Security

**caboose** · 06-12-2009

Hi. i am in the proccess of installing a new linux distro, but cannot settle on a good security package. Can someone please advise me to the most secure security protection

thanx

oz · 06-12-2009

You can check this short guide to security to get some ideas on what security apps you might want to implement:

http://www.linuxforums.org/forum/lin...-security.html

**Chronomatic** · 06-13-2009

Originally Posted by caboose

Hi. i am in the proccess of installing a new linux distro, but cannot settle on a good security package. Can someone please advise me to the most secure security protection

thanx

If you want real security, forget about AV software and all that crap. You need to look into a Mandatory Access Control system such as SELinux, AppArmor or Grsecurity. However, which to choose will depend on the distro. if you're using Ubuntu, then AppArmor already comes enabled and is the easiest to configure. If you really wanted to go over the top, add something like PaX to your kernel as well.

Probably the most secure general purpose distro (out of the box) is Fedora.

**Freston** · 06-19-2009

Originally Posted by Chronomatic

Probably the most secure general purpose distro (out of the box) is Fedora.

Is that so?

Can you (or someone) elaborate on that? What makes Fedora more secure OOTB than others?
--I'm curious that's all

**mikesd** · 06-20-2009

Originally Posted by Freston

Is that so?

Can you (or someone) elaborate on that? What makes Fedora more secure OOTB than others?
--I'm curious that's all

Nothing. Other than they use SELinux. But Suse uses Apparmor. That conversation can start a war on itself.

Linux is inherently more secure than Windows, but it does have it's problems too. You should always keep up with new exploits, new security models, and system updates. Also it's always wise to educate yourself on apps such as tripwire.

**Chronomatic** · 06-21-2009

Originally Posted by mikesd

Nothing. Other than they use SELinux. But Suse uses Apparmor. That conversation can start a war on itself.

Nothing?

Does SUSE compile its packages with FORTIFY_SOURCE and -fstack-protector gcc options? Does it utilize exec-shield or PaX? Does it do any kind of executable space protections? Does it utilize ASLR? Does it have any kind of heap protections? How about stack smashing?

Secondly, how many AppArmor profiles are enabled in SUSE by default? Ubuntu only enables one -- CUPS. Hardly worthwhile. Fedora enables a targeted SELinux profile which covers all network facing daemons and some others.

Look here: hxxp://fedoraproject.org/wiki/Security/Features

The above link (substitute hxxp for http) lists all of Fedora's security features. Get back to me if SuSE or Ubuntu or any other major general purpose distros utilize these features by default. I asked about them on the Ubuntu forums and all I got was crickets chirping. No one had a clue what they even were.

**Freston** · 06-21-2009

Originally Posted by Chronomatic

Nothing?

Does SUSE compile its packages with FORTIFY_SOURCE and -fstack-protector gcc options? Does it utilize exec-shield or PaX? Does it do any kind of executable space protections? Does it utilize ASLR? Does it have any kind of heap protections? How about stack smashing?

Secondly, how many AppArmor profiles are enabled in SUSE by default? Ubuntu only enables one -- CUPS. Hardly worthwhile. Fedora enables a targeted SELinux profile which covers all network facing daemons and some others.

Look here: hxxp://fedoraproject.org/wiki/Security/Features

The above link (substitute hxxp for http) lists all of Fedora's security features. Get back to me if SuSE or Ubuntu or any other major general purpose distros utilize these features by default. I asked about them on the Ubuntu forums and all I got was crickets chirping. No one had a clue what they even were.

I asked what Fedora does, not what SUSE doesn't do

But I think I can deduce something from your post, thanks.

**nopycckn** · 06-22-2009

If you aren't set on a distribution, there are some distributions made with security in mind. I recently saw a very good list, but can't remember where. I know EnGarde is one, found at engardelinux.org. There's a list here:
Linux Links - The Linux Portal: Distributions/Secure

**nopycckn** · 07-08-2009

Ahhh ... I remember where I saw the good information and good list ...
It was on IBM's site. I don't know why I couldn't remember it before:
developerWorks spaces: Linux security
IBM's the best.

**Lazydog** · 07-09-2009

Originally Posted by Chronomatic

Probably the most secure general purpose distro (out of the box) is Fedora.

You are aware that Fedoras is the R&D product of RedHat?
You are also aware that Fedora is Bleeding Edge software?
You are aware that bleeding edge software usually has the most bugs/holes in it?

While I like the RedHat product and variations I'm not going to say they are the best security wise. Remember security starts with you not the software.

Thread Tools

Display

Security

Posting Permissions