Hi. i am in the proccess of installing a new linux distro, but cannot settle on a good security package. Can someone please advise me to the most secure security protection
thanx:-o
Printable View
Hi. i am in the proccess of installing a new linux distro, but cannot settle on a good security package. Can someone please advise me to the most secure security protection
thanx:-o
You can check this short guide to security to get some ideas on what security apps you might want to implement:
http://www.linuxforums.org/forum/lin...-security.html
If you want real security, forget about AV software and all that crap. You need to look into a Mandatory Access Control system such as SELinux, AppArmor or Grsecurity. However, which to choose will depend on the distro. if you're using Ubuntu, then AppArmor already comes enabled and is the easiest to configure. If you really wanted to go over the top, add something like PaX to your kernel as well.Quote:
Originally Posted by caboose
Probably the most secure general purpose distro (out of the box) is Fedora.
Is that so?Quote:
Originally Posted by Chronomatic
Can you (or someone) elaborate on that? What makes Fedora more secure OOTB than others?
--I'm curious that's all ;)
Nothing. Other than they use SELinux. But Suse uses Apparmor. That conversation can start a war on itself.Quote:
Originally Posted by Freston
Linux is inherently more secure than Windows, but it does have it's problems too. You should always keep up with new exploits, new security models, and system updates. Also it's always wise to educate yourself on apps such as tripwire.
Nothing?Quote:
Originally Posted by mikesd
Does SUSE compile its packages with FORTIFY_SOURCE and -fstack-protector gcc options? Does it utilize exec-shield or PaX? Does it do any kind of executable space protections? Does it utilize ASLR? Does it have any kind of heap protections? How about stack smashing?
Secondly, how many AppArmor profiles are enabled in SUSE by default? Ubuntu only enables one -- CUPS. Hardly worthwhile. Fedora enables a targeted SELinux profile which covers all network facing daemons and some others.
Look here: hxxp://fedoraproject.org/wiki/Security/Features
The above link (substitute hxxp for http) lists all of Fedora's security features. Get back to me if SuSE or Ubuntu or any other major general purpose distros utilize these features by default. I asked about them on the Ubuntu forums and all I got was crickets chirping. No one had a clue what they even were.
I asked what Fedora does, not what SUSE doesn't do :rolleyes:Quote:
Originally Posted by Chronomatic
But I think I can deduce something from your post, thanks.
If you aren't set on a distribution, there are some distributions made with security in mind. I recently saw a very good list, but can't remember where. I know EnGarde is one, found at engardelinux.org. There's a list here:
Linux Links - The Linux Portal: Distributions/Secure
Ahhh ... I remember where I saw the good information and good list ...
It was on IBM's site. I don't know why I couldn't remember it before:
developerWorks spaces: Linux security
IBM's the best. 8)
You are aware that Fedoras is the R&D product of RedHat?Quote:
Originally Posted by Chronomatic
You are also aware that Fedora is Bleeding Edge software?
You are aware that bleeding edge software usually has the most bugs/holes in it?
While I like the RedHat product and variations I'm not going to say they are the best security wise. Remember security starts with you not the software.