There are plenty of people who will tell you there is, but I've seen no evidence that any distribution is any more or less secure than any other distribution. I know this statement will get some people's knickers in a twist, but it's true. For that matter, I've seen no evidence that OpenBSD, which makes a big deal about its alleged security, is any better than anything else. They all have their own flaws and advantages, and you should use whatever you're comfortable with. Failing that, use some distribution that a knowledgeable friend uses, so you don't spend ten hours looking for how to do something dumb that someone can tell you how to do in ten minutes.
Recently, I scrubbed one of my servers and put a different distribution of Linux on it from the one I've been using for years. (To protect the innocent and guilty alike, I'm not going to tell you which ones.) I did so because some people I knew thought the distrubution I was using was very uncool, and there was a much nicer, much more secure distribution. I regretted it. It was absolutely the dumbest thing I've done in years. Part of it was that the tools to manage it weren't what I was used to, so I had to spend hours figuring out what the new tools were, how to use them and so on and so forth. Packages that I *expect* to be on a distribution weren't. I could not for the life of me figure out how to use it's allegedly wonderful package installer that was supposed to be so much cooler than the package manager I was used to using. So I spent hours tracking down source and compiling it for things I knew would have been on the other distribution. The startup/shutdown system is almost, but not quite, like what I'm used to, so I spent hours getting things customized to the way they worked.
Had I used my favorite old distribution, it would have taken me about fifteen minutes to clean up things and it would have been fine.
Note that there are lots of people who swear by this distribution that I swear at. There are lots of people who insist that this is the only right and true distribution and that anyone who doesn't use this one is a benighted fool. Yeah, right. I hate it. I won't make that mistake again. But I also know that much of the reason I hate it is that it isn't what I am used to. Compounding this, in my own stupidity, I took the recommendation of people who don't actually use this distribution, but use a third one. So I don't have anyone to ask, "Hey, how do you do X?" to.
Whatever distribution you use, you want to do a few things:
- Turn off every network service.
- Turn back on the ones you're going to use.
- Install OpenSSH.
- If you can, use some mechanism (hosts.allow, xinetd, tcpwrappers, etc.) to limit local services
(like lpd) to your local addresses.
If you do those things, you're probably going to be secure, no matter what else you do. At least you're only at the mercy of bugs in things you know you're running.
So, install the one you want. Install one that's run by people you trust. It doesn't matter which one you use because they all are irritating, each in its own special way.
For more on this topic, visit these other searchSecurity resources:
Best Web Links: Securing Linux
This was first published in February 2002