I am looking for a linux distro that is EXTREMELY secure, so secure even the worlds smartest hacker wouldn't be able to punch a hole through it. What do you guys recommend? BTW I am not switching my main computer I am switching another computer's oS

Linux in general is very secure. Each distro will have their own sets of applications for security, you won't find much difference at all. Ubuntu is secure. For reference read this article (http://www.theregister.co.uk/2008/03/29/ubuntu_left_standing/)

Linux in general is very secure. Each distro will have their own sets of applications for security, you won't find much difference at all. Ubuntu is secure. For reference read this article (http://www.theregister.co.uk/2008/03/29/ubuntu_left_standing/)
Err not Ubuntu lol sorryyy. Any other distro?

The other popular distros are
1. PCLinuxOS
2. Linux Mint
3. Dream Linux
4. OpenSuse
Everyone has their favorite, it hard to decide so you can see this website for further details http://distrowatch.com

err not ubuntu lol srrrry try fedora perhaps?

First of all, there is no such thing as an unhackable computer. Especially not off of a default install. If you want to make your computer safer, make sure you don't run as root unless you have to, keep up with the updates, and learn for yourself how to harden your system. Then you won't be stuck with a distro because someone on a forum told you it was safe.

And not that I think Ubuntu is the 'safest', but why the lol? Is there something about ubuntu that you know that makes it unsafe?

Yes, exactly. Security isn't foolproof in any form.

I realize that you asked for a linux distro but I think that in this case BSD is a suitable answer. while linux is very secure i dont believe it is as secure as BSD. The idea of BSD is security. Linux is more about open source and free software while BSD is built around and focused upon security.

As for ubuntu the developers are not focused upon security as much as other distros. They spend a larger percentage of time on things like compiz and the likes. Also the 6 month release cycle means that the releases are slightly more buggy than other distributions. As you can probably tell there is a group of users on the forums who are not very happy with the quality of the release since they have been having trouble. For each of these bugs they complain about I am sure there are also bugs related to security. If you compare ubuntu to debian (what ubuntu is based on) you will find that debian is more secure than ubuntu. They have a two year release cycle. This results in a more stable and secure OS.

I am looking for a linux distro that is EXTREMELY secure, so secure even the worlds smartest hacker wouldn't be able to punch a hole through it. What do you guys recommend? BTW I am not switching my main computer I am switching another computer's oS

You can try the national security agency's Security-enhanced Linux (SELinux (http://www.nsa.gov/selinux/index.cfm)) (http://www.nsa.gov/selinux/index.cfm)
It is secure enough if you know enough to be able to configure it well enough for your needs.

But my guess is that your security needs will be satisfied if it's ok for the NSA, don't you:)?

You can try the national security agency's Security-enhanced Linux (SELinux (http://www.nsa.gov/selinux/index.cfm)) (http://www.nsa.gov/selinux/index.cfm)
It is secure enough if you know enough to be able to configure it well enough for your needs.

But my guess is that your security needs will be satisfied if it's ok for the NSA, don't you:)?I don't trust the government, they might plant some spying software in it and ill install it and they will be watching me.


First of all, there is no such thing as an unhackable computer. Especially not off of a default install. If you want to make your computer safer, make sure you don't run as root unless you have to, keep up with the updates, and learn for yourself how to harden your system. Then you won't be stuck with a distro because someone on a forum told you it was safe.

And not that I think Ubuntu is the 'safest', but why the lol? Is there something about ubuntu that you know that makes it unsafe?lol thats the stupidest thing I have ever heard. Have you ever heard of a computer with no internet? Edit:And BTW fyi I don't see how a distribution that has a release cycle of 6 months and is bloated with software that I don't even use safe.

Before I start to think poorly of you, I need to know if you are older than 15. If not, then I understand your lack of understanding of both linux and the english language.

Also, if we are including the bsd's, then OpenBSD is supposedly the safest of the safe. And I assure you, it won't have a bunch of applications that you don't use.

Of course, if we are including computers not connected to the internet, then they are all safe. Unless the NSA sneaks into your room and does the spying/hacking from there.

Of course, if we are including computers not connected to the internet, then they are all safe. Unless the NSA sneaks into your room and does the spying/hacking from there.


Unless he has Tempest shielding, they don't even need to go inside. ;)

What do we have here? A bunch of trolls? Go flame somewhere else I don't want to hear it.

I don't trust the government, they might plant some spying software in it and ill install it and they will be watching me.

(SELinux has been integrated into version 2.6 series of the Linux kernel, and separate patches are now unnecessary)

Primarily developed by the US National Security Agency (http://en.wikipedia.org/wiki/National_Security_Agency), it was released to the open source (http://en.wikipedia.org/wiki/Open_source) development community on December 22 (http://en.wikipedia.org/wiki/December_22), 2000 (http://en.wikipedia.org/wiki/2000) and merged into the mainline kernel 2.6.0-test3, released on 8 August (http://en.wikipedia.org/wiki/August_8) 2003 (http://en.wikipedia.org/wiki/2003). Other significant contributors include Network Associates (http://en.wikipedia.org/wiki/Network_Associates), Secure Computing Corporation (http://en.wikipedia.org/wiki/Secure_Computing_Corporation), Trusted Computer Solutions (http://en.wikipedia.org/w/index.php?title=Trusted_Computer_Solutions&action=edit&redlink=1), and Tresys (http://en.wikipedia.org/w/index.php?title=Tresys&action=edit&redlink=1). Experimental ports of the FLASK (http://en.wikipedia.org/wiki/FLASK)/TE implementation have been made available via the TrustedBSD (http://en.wikipedia.org/wiki/FreeBSD#TrustedBSD) Project for the FreeBSD (http://en.wikipedia.org/wiki/FreeBSD) and Darwin (http://en.wikipedia.org/wiki/Darwin_%28operating_system%29) operating systems.

Guess they are already spying on you.... c'mon its open source and if they wanted to spy on you they would be already :)
EDIT: just so you don't think that I'm joining in on the flaming stuff. It really is the safest linux, go read up on it, its not even a distribution, but a bunch of security patches that, if configured right, help make your linux distribution safer. Hope this helps you. You can read up on it either on the nsa site or on wikipedia or just google it and get some info.

Nah,just think of it this way bro, me not getting SELinux just shows I trust you guys more than our actual government;).

Computer operating systems are inherently insecure. Some -- such as OpenBSD -- are more secure than others in the default configuration, but a user who doesn't understand system administration can turn that around very quickly.

Basically, stabilityonitsown, you are asking the wrong question. The better question would be "how do I configure a Linux distribution to be secure for a specific purpose?" Anyone telling you that distro X is unqualifiably more secure than distro Y is simply misleading you.

Computer operating systems are inherently insecure. Some -- such as OpenBSD -- are more secure than others in the default configuration, but a user who doesn't understand system administration can turn that around very quickly.

Basically, stabilityonitsown, you are asking the wrong question. The better question would be "how do I configure a Linux distribution to be secure for a specific purpose?" Anyone telling you that distro X is unqualifiably more secure than distro Y is simply misleading you.No, I am not looking for configurations, I am looking for a linux distribution that is the best in security.

Please do not recommend these distributions, and don't ask why I don't want you to recommend these distributions, as if I state my opinionated thought and some kid thinks otherwise he will start flaming, debating, and degrading me.


FreeBSD
SELinux
Ubuntu
OpenBSD

Not too hard is it:)

I HIGHLY recommend these distros:
FreeBSD
SELinux
Ubuntu
OpenBSD



01001100011011110110111101110011011001010110111000 1000000111010101110000

I HIGHLY recommend these distros:
FreeBSD
SELinux
Ubuntu
OpenBSD



01001100011011110110111101110011011001010110111000 100000011101010111000000101110


:lolflag:

BTW for those who don't know his message in "binary" is "Loosen up"

well you are seriously limiting us and p_quarles does have a point. My next choice would probably be gentoo since it is all compliled from source or a hardened version of linux from scratch just because it is so basic and barebones. There just isnt room for security holes.

Fedora too.

No, I am not looking for configurations, I am looking for a linux distribution that is the best in security.

Please do not recommend these distributions, and don't ask why I don't want you to recommend these distributions, as if I state my opinionated thought and some kid thinks otherwise he will start flaming, debating, and degrading me.


FreeBSD
SELinux
Ubuntu
OpenBSD

Not too hard is it:)
There are no secure "distros," there are only secure configurations and secure procedures. You may not like the answer, but there you have it. Instead of dismissing answers you do not want to hear, I recommend that you undertake to educate yourself about how computer security actually works. This would mean, first of all, giving more consideration to the answers you have rejected. People are trying to help you, and it is rude to reject that help without making even a minimal effort to understand it.

Ok I just thought of some that might be good have a look
openSUSE
fedora
archlinux
Tell me what you think.

+1

The new Fedora makes a point of offering easy to configure/use security features, if thats what you are looking for go with Fedora.

And also fedora is built of Red Hat Linux. Red Hat Linux is aimed torwards security. So I think I might go with fedora.

p_quarles + 1
I couldnt have said it better myself

Thanks everyone for your help I really appreciate it! And sorry if I was mean or picky throughout the discussion!

I have used almost all the big guys fedora, suse, mandriva, debian, and have found they are all pretty secure right out of the box. I am currently using ubuntu 7.10 and it has withstood a bunch of people trying to get in from VNC.smtp,ms-sqf-s attempts, etc. All blocked with the built in firewall. I don't think if i had been running windows i would have been so protected -- my own opinion --. But with all of them you can make them as secure or un-secure, as your hearts desire. Its what you want to do. I like ubuntu its easy to and keep updated.

First off, understand the os you are going to use. Granted all os's can have bugs in the code and be hacked, but knowing how to configure it properly for security is the key here. The reason most systems get hacked is because either the sysadmin did not make use of the security tools the system provided, used weak passwords or simply configured something incorrectly.

If your looking for the most secure os, my money is on OpenBSD which has it's code routinely audited for security issues. Also, it's had "Only two remote holes in the default install, in more than 10 years!"

Bottom line, whatever os you decide on... learn how to secure it with the tools provided or add other tools to fill in the missing pieces.

This entire thread is pointless. Read what p_quarles has written.

Bodhi.Zazen has just written a how-to on security. http://ubuntuforums.org/showthread.php?t=510812

I wouldn't laugh at Ubuntu's security. Root is disabled by default and Apparmor is installed by default, which is similar to SElinux but works a little differently. Compare:
http://en.wikipedia.org/wiki/AppArmor
http://en.wikipedia.org/wiki/Selinux

The strength of one is the weakness of the other but can be overcome by having a default policy of "no access."

Please read Bodhi's sticky post. He delves much deeper, including screening your system for security holes among other things.


__________________
The Raw Paleo Diet (http://www.rawpaleodiet.com)

Thank you CraigPaleo for your kind words.

To answer the original question:

IMO the "most secure" Linux distros are :

Engarde : http://www.engardelinux.org/

Trustix (no longer free) : http://linux.trustix.com/

If you do not "trust" SELinux, that is fine, in that case I assume you do not trust any binary system. In that event either go with Gentoo or better LFS and compile your own system and examine the source code.

http://www.linuxfromscratch.org/

Alternately, just compile SELinux from source. Examine the source code for yourself for any back doors.

As an alternate to SELinux go with AppArmor.

Topic Creator: You don't need to be this paranoid if you take the proper steps. I am able to host a server and have done fine with taking the proper pre-cautions to expect the worst of the worst (backup data, sync up personal files, encryption, strong password and so on) paranoia will help with keeping your system secure. Its fine if you want to try something other then Ubuntu since everyone has there preferences in what they want with open source software or to write there own stuff. As said before no computer is un-hackable since there will always be the human element and there will be flaws within code that can be used for someone's personal gain but that happens. That is why the Ubuntu and other distro's have whole teams who release patches asap to fix these holes. Just lighten up and read a tutorials and your computer will do just fine. :)

A well setup gentoo system is probably the most secure. Or maybe Linux From Scratch. Of course in general it is impossible for a hacker to break into your computer (aside from physical access) if it is not connected to the internet ;P

you can run a very buggy vulnerable version of Windows 3.1x with no internet connection. and your os will be very secure from hackers

yep, the most secure machine is that which is not connected to any network and is protected from humans by about 5ft of lead. no power too.

Uh, check the dates this thread is like 8 months old.

And the most secure is actually http://paranoidlinux.org/

Uh, check the dates this thread is like 8 months old.

And the most secure is actually http://paranoidlinux.org/

No doubt.

It is certainly impossible to hack a system which has no release / does not exist.

http://paranoidlinux.org/content/plan-getting-pl-working-read-first

Now I haven't closly read every reply in this thread but I think you are asking the wrong question here.

While yes some distro's may come with tighter default configurations than others it can all be changed. More important than the distro is the nut in the chair who knows his distro inside and out and is doing the configurations. Someone who knows his way around debian could harden his os far better than they could openBSD if the aren't familiar with openBSD.

First figure out what services your going to be running on this computer then figure out how to configure those service in a secure manner. Look into intrusion detetcion software and kernel hardening. I don't believe there is any one "secure" distro, just good configurations in conjunction with a good admin and good monitoring software. A good place to start would be the stikies at the top of this forum.

The most secure distro I've found is Ubuntu Privacy Remix-Hardened Heron.

http://news.softpedia.com/news/Introducing-Hardened-Heron-Ubuntu-Privacy-Remix-98725.shtml

though I think it doesn't even connect to the net, and is livecd only

I am looking for a linux distro that is EXTREMELY secure, so secure even the worlds smartest hacker wouldn't be able to punch a hole through it. What do you guys recommend? BTW I am not switching my main computer I am switching another computer's oS

Not sure whether someone mentioned it already in this long tread,
OpenBSD is really all about security, but then again, if you as sysadmin don't have the skills, the knowledge and the creativity to actually use this ultra-secure OS (Think about weak passwords, not setting up a proper firewall, using php-scripts with holes in it), then it still doesn't help that much.

If you really want to use a secure *well-known* Linux-distribution with good documentation, then i think about Gentoo Linux (Although they lost their beautiful gentoo-wiki knowledge unfortunately).

Every Linux-distribution can also manually be hardened with grsecurity.
http://www.grsecurity.net/

You also didn't talk about server or desktop usage.
Which one were you thinking of ?

How about Solaris 10 Update 6 ... or OpenSolaris 2008.11? Both can be extremely hardened and with Sun's "Solaris Zones" technology you can run everything inside virtual instances of Solaris on Solaris itself (this stuff is somewhat comparable to "UserLand Linux" and para-virtualisation via Xen). OpenSolaris has Sun's version of "Xen" too: "xVM". So that's one more option to choose from. You do everything inside those virtual instances. You can clone them, reboot them, and even destroy them in an instant without affecting the real OS in any way.

Solaris homepage + download:
http://www.sun.com/software/solaris/index.jsp


If you insist that it must be some form of Linux and that it cannot be anything your government (CIA, NSA) touched ... oh well then. How about this one:

http://h71028.www7.hp.com/enterprise/cache/321128-0-0-0-121.html

Yes, HP is offering hardened + certified versions of SLES and RHEL (Linux CC LSPP, RBACPP, CAPP EAL4+). But this stuff costs money. Lots of money. $$$

If anyone running a business is reading this: HP also offers to do an assessment of your IT security ... if anyone cares, the link is here:
http://h20219.www2.hp.com/services/cache/10682-0-0-0-121.html


Other Linux distros specialised on "security" (nothing is secure anyway):

Guardian Digital:
http://www.guardiandigital.com/

Their whitepaper from 2005 is interesting to read:
"Linux vs. Windows in Corporate Environments"
http://www.guardiandigital.com/pfiles/GuardianDigital_Linux_vs_Windows.pdf

Bastille Linux:
http://www.bastille-linux.org/

You want extreme security for your box?

Hackers knocking on your Linux box is not the only problem you have these days. Have you've ever thought about whom is sniffing your Internet connection and private information right now?

Every connection you make, every site you visit, every phonecall you make... everything is logged somewhere and not just for a few days.

Have you ever heard about "Fortress Linux" ?

Fortress Linux offers a hardened Linux OS with Role-based access control, mandatory access control, heavy harddisk/media encryption, network and Internet encryption, "Cold boot attack" protection, an usb tool (Fortress Key) which can be used as an access key to your system, a special security system called "Palatinux" and much more is to be found on the Fortress Linux Website.

Though it's still not finished yet because the lack of developers, I am still working day and night on the new Website and the revised Live distro which will offer extra possibilities and features you will not find in any other Linux distro. After this is finished, I will revised the normal desktop/server version again.


Just add yourself to my mailinglist and I will inform you when the first Live version is released:

http://www.fortresslinux.org (main)

http://www.fortresslinux.com (redirect to .org)
http://www.fortresslinux.nl (redirect to .org)

Or Google for more info:

http://www.google.nl/search?hl=nl&client=firefox-a&rls=Fortress-Linux%3Aen-US%3Aofficial&hs=Amc&q=fortress+linux&btnG=Zoeken&meta=&aq=f&oq=

scorp123 your bastille linkage doesn't pass WOT on my system.
bastille is hardening software, not a "secure"distro.

You want extreme security for your box?

Hackers knocking on your Linux box is not the only problem you have these days. Have you've ever thought about whom is sniffing your Internet connection and private information right now?

Every connection you make, every site you visit, every phonecall you make... everything is logged somewhere and not just for a few days.

Have you ever heard about "Fortress Linux" ?

Fortress Linux offers a hardened Linux OS with Role-based access control, mandatory access control, heavy harddisk/media encryption, network and Internet encryption, "Cold boot attack" protection, an usb tool (Fortress Key) which can be used as an access key to your system, a special security system called "Palatinux" and much more is to be found on the Fortress Linux Website.

Though it's still not finished yet because the lack of developers, I am still working day and night on the new Website and the revised Live distro which will offer extra possibilities and features you will not find in any other Linux distro. After this is finished, I will revised the normal desktop/server version again.


Just add yourself to my mailinglist and I will inform you when the first Live version is released:

http://www.fortresslinux.org (main)

http://www.fortresslinux.com (redirect to .org)
http://www.fortresslinux.nl (redirect to .org)

Or Google for more info:

http://www.google.nl/search?hl=nl&client=firefox-a&rls=Fortress-Linux%3Aen-US%3Aofficial&hs=Amc&q=fortress+linux&btnG=Zoeken&meta=&aq=f&oq=
Why bother turning it on? Who's to say the some government dev isn't on the project making back doors to this system?

scorp123 your bastille linkage doesn't pass WOT on my system.
bastille is hardening software, not a "secure"distro.
This thread has been dormant for over a year.

This thread has been dormant for over a year.

As per above, thread closed.