LinuxQuestions.org

LinuxQuestions.org (http://www.linuxquestions.org/questions/index.php)
-   Linux - Security (http://www.linuxquestions.org/questions/forumdisplay.php?f=4)
-   -   most secure Linux distro (http://www.linuxquestions.org/questions/showthread.php?t=224536)

name_in_use450 08-30-2004 07:56 PM

most secure Linux distro
 
I imagine OpenBSD to be the most secure OS period, but what is 'the best' Linux has to offer? In this case, what I mean by best is: most stable, hardest to crack, most secure by default, etc. Would this be Slackware or Gentoo or something else?

frieza 08-30-2004 08:34 PM

this question has been asked at least once before on this bullitan.... and the answer is a ditro of linux is only as secure as you make it, ANY distro can be locked down if you know what you are doing.

LaGrosse 08-30-2004 09:09 PM

most secure?
 
From what I understand, this http://www.nsa.gov/selinux/ is the most secure flavor around.
It's been in developement by the NSA for a few years and the DOD uses a distro of Linux as well but I'm not sure if it's the same one.
Put it this way, would you really like to think that sensitive information is being stored on an M$ platform?
Most of the distros come with the secure kernel or you can install it yourself. I've never felt the need to use it, but Mandrake has a security setting named paranoid.

Oh, and as frieza mentioned, depends on what you want. It's a trade off most of the time. Connectivity and functionality have their price.
</rant>

Capt_Caveman 08-30-2004 09:32 PM

There are also a number of "hardened" distros that follow a much more security-centric approach. A few would be Immunix, Trustix, EnGarde, plus a number of main-stream distros now offer hardened versions as well...hardened Gentoo, hardened LFS, Trusted Debian/Adamantix (website's down) and finally hardening scripts like bastille-linux, harden_suse, Debian's harden are also available.

Netizen 08-30-2004 10:03 PM

The most secure distro is the one you secure. Just like doors on your house. They only keep people out when locked. Unlocked and they might as well be wide open.

For some reason, people think if its linux or unix its automatically secure. It has a better start than others but its only as secure as you make it.

chort 08-30-2004 11:24 PM

Quote:

Originally posted by Netizen
The most secure distro is the one you secure. Just like doors on your house. They only keep people out when locked. Unlocked and they might as well be wide open.

For some reason, people think if its linux or unix its automatically secure. It has a better start than others but its only as secure as you make it.

Well that's mostly true, but most of those distros that C_C mentioned have third-party kernel patches to add buffer overflow protection, mandatory access control, ACLs, etc... That's not stuff you could easily add on your own and it's not stuff that comes with most distros by default.

OpenBSD didn't only get it's reputation by having a very secure default configuration, it's also added extra security precautions to almost every part of the OS, including an extensively modified kernel, compiler, privileger separation or revoking on many of the standard daemons, and even writing their own daemons from scratch (sshd, ntpd, dhcpd, bgpd, etc).

unixfreak 08-31-2004 08:07 PM

You could EVEN make Windows as secure as Linux/Unix if the user has common sense in security. Not all OSs is secure, we all know that.

The most secure OS, Linux, Unix, or whatever, is the one that's not hooked to the outside world such as the net.

And speaking in terms of Law Enforcement (Computer Crimes) it does not matter if who or what has the best AV or Firewall out there, any hacker working for the FBI CIA etc... could infact read your hardrives and break in to your PC.

Capt_Caveman 08-31-2004 08:21 PM

I think that's going a bit overboard.

name_in_use450 08-31-2004 08:24 PM

sorry for orginal somewhat stupid post. I know that Linux can be cracked just as easily as windows if it is not 'hardened'. I was just trying to find which distro would provide the best packages and kernel build for security. As in taking the extra time to test before a release. Maybe i should say has the best reputation for this... heh.


All times are GMT -5. The time now is 04:50 AM.