Which Linux distro is most secure for a web server?
Linux - DistributionsThis forum is for Distribution specific questions.
Red Hat, Slackware, Debian, Novell, LFS, Mandriva, Ubuntu, Fedora - the list goes on and on...
Note: An (*) indicates there is no official participation from that distribution here at LQ.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Secure as per which definition? What you would probably want would be to have the least moving parts possible, because if it is not there it can't break. As such some of the server editions of popular distros would be a good choice. Most have the minimal possible number of packages pre-installed and you then add whatever you need but only what you need.
Every year there's a survey of web-servers. Of those that will show what they're running, the most popular are Debian Stable and CentOS. The CentOS full installation disk has a web-server option, so that you only get what you need.
Most servers I've used have been CentOS, or another RHEL-based distro.
I hadn't heard of OWL, so I searched "OWL linux" and Openwall GNU/*/Linux came up.
This is from the front page:
Quote:
Openwall GNU/*/Linux (or Owl for short) is a small security-enhanced Linux distribution for servers, appliances, and virtual appliances.
...
Owl 3.0 was released in December 2010. It uses a RHEL 5.5-based Linux/OpenVZ kernel and it has optional OpenVZ container-based virtualization integrated. We've since updated to RHEL 5.11-based Linux/OpenVZ kernels and beyond in Owl 3.1-stable.
...
At this time, we barely maintain Owl[/b], fixing only the most critical vulnerabilities. [b]Owl's future is unclear.
Centos/RHEL are currently at v8. RHEL v5.11 is not supported, except by people who pay Red Hat for extended support, and even then only until November this year.
it was already explained several times: security mainly depends on the maintainer and the configuration, not on the distro or software.
Do not expect any distro will work for you without human intervention.
If you're using WordPress or Drupal or any other CMS, your vulnerabilities are going to be there. That is where the complexity is and that is combined with the exposed surface. If you can, use a static site generator instead. But if you can't, then stay on top of the latest security patches for your chosen CMS.
^ An important aspect: your server software can be ultra "secure", if you use a badly configured vulnerable CMS something can still pwn your webroot. Maybe not the rest of the system, but all clients can get phished regardless.
Quote:
Originally Posted by n00b_noob
I don't know it is right or wrong but some of customized Linux distro embedded security applications or using modified Kernel.
"More security apps" does not mean "more secure", whatever your definition of "secure" is (you still haven't told us).
^ An important aspect: your server software can be ultra "secure", if you use a badly configured vulnerable CMS something can still pwn your webroot. Maybe not the rest of the system, but all clients can get phished regardless.
"More security apps" does not mean "more secure", whatever your definition of "secure" is (you still haven't told us).
Definition of Security? My server doesn't hack by a Script kiddie.
All of the above posts were reasonable
If I may add, it depends upon what it is you are trying to secure!
Do you mean in terms of being difficult to break into, in terms of protesting your network, protecting your data, protecting your code...?
One option is a container based distribution. If your web server runs in a container, perhaps a full distro container, then it can be more isolated from both the host and the rest of your network.
Do not forget generational full and incremental backups that allow you a point-in-time recovery and restoration to secure your operation, if that matters.
Definition of Security? My server doesn't hack by a Script kiddie.
No, that's not a definition of Security, that's just what you want to prevent.
It's like saying "My definiton of secure driving is that no accidents happen".
We are asking this for a reason, not to annoy you or to appear mystically superior.
Read some of the links offered to you in the various threads this came up, you'll soon understand.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.