E. Charters wrote:

> BSD is supposed to be more stable, but slackware's stability has never
> seriously been questioned. I would stay away from the more recent
> versions until more all bugfixes are in. My advice is use kernel 2.4.22
> on Slack 9.1.
>
> A webserver will have holes in it, and it is really the scripts that run
> it, the server programs that provide security not so much the distro.
> This is the key, that variable in scripts do not allow overloading, so
> that root access can be had.
> A webserver has to run more or less without much firewall protection,
> or port forwarded though a firewall. It may take a good book on
> firewalls to get this well figured out. IP Chains might be as good
> as tables, so Linux Firewalls by New Riders is comprehensive.
>
> Most free distros are about equal in many respects. Slack provides
> kernel support as do other Linux distros for setting up packet filtering
> and the like in the kernel compile. BSD has some scripts that are
> supposed to make firewalls easier to do, but I doubt that is really
> true. I think that setting recompiling your kernel with
> a careful read of IP packet options would be de-rigeur. There should be
> enough docs in /usr/src/linux and the make menuconfig process to allow
> you to figure out what you especially need. I think you would find
> kernel recompiling in Slack more basic and trustworthy than the Hat.
> It is more part of their meat it would seem. I would look at both
> make config AND make menuconfig. The latter is more for overview and
> the former for getting it right. For some reason I have found that make
> menuconfig leaves out choices that pop out at you in the textual
> config.
>
> Slack (net) scripting in /etc/rc.d/rc.inet1 and rc.inet2 is fairly easy
> and straightforward compared to RedHat and other sysv types. They have
> a fairly workable tool, netconfig, for easy simple network setup.
>
> It would appear that the consensus would be that Squid is the server to
> run in a semi-commercial environment. Apache would not be a bad choice
> here however. Apache docs take some reading.
>
> I would say a week would be enough time, depending on where you are at
> now. You should be able to do it from the on disk linux docs but
> visiting the Apache website will probably be in order. They are nicely
> explanatory.
>
> EC<:-}

Thanks for your response. I have setup webservers with Apache before on RH.
Its not the learning curve associated with Apache that I am worried about,
it is the possible foibles of the BSD's if I should make that choice.

As I stated in my post, I use Slack 10 for my home firewall/router and never
had reason to complain. However, I am now doing this for my organization,
so I guess the webserver would be stressed more, and possibly face more
attacks as well.