Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 17
Hi. i am in the proccess of installing a new linux distro, but cannot settle on a good security package. Can someone please advise me to the most secure security ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2009
    Location
    New South Whales, Australia
    Posts
    31

    Smile Security


    Hi. i am in the proccess of installing a new linux distro, but cannot settle on a good security package. Can someone please advise me to the most secure security protection

    thanx

  2. #2
    oz
    oz is offline
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,733
    You can check this short guide to security to get some ideas on what security apps you might want to implement:

    http://www.linuxforums.org/forum/lin...-security.html
    oz

  3. #3
    Just Joined!
    Join Date
    May 2008
    Posts
    12
    Quote Originally Posted by caboose View Post
    Hi. i am in the proccess of installing a new linux distro, but cannot settle on a good security package. Can someone please advise me to the most secure security protection

    thanx
    If you want real security, forget about AV software and all that crap. You need to look into a Mandatory Access Control system such as SELinux, AppArmor or Grsecurity. However, which to choose will depend on the distro. if you're using Ubuntu, then AppArmor already comes enabled and is the easiest to configure. If you really wanted to go over the top, add something like PaX to your kernel as well.

    Probably the most secure general purpose distro (out of the box) is Fedora.

  4. #4
    Linux Engineer Freston's Avatar
    Join Date
    Mar 2007
    Location
    The Netherlands
    Posts
    1,049
    Quote Originally Posted by Chronomatic
    Probably the most secure general purpose distro (out of the box) is Fedora.
    Is that so?

    Can you (or someone) elaborate on that? What makes Fedora more secure OOTB than others?
    --I'm curious that's all
    Can't tell an OS by it's GUI

  5. #5
    Linux Newbie
    Join Date
    Apr 2009
    Posts
    160
    Quote Originally Posted by Freston View Post
    Is that so?

    Can you (or someone) elaborate on that? What makes Fedora more secure OOTB than others?
    --I'm curious that's all
    Nothing. Other than they use SELinux. But Suse uses Apparmor. That conversation can start a war on itself.

    Linux is inherently more secure than Windows, but it does have it's problems too. You should always keep up with new exploits, new security models, and system updates. Also it's always wise to educate yourself on apps such as tripwire.

  6. #6
    Just Joined!
    Join Date
    May 2008
    Posts
    12
    Quote Originally Posted by mikesd View Post
    Nothing. Other than they use SELinux. But Suse uses Apparmor. That conversation can start a war on itself.
    Nothing?

    Does SUSE compile its packages with FORTIFY_SOURCE and -fstack-protector gcc options? Does it utilize exec-shield or PaX? Does it do any kind of executable space protections? Does it utilize ASLR? Does it have any kind of heap protections? How about stack smashing?

    Secondly, how many AppArmor profiles are enabled in SUSE by default? Ubuntu only enables one -- CUPS. Hardly worthwhile. Fedora enables a targeted SELinux profile which covers all network facing daemons and some others.

    Look here: hxxp://fedoraproject.org/wiki/Security/Features

    The above link (substitute hxxp for http) lists all of Fedora's security features. Get back to me if SuSE or Ubuntu or any other major general purpose distros utilize these features by default. I asked about them on the Ubuntu forums and all I got was crickets chirping. No one had a clue what they even were.

  7. #7
    Linux Engineer Freston's Avatar
    Join Date
    Mar 2007
    Location
    The Netherlands
    Posts
    1,049
    Quote Originally Posted by Chronomatic
    Nothing?

    Does SUSE compile its packages with FORTIFY_SOURCE and -fstack-protector gcc options? Does it utilize exec-shield or PaX? Does it do any kind of executable space protections? Does it utilize ASLR? Does it have any kind of heap protections? How about stack smashing?

    Secondly, how many AppArmor profiles are enabled in SUSE by default? Ubuntu only enables one -- CUPS. Hardly worthwhile. Fedora enables a targeted SELinux profile which covers all network facing daemons and some others.

    Look here: hxxp://fedoraproject.org/wiki/Security/Features

    The above link (substitute hxxp for http) lists all of Fedora's security features. Get back to me if SuSE or Ubuntu or any other major general purpose distros utilize these features by default. I asked about them on the Ubuntu forums and all I got was crickets chirping. No one had a clue what they even were.
    I asked what Fedora does, not what SUSE doesn't do


    But I think I can deduce something from your post, thanks.
    Can't tell an OS by it's GUI

  8. #8
    Banned
    Join Date
    Jun 2009
    Posts
    68
    If you aren't set on a distribution, there are some distributions made with security in mind. I recently saw a very good list, but can't remember where. I know EnGarde is one, found at engardelinux.org. There's a list here:
    Linux Links - The Linux Portal: Distributions/Secure
    Last edited by nopycckn; 06-23-2009 at 03:08 PM. Reason: took my second link off, first is good

  9. #9
    Banned
    Join Date
    Jun 2009
    Posts
    68

    Cool

    Ahhh ... I remember where I saw the good information and good list ...
    It was on IBM's site. I don't know why I couldn't remember it before:
    developerWorks spaces: Linux security
    IBM's the best.

  10. #10
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by Chronomatic View Post
    Probably the most secure general purpose distro (out of the box) is Fedora.
    You are aware that Fedoras is the R&D product of RedHat?
    You are also aware that Fedora is Bleeding Edge software?
    You are aware that bleeding edge software usually has the most bugs/holes in it?

    While I like the RedHat product and variations I'm not going to say they are the best security wise. Remember security starts with you not the software.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •