I'm looking to put a box at a client site which will be connected to the client's home router for internet.

That box will have remote access software on it and will have untrustworthy contractors logging in and using the browser. So, I'm looking for a distro that would be LOCKED DOWN to the max from the user side.

Regardless of the distro I'm planning on blocking all possible applications, (especially the terminal) leaving only the browser accessible. Blocking all the ports and all the domains aside from the 2 that the user/contractor should access. The user will have non-admin privileges of course.

So, taking all that into consideration, is there a distro that somehow facilitates being locked down from within, to minimize the possible attack surface?

That's a home network we're talking about, so I'm considering security VERY seriously.
Can the security even be guaranteed to a certain extent with this setup, should I even go ahead with this project?

Any and all other possible security tweaks are definitely welcome, I'm a newbie so everything and all is new to me.

Guys, your thoughts are greatly appreciated!

Thank you beforehand!

All distro's should be capable of doing what you want..

Keep in mind though, with physical access to the computer, things become a lot harder to protect.
Some things to think about
-> booting to a live cd will give full access to the HDD

-> disable alternate boot devices in the BIOS and password the BIOS

-> single user mode

-> password protect the boot menu

-> Removal of the disk and putting it into a external caddy/spare computer

-> disk encryption

-> if the machine stays on, the encryption key can possibly be recovered from RAM with a "cold boot attack", although, this is somewhat unlikely..

It all depends on your definition of "LOCKED DOWN to the max", and "VERY seriously".

I'm not as worried about the actual client being able to get in.

My main concern are the contractors. Those contractors will not have any access to the box except for that which is given by the TeamViewer.

The box will not have a CD/DVD-ROM.

The main concern should be the contractors hacking their way out of the locked down box and messing up the client's system thats on the same local network. Thats my main concern.

Apologies, I misread your OP in that i thought the untrusted folk had physical access..

As i said, pretty much any distro is going to do what you want.

You can create firewall (iptables) rules to only allow certain ports to certain IP's.
Proxy (squid) rules to only allow certain websites.
User groups, permissions, ACL's etc, to restrict particular programs.

So, I would pick the distro you are most comfortable with.

Have you considered an OS like OpenBSD? It's not Linux, but it is a "secure by default" kind of Operating System with maximum security features built right into the OS that would require a lot of tweaking/work in other *nix systems.

Thank you fukawi1!

vharishankar, I already settled with CentOS.

Any specific guides or suggestions on how to bring forth the security configurations I mentioned. I only tentatively know how it should work in theory but will need massive research to bring it into fruition.

If guys have any specific guides that would be greatly appreciated.

OK, since you've settled down to a distro, you could mark this thread "solved".