Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I imagine OpenBSD to be the most secure OS period, but what is 'the best' Linux has to offer? In this case, what I mean by best is: most stable, hardest to crack, most secure by default, etc. Would this be Slackware or Gentoo or something else?
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
this question has been asked at least once before on this bullitan.... and the answer is a ditro of linux is only as secure as you make it, ANY distro can be locked down if you know what you are doing.
From what I understand, this http://www.nsa.gov/selinux/ is the most secure flavor around.
It's been in developement by the NSA for a few years and the DOD uses a distro of Linux as well but I'm not sure if it's the same one.
Put it this way, would you really like to think that sensitive information is being stored on an M$ platform?
Most of the distros come with the secure kernel or you can install it yourself. I've never felt the need to use it, but Mandrake has a security setting named paranoid.
Oh, and as frieza mentioned, depends on what you want. It's a trade off most of the time. Connectivity and functionality have their price.
</rant>
There are also a number of "hardened" distros that follow a much more security-centric approach. A few would be Immunix, Trustix, EnGarde, plus a number of main-stream distros now offer hardened versions as well...hardened Gentoo, hardened LFS, Trusted Debian/Adamantix (website's down) and finally hardening scripts like bastille-linux, harden_suse, Debian's harden are also available.
The most secure distro is the one you secure. Just like doors on your house. They only keep people out when locked. Unlocked and they might as well be wide open.
For some reason, people think if its linux or unix its automatically secure. It has a better start than others but its only as secure as you make it.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Originally posted by Netizen The most secure distro is the one you secure. Just like doors on your house. They only keep people out when locked. Unlocked and they might as well be wide open.
For some reason, people think if its linux or unix its automatically secure. It has a better start than others but its only as secure as you make it.
Well that's mostly true, but most of those distros that C_C mentioned have third-party kernel patches to add buffer overflow protection, mandatory access control, ACLs, etc... That's not stuff you could easily add on your own and it's not stuff that comes with most distros by default.
OpenBSD didn't only get it's reputation by having a very secure default configuration, it's also added extra security precautions to almost every part of the OS, including an extensively modified kernel, compiler, privileger separation or revoking on many of the standard daemons, and even writing their own daemons from scratch (sshd, ntpd, dhcpd, bgpd, etc).
You could EVEN make Windows as secure as Linux/Unix if the user has common sense in security. Not all OSs is secure, we all know that.
The most secure OS, Linux, Unix, or whatever, is the one that's not hooked to the outside world such as the net.
And speaking in terms of Law Enforcement (Computer Crimes) it does not matter if who or what has the best AV or Firewall out there, any hacker working for the FBI CIA etc... could infact read your hardrives and break in to your PC.
sorry for orginal somewhat stupid post. I know that Linux can be cracked just as easily as windows if it is not 'hardened'. I was just trying to find which distro would provide the best packages and kernel build for security. As in taking the extra time to test before a release. Maybe i should say has the best reputation for this... heh.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.