this post was submitted on 31 Aug 2023
85 points (95.7% liked)
Linux
48145 readers
729 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
While technically not a Linux distro, Qubes OS is the gold standard. With the primary cons being that it's kinda hard on system requirements and it doesn't play nice with dedicated GPUs and thus software that would require it.
Honorable mentions would be Fedora Silverblue/Kinoite/Sericea, Kicksecure, openSUSE Aeon/Kalpa and Vanilla OS. Of course, regular Fedora and openSUSE Tumbleweed are still good even without being immutable. The aforementioned distros all have varying levels of hardening out of the box. While the offerings of Fedora and openSUSE have better defaults than most other distros, Kicksecure -which is made by the same team behind Whonix- is almost completely hardened from the get-go. Vanilla OS is in a major overhaul, so I refrain from making any strong judgements on it yet.
For whatever it's worth, a couple of years ago the (infamous) Madaidan (AKA security researcher on Kicksecure and Whonix) did recommend running minimalist distros like Alpine, Artix, Gentoo and Void for the sake of security. However, he did that recommendation on the basis of minimalism and zero-trust. However, that would require the system administrator (read: you) to actually know their shit. Which, unfortunately, is often times not the case as not everyone that's sensitive of their digital security proceeds to study cybersecurity. That's where the "honorable mentions" in the previous paragraph come into play; all of the distros that were mentioned within actually have shown to take security very seriously and acknowledge with the amount of heavy-lifting they do that they hold a sense of responsibility in that regard.
I once had an interaction with its primary developer and the dude was oblivious on which MAC was configured on his distro; spoiler-alert: none. It does a bunch of cool stuff, but I wouldn't call it secure (by default) by any stretch of the imagination.
Thank you for your detailed answer! Im already using a minimalist distro (arch) with (almost) no problems. Before that I used Fedora. Becase of that and your recommendation I will probably switch to silverblue. Im a little scared of selinux (I was thinkering too much with fedora) but better with it than without. For AUR apps I will use distrobox. I would also like to try toolbx for my projects!
Silverblue is incidentally also my daily-driver; custom image through uBlue's template to be more precise*.
Yup, SELinux is definitely a double-edged sword in that it's very powerful but can therefore be a bit more restrictive. Though, currently it's our only bet when it comes to confining containers as it's (vastly) superior over AppArmor in that aspect. Which explains openSUSE's recent conversion from AppArmor to SELinux for their distros that rely heavily on container workflows; like MicroOS, Aeon, Kalpa etc. Unfortunately it's not the easiest to understand, but I'm sure you'll manage 😉!
Hehe, you know what's good 😛.