Looking to set up a DMZ and was wondering what the most secure version of linux would be?

Has one Linux OS been rated "more secure" than another?

Is one more stable than another?

Thanks in advance.

This doesn't belong in the 'Other' (i.e. non-Linux) forum.

So it doesn't. Moved to Web Serving./Security.

:)

Red Hat has the highest rating for "more secure" and Slackware is the "most stable". I don't remember the names of the articles, but I have read it many times in many places. Red Hat is by far the most advanced out of the box. "stable" is sort of a funny term because anything linux seems to be very stable except for a few apps like netscape and mozilla.:p

All right, I'm wondering how you can say RH is the "most secure"... got any real evidence of that?

I can make LFS more secure than RH... though if you're talking OOTB, then yeah, you may have a point. Though I always think of what someone said once -- "RedHat likes to live on the bleeding edge, but they leave the bleeding to the user."

I don't think there has been a comparison of distros for security, although you could check google...
The basic rule would be to use a good distro with regular security updates eg RH+up2date, turn off unused daemons.
You can use tripwire to check your files for changes, www.chkrootkit.org for rootkits, www.bastille-linux.org for hardening scripts.
For extremes you could look into SE-Linux as described by the NSA.
Its up to you. Security is a process, not a product. No system is perfectly secure.

Originally posted by Exodus2001
Red Hat has the highest rating for "more secure" and Slackware is the "most stable". I don't remember the names of the articles, but I have read it many times in many places. Red Hat is by far the most advanced out of the box. "stable" is sort of a funny term because anything linux seems to be very stable except for a few apps like netscape and mozilla.:p

<laughs>

um I beg to differ but Debian is by far the most stable distro - a well known fact. Also - Red Hat is not that advanced. I'm sure that my Gentoo system has newer versions of almost everything that the latest Red Hat has.

Originally posted by bwkaz
All right, I'm wondering how you can say RH is the "most secure"... got any real evidence of that?

I can make LFS more secure than RH... though if you're talking OOTB, then yeah, you may have a point. Though I always think of what someone said once -- "RedHat likes to live on the bleeding edge, but they leave the bleeding to the user."

I did say "out of the box" didn't I. Ok I agree Red Hat is bleeding edge crap. Believe what you want. I don't care.

Originally posted by Hayl
<laughs>

um I beg to differ but Debian is by far the most stable distro - a well known fact. Also - Red Hat is not that advanced. I'm sure that my Gentoo system has newer versions of almost everything that the latest Red Hat has.

I state my opinion and I get a <laughs> tag. Your rudeness shows your level of intelligence. Once again I don't care what you think.

Originally posted by chrism01
I don't think there has been a comparison of distros for security, although you could check google...
The basic rule would be to use a good distro with regular security updates eg RH+up2date, turn off unused daemons.
You can use tripwire to check your files for changes, www.chkrootkit.org for rootkits, www.bastille-linux.org for hardening scripts.
For extremes you could look into SE-Linux as described by the NSA.
Its up to you. Security is a process, not a product. No system is perfectly secure.

Best post in this thread yet. I totally agree.

Originally posted by Exodus2001
I state my opinion and I get a <laughs> tag. Your rudeness shows your level of intelligence. Once again I don't care what you think.

perhaps the <laugh> was a bit much but I don't think it was rude.

there is linux-security puts out enguarde linux i believe. But for true security, go with netbsd (or is it freebsd... not sure which...)

Originally posted by Exodus2001
Red Hat has the highest rating for "more secure"


What? I can't believe this...Most own3d Linux boxes are usually RedHat.

If you are looking for unix distro with security in mind, try OpenBSD. This is what I have setup as my gateway/firewall.



OpenBSD (http://openbsd.org/)

I guess the reason I asked about a "secure" product was that I saw the SELinux from the NSA and found Trustix. Both purported to be "more" secure than others.

Is this simply because they don't include much in the way of "unneeded" utilities/programs and by doing so may decrease the risk of areas to be hacked or bugs that lead to vulnerabilities?

Or, in the direction I believe Chrism01 was heading, are they simply locked down from the start? Where as other distributions I would have to lock down myself?

On a side note, could we theorize that any dist. that is used the least would be a less likely target based on the assumption that a hacker is going to target systems that would bring the greatest number potential kills?

I do realize that this isn't the only motivating factor when targeting systems but is it a factor?

IIRC, NSA SELinux includes such things as ACLs (ACEs ?) ie access control list/entries and each exe is limited in how it can run. I read a good article some time ago, but can't remember where. Try slashdot.org or sans.org.
Personally, i've worked on B2 level secure systems and they're a PITA to actually use.
Unless you're in the military or Bank of England/Federal Reserve, i'd say that my orig suggestions are enough, without going to NSA stuff.
One of the *BSD distros has rigorous code checks; see google.
Remember, its not just the OS, its the apps as well eg apache, sendmail etc.
Of course std disclaimer; YMMV; use at your own risk.

Thanks everyone.

It depends on what you're trying to use it on. What works on a desktop isn't ideal for a server or a mainframe.

I'm thinking of trying a dedicated firewall-router box with Devil Linux running on it (after removing the hard drive). To me, the concept of running from purely read-only media defines security. Don't hold me to this until I get a chance to try it out, though... If anyone else has tried this, how did it work for you?

If you want to see this potentially-cool distro, go to www.devil-linux.org .