Security Portal: SuSE Linux – a vendor gets security conscious

“Security is an increasingly big worry for system and network
administrators. Whether you just have one machine with your
personal work on it, or a large network with dozens of servers and
hundreds of clients, there is one common problem. Most Linux
vendors install Linux so that you end up with a plethora of
features and tools, often ignoring security considerations (or not
paying much attention to them).
Unfortunately, security has a
tendency to make the system harder to use, forgotten usernames and
passwords are an increasing headache, and forget about trying to
teach users not to open email attachments from people they don’t
know. To make matters worse most users simply don’t place security
as a high priority, and very few demand security features from
their vendor.”

“But there are security conscious Linux vendors. The most
notable being WireX, but their distribution is aimed more at
application servers, however the tools they have created are mostly
GPL licensed, and in use by other vendors/people (things like
StackGuard). The other Linux vendor making a real effort to produce
a more secure distribution is SuSE Linux. SuSE Linux has a
significant advantage over most other large Linux vendors, they are
located in Germany, whose government has taken an extremely
pro-crypto (and privacy) stance in computing. An additional barrier
for American Linux vendors are the RSA patents (you can use RSAREF,
but chances are you will get a nasty phone call from RSA).”

“Marc Heuse has been working for SuSE Linux in a security
related capacity for some time (he’s the “alpha male” there for
security as far as I can tell), and has been writing and releasing
a variety of software packages and scripts that enhance the overall
safety and security of SuSE Linux. The first tool was a hardening
script, which would lock down the system, disable various services,
and generally make the system a lot harder to break into. It ran as
an interactive series of questions, or could be fed command line
options, and made a log of what it did.”