Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am starting out to do work in the security arena, where i will be doing IT security related work (Pen testing, firewalls etc), and im looking for a good Linux distro which has "security" as its number 1 feature. Can someone recommend a good distro for security related work?
I can't say that I've ever come accross a Linux distro that has security as its main aim. As mentioned Slackware should be pretty good and the guy who maintains it doesn't seems to push any thing too new into the distro so its all pretty well tested.
If wanted to setup a secure server I'd be on OpenBSD I'm afraid to say... It's aim seems to be security, although I've never played with it myself.
I would use a Linux disto that other people use, so you can test configurations and flaws.
Anything with a Lunux 2.4 Kernel is a good start.
As an example my firewall has been looked at or attack 461 times in 3 months.
From these 461 scans/attacks my IDS has done a Fingerprint OS check on each IP.
Of the 461 only about 200 gave a result. "rest had firewalls or no system due to dynamic IP"
It gives you a good idea of what OS's are been used out there to attack.
Windows 2000 = %24
Windows 98 /NT = %15
Linux 2.2 = %29
Linux 2.4 = %16
BSD = %3
Cisco Routers = %4
Solaris 7/8 = %6
Nortel systems = %2
Checkpoint Fw1 = %1
Originally posted by raz There is a Linux disto that is aimed at security, but it's maintained by the NSA, so I wouldn't trust it. http://www.nsa.gov/selinux/index.html
LOL
Heard about this but didn't think they had done any serious work on it yet... will have to take a look (from someone elses IP )
What I find interesting is the fact they are promoting the NSA Linux version is the best for security... but they use Solaris 7 on all there main internet servers. "with Sun's random Sequencer patch on the TCP stack"
So if they don't trust it would you. lol
Got to go, some men in black suits are at the door.
There is no distro from the NSA, it is just a kernel with mandatory access controls implemtented along with several other enhancements. The also provide several utilities that are modified to work wit the kernel. I am currently using engarde-linux. I switched from redhat to engarde and had to almost retrain myself to get used to the security implementations. It comes with LIDS, tripwire, snort and MAC. It is the most secure distro I have ever seen. It is also very small (140 Meg). If you decide to use it, make sure you get on the mailing list, they are very helpful and very very responsive.
Itsn't there a scary version of Solaris called 'Trusted Solaris' I heard some people talking about while I was at BAE (non of what they said was anything but it being a bitch to administer), I think it's used by some of the MoD projects...
Thanks Cinnix, when I get time I'll check out that link your provided. Don't like the idea about re-learning my security knowledge again.
Anyway coincidentally I do know a little about Trusted Solaris's OS 8 from my time in training at Camberley with Sun MS.
It's one of the Unix OS's that conforms to the UK's ITSEC E3/F-B1 and E3/F-C2 level, which is very important if a bank or military group is going to evaluate/consider using it.
Basically it's not a secret, it's just an OS from Sun that doesn't trust anyone as default and has a few security improvements.
Yet patches are still very slow at been release so Linux beats it hands down, if set-up correctly.
In Sun's words "The Trusted Solaris 8 Operating Environment extends the capabilities of the Solaris[tm] Operating Environment to provide superior safeguards against internal and external threats far beyond the protection commonly found in standard operating systems."
It's likely that the NSA are using this version, due to the SPN "sequencer prediction number" been so high compared to a standard install of a Solaris 8 system.
no it's not that you have to relearn your security knowedge, it's that you will realize how many insecure things you used to do but can't do anymore. This distro does not include insecure settings or packages by default. For example, the distro contains no compilers or developement packages, no more telnet, etc etc...
They say 'no to cleartext'. Check it out, I am sure that you will like it. Or join the mailing list, EVERYONE is friendly and you will more than likely have an answer within an hour. Ask a couple questions and see what you think, it features are still in development but it's foundation is solid as a rock.
Sorry if I sound like a promoter or an advertiser, but I really think that this is the most secure linux distro.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.