Most Secure Version of Linux

  • AnarchY SI
  • Web Master
  • Web Master
  • User avatar
  • Posts: 2521
  • Loc: /usr/src/MI

Post 3+ Months Ago

i think the title pretty much says it all.. which version of linux is most secure "out of the box" and which is most secure after you install it / run updates for patches?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Maedhros
  • Proficient
  • Proficient
  • User avatar
  • Posts: 325
  • Loc: Durham, England

Post 3+ Months Ago

Hmm, difficult one. I'd tend to say something like Gentoo or Debian where you have a lot of control over the installation process, so you don't end up with potentially exploitable daemons sitting there doing nothing productive. It really depends on what you want it for - Smoothwall is technically a Linux distribution, and that's very secure, but it's not going to be much use as a workstation. :wink:

I can say, not something like Linspire - it's probably not true any more, but at one point the root password was optional, and ssh was started on boot. :shock:
  • AnarchY SI
  • Web Master
  • Web Master
  • User avatar
  • Posts: 2521
  • Loc: /usr/src/MI

Post 3+ Months Ago

iIi see.. well i'd be using it as an every day workstation, lol.

what about like, after installation and you can turn things off and such? or at that point are they all pretty similar?
  • Maedhros
  • Proficient
  • Proficient
  • User avatar
  • Posts: 325
  • Loc: Durham, England

Post 3+ Months Ago

In normal usage, most distros are pretty similar after installation. They tend differ over things like updating, and GUI based config programmes (i.e. some have them, some don't, and those that do all behave in a different way...). It's definitely possible to turn off all services you don't want, but how to do it will probably vary in every distro you come across...
  • Xel02
  • Proficient
  • Proficient
  • Xel02
  • Posts: 261

Post 3+ Months Ago

For linux distro's theres things like Adamantix and other distributions that specialize in security. They are usually used as routers or firewalls though and aren't geared towards workstations.

For BSD, I would say OpenBSD which also specializes in security, and that should be ok as a workstation.

With that in mind any distribution can be made secure given enough work on it. It would only vary on the amount of effort spent on it.

In my opinion I would say Debian Stable would be the best, but its all a matter of opinion. Debian Stable only has packages that are basically old and tested.

But again an OS is only as secure as the User can get it to be.

Also most distributions can control what services are available by editing either inetd.conf or rc.conf (or a variant of it) so it's not that hard.
  • xtc
  • Novice
  • Novice
  • xtc
  • Posts: 34
  • Loc: London UK

Post 3+ Months Ago

There is alot more to security than just the operating system revision that you have chosen. At the end of the day security will impact your usability so it comes down to ---

a) how secure do you want to be.
b) what as a "workstation" is your normal usage pattern.
c) is it directly connected to the internet?

Personally any distribution that has a lower number of dependancies will result in faster and more secure operation. Obviously if a libary or package is vulnerable any packages associate with that package may also be exploitable in some cases upgrading just the vulnerable package may not resolve all of the intermixed security issues as some packages make static binaries including the libaries etc.

Gentoo and debian are good as far as the base operating system but as with all software the more applications you run the more insecure your operating system is likely to become. I personally use slackware, freebsd and other true unix systems (tru64 primarily).

If you want to be secure you can use any OS, make sure it has a good range of updated packages and as few dependancies as possible will result in a more secure end product. For example dont install the gnome libaries if you are only going to use KDE etc etc. Once thats done firewall the box make sure you dont run the desktop environment as root. If your really keen chroot everything :)

There are also products around like grsecurity and selinux that will allow you to do even more with security (particuarly in the area of buffer overflows etc etc etc)..

Enjoy your quest..

X

http://forum.lucidnow.com
  • AnarchY SI
  • Web Master
  • Web Master
  • User avatar
  • Posts: 2521
  • Loc: /usr/src/MI

Post 3+ Months Ago

yea, Fedora Core 3 wants to default install selinux which i have it do every time i reinstall, lol. and i set the security level on high.. i'm not exactly sure what they does and does not allow it to do, but yea. i also have cable internet, so it would be sweet to get behind a router, but my dad owns the router and i'm too greedy with my bandwidth to hook it up ^_^

but thanks for the info
  • phpSelectah
  • Student
  • Student
  • User avatar
  • Posts: 97

Post 3+ Months Ago

only a capable admin makes a box secure.

No distribution will failsafe a negligent admin.



The most default locked down distros are OpenBSD, and any of the livecd distributions.
  • AnarchY SI
  • Web Master
  • Web Master
  • User avatar
  • Posts: 2521
  • Loc: /usr/src/MI

Post 3+ Months Ago

well of course, i didn't mean like.. which distro comes unhackable out of the box (even tho Fedora Core 3 comes out prettty good i'm guessing b/c in the setup, you can choose the "paranoid" security level for selinux. but i know that thats not going to make it secure.

i just meant which distro is more secure out of the box then the other ones available. but its all good now :) ty tho
  • xtc
  • Novice
  • Novice
  • xtc
  • Posts: 34
  • Loc: London UK

Post 3+ Months Ago

AnarchY SI wrote:
yea, Fedora Core 3 wants to default install selinux which i have it do every time i reinstall, lol. and i set the security level on high.. i'm not exactly sure what they does and does not allow it to do, but yea. i also have cable internet, so it would be sweet to get behind a router, but my dad owns the router and i'm too greedy with my bandwidth to hook it up ^_^

but thanks for the info


Out of the box it isnt configured very much at all. Infact its probably a hinderance to most installations. The benefit of selinux etc on servers it much more than on a workstation/desktop system. ACL filesystems are only worth while on multiuser systems realistically.

Post Information

  • Total Posts in this topic: 10 posts
  • Users browsing this forum: No registered users and 60 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.