LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions
User Name
Password
Linux - Distributions This forum is for Distribution specific questions.
Red Hat, Slackware, Debian, Novell, LFS, Mandriva, Ubuntu, Fedora - the list goes on and on... Note: An (*) indicates there is no official participation from that distribution here at LQ.

Notices


Reply
  Search this Thread
Old 09-05-2020, 10:03 AM   #1
n00b_noob
Member
 
Registered: Sep 2020
Posts: 90

Rep: Reputation: Disabled
Post Which Linux distro is most secure for a web server?


Hello,
Which Linux distro is more secure by default for a web server? How about "OWL" distro? is it OK for web server?

Thank you.
 
Old 09-05-2020, 10:08 AM   #2
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,059
Blog Entries: 3

Rep: Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522
Secure as per which definition? What you would probably want would be to have the least moving parts possible, because if it is not there it can't break. As such some of the server editions of popular distros would be a good choice. Most have the minimal possible number of packages pre-installed and you then add whatever you need but only what you need.
 
Old 09-05-2020, 10:24 AM   #3
DavidMcCann
LQ Veteran
 
Registered: Jul 2006
Location: London
Distribution: PCLinuxOS, Xubuntu
Posts: 5,608

Rep: Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016
Every year there's a survey of web-servers. Of those that will show what they're running, the most popular are Debian Stable and CentOS. The CentOS full installation disk has a web-server option, so that you only get what you need.
 
Old 09-05-2020, 10:31 AM   #4
boughtonp
Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 575

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
Most servers I've used have been CentOS, or another RHEL-based distro.


I hadn't heard of OWL, so I searched "OWL linux" and Openwall GNU/*/Linux came up.

This is from the front page:
Quote:
Openwall GNU/*/Linux (or Owl for short) is a small security-enhanced Linux distribution for servers, appliances, and virtual appliances.
...
Owl 3.0 was released in December 2010. It uses a RHEL 5.5-based Linux/OpenVZ kernel and it has optional OpenVZ container-based virtualization integrated. We've since updated to RHEL 5.11-based Linux/OpenVZ kernels and beyond in Owl 3.1-stable.
...
At this time, we barely maintain Owl[/b], fixing only the most critical vulnerabilities. [b]Owl's future is unclear.
Centos/RHEL are currently at v8. RHEL v5.11 is not supported, except by people who pay Red Hat for extended support, and even then only until November this year.

So probably best to avoid Owl.

 
Old 09-05-2020, 11:01 AM   #5
n00b_noob
Member
 
Registered: Sep 2020
Posts: 90

Original Poster
Rep: Reputation: Disabled
I asked about OWL because it is a customized Distro. any similar distro?
 
Old 09-05-2020, 11:24 AM   #6
boughtonp
Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 575

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367

Do you have a reason to not use CentOS?

If so, I'm pretty sure distrowatch.com will have a way to list all server-focused distros.

 
Old 09-05-2020, 11:38 AM   #7
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 15,107

Rep: Reputation: 4975Reputation: 4975Reputation: 4975Reputation: 4975Reputation: 4975Reputation: 4975Reputation: 4975Reputation: 4975Reputation: 4975Reputation: 4975Reputation: 4975
it was already explained several times: security mainly depends on the maintainer and the configuration, not on the distro or software.
Do not expect any distro will work for you without human intervention.
 
1 members found this post helpful.
Old 09-05-2020, 12:42 PM   #8
n00b_noob
Member
 
Registered: Sep 2020
Posts: 90

Original Poster
Rep: Reputation: Disabled
Thank you.
I don't know it is right or wrong but some of customized Linux distro embedded security applications or using modified Kernel.
 
Old 09-05-2020, 01:34 PM   #9
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,059
Blog Entries: 3

Rep: Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522Reputation: 2522
If you're using WordPress or Drupal or any other CMS, your vulnerabilities are going to be there. That is where the complexity is and that is combined with the exposed surface. If you can, use a static site generator instead. But if you can't, then stay on top of the latest security patches for your chosen CMS.
 
2 members found this post helpful.
Old 09-05-2020, 03:22 PM   #10
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,305
Blog Entries: 9

Rep: Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379
^ An important aspect: your server software can be ultra "secure", if you use a badly configured vulnerable CMS something can still pwn your webroot. Maybe not the rest of the system, but all clients can get phished regardless.

Quote:
Originally Posted by n00b_noob View Post
I don't know it is right or wrong but some of customized Linux distro embedded security applications or using modified Kernel.
"More security apps" does not mean "more secure", whatever your definition of "secure" is (you still haven't told us).
 
1 members found this post helpful.
Old 09-06-2020, 06:44 AM   #11
n00b_noob
Member
 
Registered: Sep 2020
Posts: 90

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by ondoho View Post
^ An important aspect: your server software can be ultra "secure", if you use a badly configured vulnerable CMS something can still pwn your webroot. Maybe not the rest of the system, but all clients can get phished regardless.

"More security apps" does not mean "more secure", whatever your definition of "secure" is (you still haven't told us).
Definition of Security? My server doesn't hack by a Script kiddie.
 
Old 09-06-2020, 07:45 AM   #12
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,428

Rep: Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485
All of the above posts were reasonable
If I may add, it depends upon what it is you are trying to secure!
Do you mean in terms of being difficult to break into, in terms of protesting your network, protecting your data, protecting your code...?

One option is a container based distribution. If your web server runs in a container, perhaps a full distro container, then it can be more isolated from both the host and the rest of your network.

Do not forget generational full and incremental backups that allow you a point-in-time recovery and restoration to secure your operation, if that matters.
 
Old 09-06-2020, 03:27 PM   #13
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,305
Blog Entries: 9

Rep: Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379
Quote:
Originally Posted by n00b_noob View Post
Definition of Security? My server doesn't hack by a Script kiddie.
No, that's not a definition of Security, that's just what you want to prevent.
It's like saying "My definiton of secure driving is that no accidents happen".
We are asking this for a reason, not to annoy you or to appear mystically superior.
Read some of the links offered to you in the various threads this came up, you'll soon understand.
 
2 members found this post helpful.
Old 09-06-2020, 07:06 PM   #14
berndbausch
LQ Guru
 
Registered: Nov 2013
Location: Tokyo
Distribution: A few
Posts: 5,325

Rep: Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603Reputation: 1603
Quote:
Originally Posted by n00b_noob View Post
Which Linux distro is more secure by default for a web server?
OpenBSD. Not exactly Linux, but not THAT different either.

Plus:
  1. Watch security advisories
  2. Install patches
  3. Use a firewall and an IDS
  4. Disable all services and accounts you don't need
  5. Watch log files (see also number 3)
  6. Other security practices
 
3 members found this post helpful.
Old 09-07-2020, 01:26 PM   #15
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,305
Blog Entries: 9

Rep: Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379Reputation: 4379
Quote:
Originally Posted by ondoho View Post
Read some of the links offered to you in the various threads this came up, you'll soon understand.
To be fair, nobody has bothered to link anything like that in any of your threads afaics, although I'm sure LQ already has various very similar threads that do contain the information you seek.
Anyhow, 2 searches to get you started:
https://duckduckgo.com/?q=which+linu...r+a+web+server
https://duckduckgo.com/?q=how+to+sec...nux+web+server
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Which Linux Distro? Most complete out of the box Linux distro? P@trick99 Linux - Newbie 18 06-18-2014 07:19 AM
LXer: Even the most secure cloud storage may not be so secure, study finds LXer Syndicated Linux News 0 04-23-2014 04:30 AM
Which software is most secure for web-based webhosting? SentralOrigin Linux - Server 6 01-04-2012 03:28 AM
Which distro of UNIX/LINUX is the most secure and cracker,virus free ?? pleasehelpme Linux - Newbie 3 05-08-2005 11:25 AM
Which Linux distro is most secure?? StamfordRob Linux - Security 14 02-25-2002 01:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions

All times are GMT -5. The time now is 08:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration