorys laden...
    Installierte Pakete lesen...
    
    Die folgenden Pakete werden aktualisiert:
      java-1_6_0-openjdk java-1_6_0-openjdk-plugin 
    
    
    Gesamtgre des Downloads: 25,8 M. Nach der Operation werden zustzlich 991,0 K belegt.
    Yes, it might makes sense (also for the admin) if users were allowed to update the system.

    Code:
    sudo rm -rf /
    axel's password:
    Sorry, user axel is not allowed to execute '/bin/rm -rf /' as root on Fatboy.
    NO, it's not a good idea to let stupid users like that axel-guy delete the root partition.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •