How close is Red Hat 9 and Fedora?
- Thread starter Mookow
- Start date
Fedora Core 1 = Redhat 10, basicly.
The change was by Redhat to differeniate it's supported commercial OS from it's community supported stuff.
The sort of people that want a free OS with all the newest apps and such have drasticly different needs from somebody that needs the most stable server platform possible with commercial technical support.
So Redhat is supporting Fedora officially in order to more closely fuffil the needs of both groups.
The difference is that Fedora is newer, its' about the same as going from Redhat 8 to Redhat 9.
Fedora Core2 is already into it's next generation. So that's about Redhat 11.
The nice thing is that Yum and Apt are officially supported. This makes installing free software much easier.
To install xmms for instance would go like this (at the command prompt):
yum update
(this updates the OS to newest versions of everything aviable.)
yum install xmms
(this calculates all the dependances and downloads them and installs them along with the rpm for xmms.)
Third party rpm repositories (like Dag's) are aviable for bunches of extra apps, but official Fedora stuff will cause the least amount of problems.
Using the installation CD you should be able to update your Redhat 9 install without having to reinstall completely.
some discussion on how to use Apt and Yum correctly
It'll require a little setup to get going, but once you get it then it will make things pretty easy.
The change was by Redhat to differeniate it's supported commercial OS from it's community supported stuff.
The sort of people that want a free OS with all the newest apps and such have drasticly different needs from somebody that needs the most stable server platform possible with commercial technical support.
So Redhat is supporting Fedora officially in order to more closely fuffil the needs of both groups.
The difference is that Fedora is newer, its' about the same as going from Redhat 8 to Redhat 9.
Fedora Core2 is already into it's next generation. So that's about Redhat 11.
The nice thing is that Yum and Apt are officially supported. This makes installing free software much easier.
To install xmms for instance would go like this (at the command prompt):
yum update
(this updates the OS to newest versions of everything aviable.)
yum install xmms
(this calculates all the dependances and downloads them and installs them along with the rpm for xmms.)
Third party rpm repositories (like Dag's) are aviable for bunches of extra apps, but official Fedora stuff will cause the least amount of problems.
Using the installation CD you should be able to update your Redhat 9 install without having to reinstall completely.
some discussion on how to use Apt and Yum correctly
It'll require a little setup to get going, but once you get it then it will make things pretty easy.
Basically, we have exactly one fedora box here at work. I have some *nix experience, but not all that much. I get told to install the CI Security scan tool. I download it, install it, everything is going fine. I go to run it, it starts up, displays the banner, and then it says "Couldn't determine Linux Release Fedora Core release 2 (Tettnang)", then terminates. I dont think Fedora is supported, but I'm wondering what I can do to try to trick the scan tool into running.
EDIT: the scan tool is supposed to work under Red Hat 9 (among other Linux distros), and they only put out the one Linux version.
EDIT: the scan tool is supposed to work under Red Hat 9 (among other Linux distros), and they only put out the one Linux version.
I am not familar with the CI Security scan tool.... You have a link?
If you can determine were this app is getting it's information from, weither it's from a enviromental variable or a system command, we can probably trick it into reading a string that makes it think it's running from Redhat 9.
If you can determine were this app is getting it's information from, weither it's from a enviromental variable or a system command, we can probably trick it into reading a string that makes it think it's running from Redhat 9.
This program is pretty ghetto. The meat of the actual thing is a perl script tester.sub in the /usr/local/CIS directory.
find this section in it:
BTW the forums screw up white space formating so it won't look exactly the same.
Do a search for: Couldn't determine Linux Release
in your favorite text editor and find that last line.
Change it from:
else {
die ("Couldn't determine Linux Release $release_line");
}
to :
else {
$DISTRIBUTION = "RH";
$DISTRIBUTION_VERSION = 9;
}
That will make it think that it is redhat 9.
The file that it pulls this information from is the /etc/redhat-release, BTW.
However this is a pretty crappy program, it just has a bunch of filenames in those cis files and looks to see if they are present. Then looks for world writable files, and suid files. And a couple other small things.
If you want a real security audit tool. (not a real substitute for a REAL security audit, but it will point out obvious flaws) Check out Nessus.
here is nessus's homepage
here is a article from securityfocus describing it's basic functioning and how to use it
Nessus is a great tool, and unfortunatly the CIS scanner is more of a curiosity then anything usefull. But edit that perl script a bit and it will work just fine in Fedora.
I got a score of Final rating = 5.54 / 10.00
I don't think it's very accurate though. Maybe because it's not realy Redhat 9. It it's a big issue for you then e-mail the CIS people and try to get them to support Fedora. Redhat 9 is NOT supported anymore and shouldn't realy be used for anything serious. If you need to use it for whatever reason (lots of good reasons) check out the fedora legacy project and they will have legacy community support for Redhat. That means you can get updates and security fixes from them still, but you won't get them officially from Redhat.
There are a some interesting suggestions that show up in it's log files. Lot of it is bogus though, IMO.
Good luck.
find this section in it:
BTW the forums screw up white space formating so it won't look exactly the same.
Do a search for: Couldn't determine Linux Release
in your favorite text editor and find that last line.
Change it from:
else {
die ("Couldn't determine Linux Release $release_line");
}
to :
else {
$DISTRIBUTION = "RH";
$DISTRIBUTION_VERSION = 9;
}
That will make it think that it is redhat 9.
The file that it pulls this information from is the /etc/redhat-release, BTW.
However this is a pretty crappy program, it just has a bunch of filenames in those cis files and looks to see if they are present. Then looks for world writable files, and suid files. And a couple other small things.
If you want a real security audit tool. (not a real substitute for a REAL security audit, but it will point out obvious flaws) Check out Nessus.
here is nessus's homepage
here is a article from securityfocus describing it's basic functioning and how to use it
Nessus is a great tool, and unfortunatly the CIS scanner is more of a curiosity then anything usefull. But edit that perl script a bit and it will work just fine in Fedora.
I got a score of Final rating = 5.54 / 10.00
I don't think it's very accurate though. Maybe because it's not realy Redhat 9. It it's a big issue for you then e-mail the CIS people and try to get them to support Fedora. Redhat 9 is NOT supported anymore and shouldn't realy be used for anything serious. If you need to use it for whatever reason (lots of good reasons) check out the fedora legacy project and they will have legacy community support for Redhat. That means you can get updates and security fixes from them still, but you won't get them officially from Redhat.
There are a some interesting suggestions that show up in it's log files. Lot of it is bogus though, IMO.
Good luck.
Originally posted by: drag
*snipped for readability*
...However this is a pretty crappy program, it just has a bunch of filenames in those cis files and looks to see if they are present. Then looks for world writable files, and suid files. And a couple other small things.
If you want a real security audit tool. (not a real substitute for a REAL security audit, but it will point out obvious flaws) Check out Nessus.
here is nessus's homepage
here is a article from securityfocus describing it's basic functioning and how to use it
Nessus is a great tool, and unfortunatly the CIS scanner is more of a curiosity then anything usefull. But edit that perl script a bit and it will work just fine in Fedora.
I got a score of Final rating = 5.54 / 10.00
I don't think it's very accurate though. Maybe because it's not realy Redhat 9. It it's a big issue for you then e-mail the CIS people and try to get them to support Fedora. Redhat 9 is NOT supported anymore and shouldn't realy be used for anything serious. If you need to use it for whatever reason (lots of good reasons) check out the fedora legacy project and they will have legacy community support for Redhat. That means you can get updates and security fixes from them still, but you won't get them officially from Redhat.
There are a some interesting suggestions that show up in it's log files. Lot of it is bogus though, IMO.
Good luck.
In my new job I am supposed to spend the first third of the month patching the servers, second third running the CIS scan, and the last third of the month I run Nessus
. The only reason we have the Fedora box is to run nessus, since Solaris wont run it, or so I have been told (never even bothered to check). However, my predecessor missed/forgot a couple servers when he was running Nessus scans on the rest. Today I asked myself WhereTF the reports were for those boxes, and thats what led into all of this. I had to go to Security to get a firewall rule made allowing the Fedora box into the subnet with the four servers the guy I just replaced never scanned. When I told a guy in Security that I needed x.x.x.x IP allowed into an additional subnet, he told me to run the CIS-scan on it. I had already run Nessus on the Fedora box, and all it "found" was that port 22 was open, and I have SSH running on that port (it didnt even want me to upgrade). Thats all it found, and I already knew that, since I was SSH-ing into it to start Nessus on it .Oh, yeah, drag I rated you a '10'. And if you're ever in my neck of the woods, I'll buy you some :beer:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 411
Facebook
Twitter