I am looking for a Hardened Linux distro, so far I have found only one, being a good rep. SELinux, however I don't know if this is the way I should go, since I am a bit of newbie, I would perfer a distro that's easy going and easier to learn also. But I want to start with a hardened linux, any suggestions here? I've also heard of Gentoo, but heard it's a killer to install for newbies.
Hardened Linux Suggestions?
- Thread starter Jon855
- Start date
How much security do you need? How well do you need to protect whatever it is that needs protecting?
OpenBSD.
Hardened gentoo, RHEL has the SELinux stuff in it, Debian can have SELinux installed in it I think, the grsecurity patches are out there... There are too many options. SELinux will be a PITA for a newer user. grsecurity is supposed to be easier and covers a bit more than SELinux does (PAX).
Hardened gentoo, RHEL has the SELinux stuff in it, Debian can have SELinux installed in it I think, the grsecurity patches are out there... There are too many options. SELinux will be a PITA for a newer user. grsecurity is supposed to be easier and covers a bit more than SELinux does (PAX).
gentoo install is easy (easy to follow documentation). It's after you get the install finished that linux noob have issues. (Trust me, it was my first try of linux).
OpenBSD has the rep of one of the most secure OS's around, but really, we need to know WHAT you are doing with the box. Securing a webserver is different then securing a firewall/router is different then securing your 'leet haxxors wArez machine.
My advice for a linux novice is redhat, it's got a good support community and decent documentation. (where I went after staring at the bash prompt in gentoo for a few days was RH9)
OpenBSD has the rep of one of the most secure OS's around, but really, we need to know WHAT you are doing with the box. Securing a webserver is different then securing a firewall/router is different then securing your 'leet haxxors wArez machine.
My advice for a linux novice is redhat, it's got a good support community and decent documentation. (where I went after staring at the bash prompt in gentoo for a few days was RH9)
cleverhandle
Diamond Member
- Dec 17, 2001
- 3,566
- 3
- 81
Debian, then sprinkle on some Bastille to 'harden it up'.
Also Fedora makes good stuff.
But the real trick is network security.. ie put a seperate router-firewall up and only forward ports you need for your file exchanges.
OpenBSD is nice, too. Very secure. (it's all free software. and 90% of what works in Linux will work in OBSD and visa versa.)
Also Fedora makes good stuff.
But the real trick is network security.. ie put a seperate router-firewall up and only forward ports you need for your file exchanges.
OpenBSD is nice, too. Very secure. (it's all free software. and 90% of what works in Linux will work in OBSD and visa versa.)
Thanks ya all for helping me out, I think I will be going with the Suse Linux, what do ya think? Let me know, thanks once again for all of your help.
I read through some of the pages on the website. If I understand correctly, it sort of identifies the areas of linux that need to be secured and guides the uder through securing them. Sort of like XP's SP2 on steroids. Is that somewhat accurate?
If it hasn't changed into something different than it was several years ago, you're correct. It'll look through a system, make suggestions, and maybe change things (not sure).
It does the simple stuff, a lot of things that a more technical user would know of, but not know how to or where to look in Linux. Disabling services, setting permissions, creating netfilters etc.
It's a nice tool as it gives you a very detailed explanations on what a particular change does and makes recommendations. Once you go through the tool you have the option to apply the changes. But make sure you do read what the tool is doing.
As cleverhandle said, easy of use and security are opposing forces. Make it more secure and your system will be more difficult to use. Whether a permission no longer lets you do something or removes a service that you might need and other things.
It's a nice tool as it gives you a very detailed explanations on what a particular change does and makes recommendations. Once you go through the tool you have the option to apply the changes. But make sure you do read what the tool is doing.
As cleverhandle said, easy of use and security are opposing forces. Make it more secure and your system will be more difficult to use. Whether a permission no longer lets you do something or removes a service that you might need and other things.
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/
Running something like Debian(because they tend to be pro-active and apt-get makes updating simple), only running the services you need, keep reasonably up to date with security patches (realy only for the services that are exposed to the net are absolutely nessicary), running a seperate router-firewall to isolate your server fromt the internet, except for specific ports. If your using SSH, make sure you disable root logins, make sure you use STRONG passwords. Don't use telnet, don't use ftp (unencrypted passwords)
Just simple common sense stuff.
That will keep out 95% of the badness.
Running something like Debian(because they tend to be pro-active and apt-get makes updating simple), only running the services you need, keep reasonably up to date with security patches (realy only for the services that are exposed to the net are absolutely nessicary), running a seperate router-firewall to isolate your server fromt the internet, except for specific ports. If your using SSH, make sure you disable root logins, make sure you use STRONG passwords. Don't use telnet, don't use ftp (unencrypted passwords)
Just simple common sense stuff.
That will keep out 95% of the badness.
Yeah, your quesiton has already been answered. OpenBSD would work great, or a Linux+Bastille solution. Ubuntu+Bastille would be a good combination of simplicty and security IMO. Ubuntu is based on Debian but is a great deal more user-friendly.
Thanks for the whole suggestions, you guys have been very helpful, I'm going along with Ubuntu package as it is. Sorry about the last bump I gave out, was hoping I could gather a little more thoughts from others before making a decisions. Thanks ya' all... Now how do I lock this god-darned post?
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter