On 08/26/13 17:09 +0200, Eugen Leitl wrote:
I've managed to lay my hands onb a couple of Lenovo X60's that are in pretty good shape and would like to use them as a moderately secure communication/development system. (I'm not trusting my desktops, servers or mobile devices for obvious reasons). I'm loath to modify the hardware at this point, so I expect to only flash coreboot upon it.
What kind of security-minded Linux or *BSD would you guys recommend? Liberte looks a bit too stable (cough, sorry Максим)), Kali is more for security h4x0rs. Anything else what is well-maintained yet borderline secure from *untargeted* TLA-level scrutiny?
I'm okay with text-mostly distros, or minimalistic window managers. It shouldn't be a kitchensink of stuff I don't need, but on the other hand it's shouldn't be so secure it's unusable, either.
Pointers to any HOWTOs or SOPs highly welcome. Tanks & machine guns.
The boring recommendation: Debian Pros: * Lots of eyeballs * Timely security updates (well, timely as far as vendors go) * A wealth of pre-packed software, which can be twiddled down to size * Some fancy features out of the box (like remotely booting a LUKS encrypted root filesystem via an initramfs ssh daemon) Cons: * Patching your locally installed (packaged) software must be done with Debian build scripts, or you quickly lose the benefits of the apt system * Stupid patches have made it past the package maintainer (the OpenSSL 2008 patch being the one that comes immediately to mind) If you're willing to compile your own software or security updates, then I think your choice of OS/distro may be mostly moot. I'd recommend against a specialized security (linux) distro, unless you know what you're doing. Support for many of them seems to be pretty spotty, according to my unscientific observation from ##linux.