LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-01-2001, 10:45 AM   #1
mkhan
Member
 
Registered: Jun 2001
Posts: 30

Rep: Reputation: 15
which distro?


hi

I am starting out to do work in the security arena, where i will be doing IT security related work (Pen testing, firewalls etc), and im looking for a good Linux distro which has "security" as its number 1 feature. Can someone recommend a good distro for security related work?

thanks in advance


m khan
 
Old 07-01-2001, 12:04 PM   #2
ssadams
Member
 
Registered: Dec 2000
Location: Toronto Canada
Distribution: slackware 7.1
Posts: 95

Rep: Reputation: 15
Slackware
 
Old 07-01-2001, 04:31 PM   #3
jharris
Senior Member
 
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243

Rep: Reputation: 47
I can't say that I've ever come accross a Linux distro that has security as its main aim. As mentioned Slackware should be pretty good and the guy who maintains it doesn't seems to push any thing too new into the distro so its all pretty well tested.

If wanted to setup a secure server I'd be on OpenBSD I'm afraid to say... It's aim seems to be security, although I've never played with it myself.

cheers

Jamie...

PS - Crossed with http://www.linuxquestions.org/questi...&threadid=3868

Last edited by jharris; 07-01-2001 at 04:35 PM.
 
Old 07-02-2001, 05:15 AM   #4
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
There is a Linux disto that is aimed at security, but it's maintained by the NSA, so I wouldn't trust it.
http://www.nsa.gov/selinux/index.html

I would use a Linux disto that other people use, so you can test configurations and flaws.
Anything with a Lunux 2.4 Kernel is a good start.

As an example my firewall has been looked at or attack 461 times in 3 months.
From these 461 scans/attacks my IDS has done a Fingerprint OS check on each IP.

Of the 461 only about 200 gave a result. "rest had firewalls or no system due to dynamic IP"
It gives you a good idea of what OS's are been used out there to attack.

Windows 2000 = %24
Windows 98 /NT = %15
Linux 2.2 = %29
Linux 2.4 = %16
BSD = %3
Cisco Routers = %4
Solaris 7/8 = %6
Nortel systems = %2
Checkpoint Fw1 = %1

/raz
 
Old 07-02-2001, 07:22 AM   #5
jharris
Senior Member
 
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243

Rep: Reputation: 47
Quote:
Originally posted by raz
There is a Linux disto that is aimed at security, but it's maintained by the NSA, so I wouldn't trust it.
http://www.nsa.gov/selinux/index.html
LOL

Heard about this but didn't think they had done any serious work on it yet... will have to take a look (from someone elses IP )

Jamie...
 
Old 07-04-2001, 05:09 AM   #6
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Jamie,

What I find interesting is the fact they are promoting the NSA Linux version is the best for security... but they use Solaris 7 on all there main internet servers. "with Sun's random Sequencer patch on the TCP stack"

So if they don't trust it would you. lol
Got to go, some men in black suits are at the door.

/Raz
 
Old 07-04-2001, 08:20 AM   #7
cinnix
Member
 
Registered: Jun 2001
Location: Northern Ohio
Distribution: RedHat, Engarde and LFS
Posts: 237

Rep: Reputation: 30
There is no distro from the NSA, it is just a kernel with mandatory access controls implemtented along with several other enhancements. The also provide several utilities that are modified to work wit the kernel. I am currently using engarde-linux. I switched from redhat to engarde and had to almost retrain myself to get used to the security implementations. It comes with LIDS, tripwire, snort and MAC. It is the most secure distro I have ever seen. It is also very small (140 Meg). If you decide to use it, make sure you get on the mailing list, they are very helpful and very very responsive.

www.engarde-linux.com
 
Old 07-04-2001, 08:25 AM   #8
jharris
Senior Member
 
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243

Rep: Reputation: 47
Raz,

Itsn't there a scary version of Solaris called 'Trusted Solaris' I heard some people talking about while I was at BAE (non of what they said was anything but it being a bitch to administer), I think it's used by some of the MoD projects...

Jamie
 
Old 07-04-2001, 11:36 AM   #9
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Thanks Cinnix, when I get time I'll check out that link your provided. Don't like the idea about re-learning my security knowledge again.

Anyway coincidentally I do know a little about Trusted Solaris's OS 8 from my time in training at Camberley with Sun MS.

It's one of the Unix OS's that conforms to the UK's ITSEC E3/F-B1 and E3/F-C2 level, which is very important if a bank or military group is going to evaluate/consider using it.

Basically it's not a secret, it's just an OS from Sun that doesn't trust anyone as default and has a few security improvements.
Yet patches are still very slow at been release so Linux beats it hands down, if set-up correctly.

In Sun's words "The Trusted Solaris 8 Operating Environment extends the capabilities of the Solaris[tm] Operating Environment to provide superior safeguards against internal and external threats far beyond the protection commonly found in standard operating systems."

It's likely that the NSA are using this version, due to the SPN "sequencer prediction number" been so high compared to a standard install of a Solaris 8 system.

/Raz
 
Old 07-04-2001, 11:44 AM   #10
cinnix
Member
 
Registered: Jun 2001
Location: Northern Ohio
Distribution: RedHat, Engarde and LFS
Posts: 237

Rep: Reputation: 30
no it's not that you have to relearn your security knowedge, it's that you will realize how many insecure things you used to do but can't do anymore. This distro does not include insecure settings or packages by default. For example, the distro contains no compilers or developement packages, no more telnet, etc etc...

They say 'no to cleartext'. Check it out, I am sure that you will like it. Or join the mailing list, EVERYONE is friendly and you will more than likely have an answer within an hour. Ask a couple questions and see what you think, it features are still in development but it's foundation is solid as a rock.

Sorry if I sound like a promoter or an advertiser, but I really think that this is the most secure linux distro.

Good Luck.
 
Old 07-05-2001, 06:09 AM   #11
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Oh ok, in that case I'll look into it.
I'm interested in systems that I can throw VPN's on and nothing else, for some customer solutions.

Thanks,
/Raz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Upgrade Kernel, distro, or switch distro? badmofo666 Linux - Newbie 9 12-20-2005 01:02 AM
which distro is a Gnu/Linux distro masand Linux - General 24 09-14-2005 06:26 PM
New SUSE Distro. - Which distro., should I buy or download? vcroww SUSE / openSUSE 11 08-24-2005 04:29 AM
Distro: Less scripting. Looking for mainly Elf binary based distro Z505 Linux - General 1 04-03-2005 12:33 AM
Exchanging packages from Distro to Distro. Can this be done? Satriani Linux - General 4 05-31-2003 05:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration