|
There are plenty of people who will tell you there is, but I've seen no
evidence that any distribution is any more or less secure than any other
distribution. I know this statement will get some people's knickers in a
twist, but it's true. For that matter, I've seen no evidence that OpenBSD,
which makes a big deal about its alleged security, is any better than
anything else. They all have their own flaws and advantages, and you should
use whatever you're comfortable with. Failing that, use some distribution
that a knowledgeable friend uses, so you don't spend ten hours looking for
how to do something dumb that someone can tell you how to do in ten minutes.
Recently, I scrubbed one of my servers and put a different distribution of
Linux on it from the one I've been using for years. (To protect the
innocent and guilty alike, I'm not going to tell you which ones.) I did so
because some people I knew thought the distrubution I was using was very
uncool, and there was a much nicer, much more secure distribution. I
regretted it. It was absolutely the dumbest thing I've done in years. Part
of it was that the tools to manage it weren't what I was used to, so I had
to spend hours figuring out what the new tools were, how to use them and
so on and so forth. Packages that I *expect* to be on a distribution
weren't. I could not for the life of me figure out how to use it's
allegedly wonderful package installer that was supposed to be so much
cooler than the package manager I was used to using. So I spent hours
tracking down source and compiling it for things I knew would have been on
the other distribution. The startup/shutdown system is almost, but not
quite, like what I'm used to, so I spent hours getting things customized to
the way they worked.
Had I used my favorite old distribution, it would have taken me about
fifteen minutes to clean up things and it would have been fine.
Note that there are lots of people who swear by this distribution that I
swear at. There are lots of people who insist that this is the only right
and true distribution and that anyone who doesn't use this one is a
benighted fool. Yeah, right. I hate it. I won't make that mistake again.
But I also know that much of the reason I hate it is that it isn't what I am
used to. Compounding this, in my own stupidity, I took the recommendation
of people who don't actually use this distribution, but use a third one. So I
don't have anyone to ask, "Hey, how do you do X?" to.
Whatever distribution you use, you want to do a few things:
Turn off every network service.
Turn back on the ones you're going to use.
Install OpenSSH.
If you can, use some mechanism (hosts.allow, xinetd, tcpwrappers, etc.)
to limit local services (like lpd) to your local addresses.
If you do those things, you're probably going to be secure, no matter what
else you do. At least you're only at the mercy of bugs in things you know
you're running.
So, install the one you want. Install one that's run by people you trust. It
doesn't matter which one you use because they all are irritating, each in
its own special way.
For more on this topic, visit these other searchSecurity resources:
Best Web Links: Securing Linux
|
