You are not logged in.

#1 2012-04-23 16:12:24

atzorvas
New member
Registered: 2012-04-23
Posts: 1

Deploy Servers with Funtoo?

Hi there,

i am Gentoo user since '09.
using Gentoo for all of my Workstations and its the only OS that i use during these years.
Now i want to use it for server tasks too. So i played a little with a Gentoo install + php + nginx etc.
just a forum and some other dummy tasks.
So it is time for me to deploy a full hardened environment. I was looking for Gentoo Hardened etc..

but ..
can i use funtoo the same way i can use gentoo?
are there any drawbacks to deploying Funtoo Hardened for server etc? compared to Gentoo, are there things that i cannot do?

also, what are the advantages of Funtoo for a server?

any response will be greatly appreciated!

Offline

#2 2013-02-22 13:27:01

mark.doe
New member
Registered: 2012-01-23
Posts: 6

Re: Deploy Servers with Funtoo?

Gentoo is better supported in general, but that's all disa-advantages I see so far.
Generally I like the more conservative stable toolchain update- approach of gentoo and the other goodies and small enhancements: http://www.funtoo.org/wiki/Choose_Funtoo

Offline

#3 2013-02-23 16:17:46

Judge
Staff
From: Germany, NRW, Heiligenhaus
Registered: 2011-07-03
Posts: 283

Re: Deploy Servers with Funtoo?

I'm running >100 production / enterprise level servers with Funtoo. I know, there is this "hardened" thing in Gentoo, but to be honest: Gentoo and Funtoo was always more stable in the last years than any Ubuntu Server System or Debian ever was. If you really, really want to have a rock solid Distribution, I recommend to use an Enterprise Level Distro like SLES or - more prefered - RedHat Enterprise / CentOS.
Gentoo / Funtoo often have the advantage over binary Distributions, that you have the most recent upstream versions installed. Sure, you might also get the very latest bugs and security holes, but my experience is that security holes are mostly found in quite old versions. When the security bulletins hit the public, Gentoo / Funtoo was on a way more recent state which wasn't affected for a long time already. That's my experience with Funtoo / Gentoo.
To be on "bleeding edge" (which isn't even a must thanks to portage flexible version-specific choose option) is way more often a security gain but a security issue in my eyes.

Offline

#4 2013-02-25 11:43:24

angelsystech
New member
From: Brazil
Registered: 2012-07-15
Posts: 2

Re: Deploy Servers with Funtoo?

My first introduction with Linux was through Mandrake and Red Hat. I was a Gentoo user, but when I knew Funtoo I didn't use other distro anymore. I have use Funtoo as my personal database server (Postgres and Firebird) and in my clients as Primary Domain Controller (PDC). It isn't Nike but JUST DO IT! I'm sure that it do the trick!

Offline

#5 2013-07-01 11:54:41

vroman
New member
From: Ciudad Real, Spain
Registered: 2013-07-01
Posts: 6

Re: Deploy Servers with Funtoo?

Judge wrote:

I'm running >100 production / enterprise level servers with Funtoo. I know, there is this "hardened" thing in Gentoo, but to be honest: Gentoo and Funtoo was always more stable in the last years than any Ubuntu Server System or Debian ever was. If you really, really want to have a rock solid Distribution, I recommend to use an Enterprise Level Distro like SLES or - more prefered - RedHat Enterprise / CentOS.
Gentoo / Funtoo often have the advantage over binary Distributions, that you have the most recent upstream versions installed. Sure, you might also get the very latest bugs and security holes, but my experience is that security holes are mostly found in quite old versions. When the security bulletins hit the public, Gentoo / Funtoo was on a way more recent state which wasn't affected for a long time already. That's my experience with Funtoo / Gentoo.
To be on "bleeding edge" (which isn't even a must thanks to portage flexible version-specific choose option) is way more often a security gain but a security issue in my eyes.

Hi Judge,

I pushed hardened support for Funtoo profiles and it got merged about 1 year ago or so, I cannot remember the date. If you want to use hardened support on Funtoo just edit your /etc/portage/make.profile/parent which shall look like this:

gentoo:funtoo/1.0/linux-gnu/arch/x86-64bit
gentoo:funtoo/1.0/linux-gnu/build/current
gentoo:funtoo/1.0/linux-gnu/flavor/hardened

Then if you want to use a hardened setup:

1. Change your /etc/portage/make.profile/parent file to look like the above one
2. Install sys-kernel/hardened-sources and take care about some kernel options described here: http://bugs.funtoo.org/browse/FL-224
3. Rebuild gcc and glibc to take care of hardened profile (emerge -uav gcc glibc)
5. Rebuild your entire system with the new toolchain: emerge -eav world
6. Reboot into your new kernel

You have more information about the steps where I filled the "enhancement": http://bugs.funtoo.org/browse/FL-224

I am using hardened since I imported it from Gentoo without problems (except the described on http://bugs.funtoo.org/browse/FL-224), on more than 50 production systems. On previous posts here other users described advantages, so take this one as an approach about Funtoo having hardened profiles.

Offline

Board footer

Powered by FluxBB