Linux - Distributions This forum is for Distribution specific questions.
Red Hat, Slackware, Debian, Novell, LFS, Mandriva, Ubuntu, Fedora - the list goes on and on...
Note: An (*) indicates there is no official participation from that distribution here at LQ. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
07-19-2019, 08:07 PM
|
#1
|
Member
Registered: Oct 2012
Posts: 567
Rep: 
|
Best distro for server security
What is the best Linux distro server, security-wise? I had mentioned I was running Ubuntu server to someone, and they were astounded and told me to run either rhel or centos as it is more secure by default. I did a little bit of hardening on my ubuntu server, but I'm wondering if it's really that bad by default? Are there particular server distros out there that are inherently more "secure" by default? I know it's only as secure as you make it...
|
|
|
07-19-2019, 09:16 PM
|
#2
|
LQ Guru
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 19,780
|
I've not used Ubuntu server, but I keep my ear to the ground will several Linux podcasts, and I've not heard anyone take such a position regarding Ubuntu server. If it were "that bad by default," I'm sure I'd have heard some mention. Did your friend cite any evidence?
I found Ubuntu's article about its security practices; you may find it interesting: https://help.ubuntu.com/lts/serverguide/security.html
A web search for "most secure linux server distro" will turn up a number of articles and comparisions.
|
|
|
07-20-2019, 03:25 AM
|
#3
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,694
|
Secure by default means simply that there are the minimal possible pre-installed packages and those that are have sound configuration settings. After that, all the distros are more or less just as good or bad because they all have the same packages to add on.
About Ubuntu's server edition specifically, the server edition has almost nothing pre-installed so by that metric it is secure by default.
Complexity quickly reduces security. So once you take a secure by default distro and add weird packages to it, your security goes out the window. On the topic of complexity, there is the package manager to think of. I've not had any problems with APT but have had countless problems over the years with RPM based distros. Likewise, adding a GUI to a server is a big mistake, too.
(Then before all that, what do you mean by secure? Usually these days securiy is considered to be the combined characteristics of confidentiality, authenticity, integrity, and availability.)
Last edited by Turbocapitalist; 07-20-2019 at 09:43 AM.
Reason: added confidentiality
|
|
|
07-20-2019, 09:41 AM
|
#4
|
LQ Addict
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 23,714
|
as it was already mentioned: security depends on the admin, the configuration, not on the software you use. So there is no best (or better) distro.
I would suggest you to use your preferred distro (and be uptodate). And you need to learn how to make it [more] secure.
|
|
|
07-21-2019, 02:46 PM
|
#5
|
Member
Registered: Oct 2012
Posts: 567
Original Poster
Rep: 
|
Quote:
Originally Posted by Turbocapitalist
Secure by default means simply that there are the minimal possible pre-installed packages and those that are have sound configuration settings. After that, all the distros are more or less just as good or bad because they all have the same packages to add on.
About Ubuntu's server edition specifically, the server edition has almost nothing pre-installed so by that metric it is secure by default.
Complexity quickly reduces security. So once you take a secure by default distro and add weird packages to it, your security goes out the window. On the topic of complexity, there is the package manager to think of. I've not had any problems with APT but have had countless problems over the years with RPM based distros. Likewise, adding a GUI to a server is a big mistake, too.
(Then before all that, what do you mean by secure? Usually these days securiy is considered to be the combined characteristics of confidentiality, authenticity, integrity, and availability.)
|
The only thing I have to say about it being a "minimal" install, is that for one, after doing a little bit of digging, I found the popcorn cron job running. I was honestly surprised by this. I am wondering what other unnecessary stuff like this, is running on it.
Secure, meaning, least amount of packages at install, and config files hardened and kernel hardened (if that is a thing).
|
|
|
07-21-2019, 07:33 PM
|
#6
|
Senior Member
Registered: May 2015
Location: Where ever needed
Distribution: Slackware/Salix while testing others
Posts: 1,718
|
I might be old fashioned but typically its the one that does the least automatically (especially auto-starting without first configuring) and the one you understand the most.
|
|
|
All times are GMT -5. The time now is 06:52 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|