Results 1 to 7 of 7

Thread: Linux Flavors

  1. #1
    Junior Member shadowwolf's Avatar
    Join Date
    Sep 2001

    Question Linux Flavors

    I am just getting started in learning Security, and I was just wondering for security reasons, what is the best flavor of Linux to use?

  2. #2
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    There are hundreds of threads on this site about this topic. As far as security, an OS is only as secure as it's administrator. Try searching Google and here at AO and you will find more than you could ever read about which distro to choose.

  3. #3
    Senior Member
    Join Date
    Feb 2003
    Memphis, TN
    Suse, Red Hat, and Mandrake are all very user friendly distros.

    But like Neutron said, search around on this site and google to find some more info.

  4. #4
    Join Date
    May 2003
    For secure flavors of Linux you have several choices, including the following:

    Pitbull LX: http://www.argus-systems.com/product/overview/lx/
    Trusted Linux: http://www.hpl.hp.com/research/papers/trustedlinux.html
    SE Linux: http://www.nsa.gov/selinux/

    Are the primary ones in order of most finished to least. SE Linux and Trusted Linux are still research and NOT to be used in secure environments. Pitbull LX merely targets the B1 specification, so it to is unfit for medium+ security multi-level environments. These are however the best Linux has to offer at this time.

    It should be stated that these are not strictly Linux as kernel modifications are implemented.

    Other types of "secure" Linux and Linux tools exist such as LIDS and Bastille Linux are either poor solutions are don't really increase the security of the system, they just bring it to a more "hardened" state. Which brings me to another important point...

    OS hardening. The vast majority of "secure" Linuces are merely hardened distros. The process of hardening a system basically consists of the following steps:

    Removing all superfluous services from the system
    Removing all superfluous software from the system
    Locking down important files with more restrictive permissions

    Other techniques like firewalls, IDSes, restricting who can logon from where are also frequently included.

    Although this may now seem like the system is secure, consider the following:

    The almighty root account is still alive and well, this consolidation of power present a tremendous security concern.
    Patching always leaves you one step behind.
    Bugs are constantly being discovered and no software that has not been formally verified should be trusted.
    It isn't possible to completely restrict applications with normal hardening techniques, these apps when broken still have more reach than they should. Not only this but any illegitimate children (BOFing a forked shell, etc) also have the same power as their parent.

    Also, kindly ignore NeuTron, the systems I have stated are more secure than traditional Linux. Security is a discussion of assurance and functionality, configuration is covered under assurance as documentation. Relying on Administrator heroics is nonsensical.


  5. #5
    Senior Member
    Join Date
    Mar 2002
    Check out this too: http://www.bastille-linux.org/

  6. #6
    Senior Member
    Join Date
    Mar 2002
    I don't really like the newbie-friendly linuxes, they are rebellious to open source and some are only available commercially (I'm not talking about pirated software here guys). I have never used any of the operating systems catch listed, and as a newbie, I personally wouldn't go for it until you've experienced something more popular and user friendly. But for security reasons, I would use SuSE or Red Hat, although you really can't rely on the operating system alone, its more like your ability to master the techniques required to be learned to secure the system. Just remember - the first thing that most hackers are going to rely on to get into your system is either a known exploit or a virus, which both relate directly to the incompetence of the system administrator running the OS.

    Just my opinion though.

    -{[ Joe ]}- (Joe@nitesecurity.com)

    [shadow]I\'m Just A Soldier In This War Against Ignorance.[/shadow]

  7. #7
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Boston, MA

    I think its the best place to get started.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts