LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions
User Name
Password
Linux - Distributions This forum is for Distribution specific questions.
Red Hat, Slackware, Debian, Novell, LFS, Mandriva, Ubuntu, Fedora - the list goes on and on... Note: An (*) indicates there is no official participation from that distribution here at LQ.

Notices


Reply
  Search this Thread
Old 07-19-2019, 07:07 PM   #1
sniper8752
Member
 
Registered: Oct 2012
Posts: 474

Rep: Reputation: Disabled
Best distro for server security


What is the best Linux distro server, security-wise? I had mentioned I was running Ubuntu server to someone, and they were astounded and told me to run either rhel or centos as it is more secure by default. I did a little bit of hardening on my ubuntu server, but I'm wondering if it's really that bad by default? Are there particular server distros out there that are inherently more "secure" by default? I know it's only as secure as you make it...
 
Old 07-19-2019, 08:16 PM   #2
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 15,431
Blog Entries: 25

Rep: Reputation: 4438Reputation: 4438Reputation: 4438Reputation: 4438Reputation: 4438Reputation: 4438Reputation: 4438Reputation: 4438Reputation: 4438Reputation: 4438Reputation: 4438
I've not used Ubuntu server, but I keep my ear to the ground will several Linux podcasts, and I've not heard anyone take such a position regarding Ubuntu server. If it were "that bad by default," I'm sure I'd have heard some mention. Did your friend cite any evidence?

I found Ubuntu's article about its security practices; you may find it interesting: https://help.ubuntu.com/lts/serverguide/security.html

A web search for "most secure linux server distro" will turn up a number of articles and comparisions.
 
Old 07-20-2019, 02:25 AM   #3
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,160
Blog Entries: 3

Rep: Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061
Secure by default means simply that there are the minimal possible pre-installed packages and those that are have sound configuration settings. After that, all the distros are more or less just as good or bad because they all have the same packages to add on.

About Ubuntu's server edition specifically, the server edition has almost nothing pre-installed so by that metric it is secure by default.

Complexity quickly reduces security. So once you take a secure by default distro and add weird packages to it, your security goes out the window. On the topic of complexity, there is the package manager to think of. I've not had any problems with APT but have had countless problems over the years with RPM based distros. Likewise, adding a GUI to a server is a big mistake, too.

(Then before all that, what do you mean by secure? Usually these days securiy is considered to be the combined characteristics of confidentiality, authenticity, integrity, and availability.)

Last edited by Turbocapitalist; 07-20-2019 at 08:43 AM. Reason: added confidentiality
 
Old 07-20-2019, 08:41 AM   #4
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 13,070

Rep: Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132
as it was already mentioned: security depends on the admin, the configuration, not on the software you use. So there is no best (or better) distro.
I would suggest you to use your preferred distro (and be uptodate). And you need to learn how to make it [more] secure.
 
Old 07-21-2019, 01:46 PM   #5
sniper8752
Member
 
Registered: Oct 2012
Posts: 474

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Turbocapitalist View Post
Secure by default means simply that there are the minimal possible pre-installed packages and those that are have sound configuration settings. After that, all the distros are more or less just as good or bad because they all have the same packages to add on.

About Ubuntu's server edition specifically, the server edition has almost nothing pre-installed so by that metric it is secure by default.

Complexity quickly reduces security. So once you take a secure by default distro and add weird packages to it, your security goes out the window. On the topic of complexity, there is the package manager to think of. I've not had any problems with APT but have had countless problems over the years with RPM based distros. Likewise, adding a GUI to a server is a big mistake, too.

(Then before all that, what do you mean by secure? Usually these days securiy is considered to be the combined characteristics of confidentiality, authenticity, integrity, and availability.)
The only thing I have to say about it being a "minimal" install, is that for one, after doing a little bit of digging, I found the popcorn cron job running. I was honestly surprised by this. I am wondering what other unnecessary stuff like this, is running on it.
Secure, meaning, least amount of packages at install, and config files hardened and kernel hardened (if that is a thing).
 
Old 07-21-2019, 06:33 PM   #6
ChuangTzu
Senior Member
 
Registered: May 2015
Location: Where ever needed
Distribution: Slackware/Salix while testing others
Posts: 1,438

Rep: Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384Reputation: 1384
I might be old fashioned but typically its the one that does the least automatically (especially auto-starting without first configuring) and the one you understand the most.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Android's seven best new security features and one lingering security problem LXer Syndicated Linux News 0 08-03-2013 12:50 PM
Best distro for old laptops? Best old laptop for that distro? geercom Linux - Laptop and Netbook 8 09-01-2007 08:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions

All times are GMT -5. The time now is 02:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration