LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-29-2004, 05:21 PM   #1
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Rep: Reputation: 30
Question Hardened Distribution


Is there any hardened distribution of Linux that is reasonably secure out-of-the-box? If so where can I download it from? Please do not include Gentoo as it already gives me nightmares. It seems complex for someone new to linux.
 
Old 05-29-2004, 05:58 PM   #2
Mathieu
Senior Member
 
Registered: Feb 2001
Location: Montreal, Quebec, Canada
Distribution: RedHat, Fedora, CentOS, SUSE
Posts: 1,403

Rep: Reputation: 46
Secure... All of them.
If you want a very secure system, you will have to lock-it down yourself.

If you use a recent version of any distribution, you get all the latest packages.
So this reduces the risk associated with software security holes -- just as long as you keep them up-to-date.

The rest is up to you.
The important steps are to configure a good firewall, only start-up needed services and use secure passwords.
Then, of course, there is the tweaking of the configurations files.
Restricting access to normal users...

Depending on what you plan on doing with your new Linux system, securing it can take less than an hour or a few days... if not more.

Linux distributions vary on different implementation methods which can influence security, but in the end, all distributions try to be as secure as possible.
 
Old 05-29-2004, 06:41 PM   #3
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
That seems a little premature to me to state that every Linux distribution out there is secure out-of-the box. It seems to me in my opinion that it is dependent upon various variable to enhance security e.g. type of packages installed, services running, etc. I guess what I am looking for is for example if I choose a server installation, it should only install what is required not anything else. From my understanding Red Hat for example install other packages often not required e.g. CUPS. Why would I need CUPS when I selected I do not wish printer support.
 
Old 05-29-2004, 07:34 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
It's an extremely common and foolish mistake to assume that all Linux distros (or any OS, for that matter) is "secure out of the box". The only one I've see come close is OpenBSD, simply* because everything is turned off by default (other than OpenSSH). I suppose maybe some others, like Plan9 and.. Eros is it? are pretty secure by default, too. Any way, I digress...

From my experience, Mandrake does a fair job of being relatively secure, but ONLY if you select a high security level during the install (it will ask you what security level to set to, the default is too insecure IMHO). Even though it uses some lock-down scripts, Mandrake still installs a lot of bloat so I wouldn't really consider it in any way a "secure distro".

There are various different distros that claim to be "Secure Linux", so check out www.distrowatch.com. A quick search turns up Trustix, Immunix, EnGarde, etc... YMMV.

*Actually, there's a lot more to it than that, but that is the easiest answer.
 
Old 05-30-2004, 03:01 AM   #5
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
chort,

Are there any "free" secure distributions I can download apart from OpenBSD or FreeBSD?
 
Old 05-30-2004, 04:12 PM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
First, OpenBSD and FreeBSD are... BSD (not Linux), so they aren't called "distros" (that's a Linux term). I probably should have better worded the first two sentences in my original post.

Are the three distros I posted not free? I looked at Trustix briefly and it seemed to be available for free... Did you not look at www.distrowatch.com at all? I also just saw Adamantix, which seems to be free as well...
 
Old 05-30-2004, 10:55 PM   #7
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
Question Distributions

I believe Trustix does not support their older versions and it is the first time I'm hearing of Adamantix. It seems to be based on Debian. Has anyone by any chance used Adamantix?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hardened linux from scratch glibc build hardened-specs.sh problem behmjoe Linux From Scratch 2 09-04-2005 02:06 PM
Secure Linux Distro Hardened for Server Operation colline Linux - Security 3 05-13-2005 07:04 PM
problems finilazing a gentoo hardened instaliation Snerkel Linux - Distributions 3 01-17-2005 07:09 PM
AHLFS (Automated Hardened LFS) Profile for nALFS - See progress reports here... bisailb Linux From Scratch 2 09-28-2004 01:13 PM
Going from distribution to distribution safe? sausagejohnson Linux - General 8 04-30-2004 02:27 AM


All times are GMT -5. The time now is 07:15 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration