Louis,
To put it simply, it's war out there. The number of port scans that are performed on a box connected to the internet is astounding. If you don't really care about your data or how your server may be used if it's been hacked into, then your level of security can be arbitrary.
However, if you do care about either of those things, and considering that at the very least port 80 is open on an OACS install, then there is no getting around that running a server is non-trivial if not full time task. If this were not true, then we could rid the world of bearded, corpulent BOFHs that dictate our lives so completely.
Alas, we cannot.
For instance, at one point we were upgrading from one version of SSH to the latest. In the very short time that we left ourselves vulnerable we got hacked with a man in the middle exploit. We may have been a bit careless with our approach, but not so careless that it wasn't a calculated risk. Even still, we got hammered.
AFAIK, Mandrake is more or less developed for the desktop installation rather than for servers. Someone, maybe Ben, once told me that Mandrake is the best selling distro in the US. Of course, this is not a merit of distinction considering that most systems are installed from downloads. (Google, whose data collection system consists of 4,000 Celeron PCs, bought only 50 cds of Redhat linux.)
So the point is that if you're a newbie, you have two choices:
a) get a *nix distro, a good how-to book, throw away your Gillete Mach3 and order a bunch of Big Macs because you need to figure out how to install GCC and all of its dependencies; or
b) save some time and spend some money to have the 11 year old next door who gets his ass kicked at recess set you up with a killer box or boxen.
Just my 0.02.
talli
