I have seen a lot of cracked servers to be sure that none Linux distribution is secure by default. There is huge difference between “be secure” and “believe that I’m secure”.
Why another distribution?
Securix GNU/Linux is not “Yet Another” distribution. Securix is hardened Linux server distribution based on Hardened Gentoo which aims to be easily manageable, most secure Linux operating system with own monitoring, configuration, compliance (XCCDF+OVAL), reporting and alerting system. Securix is immune against common attacks like DoS, buffer/heap/stack overflow, exploits, rootkits, malware, bruteforce, spoofing, sniffing, man-in-the-middle, data modification, application layer attacks, etc.
Please don’t compare Securix with distributions like BackTrack. BackTrack is pentesting distribution, but Securix is hardened Linux distribution.
Why not RedHat, CentOS, Fedora, etc.?
Because those Linux distributions aren’t designed for security. They focus on stability and I can’t even say on performance because most services and kernel parameters are setup in way that you will reach limits on high utilized servers very quickly. If you want to secure them, search “Linux security” and “Linux Hardening” on Amazon book store. You will find tens of books which have about 500-1000 pages describing how to tune those distributions. Same phrases on Google produce hundred thousands results (do you want to read them all?). Problem is that you can’t achieve same level of security because those distributions are binary, but Gentoo is source-based. It means that binary files, libraries etc. aren’t compiled with PIE (position independent executables) or SSP (stack smashing protector) and they don’t have ELF in ET_DYN format. It means that you can’t simply use those protections and advanced ASLR.
Because of support – kernel can’t be patched by PaX or Grsecurity so you can’t use imposant security features of those systems.
Summary: You can’t have binary distribution hardened on same level as source-based.
Why prefer Securix?
- System configured with high focus on security and performance
- All services secured by default
- Applications can access only resources which are vital for them
- Applications and libraries are compiled with PIE (position independent executables) and SSP (stack smashing protector) protection
- System have proactive security preventing memory related attacks (stack/buffer/heap over/under-flow)
- System have own monitoring system which can: detect/stop/audit potential hacking attempt, detect HW issue, monitor system resources, find new security patches… and much more.
- System is using well known and trusted security patches like PaX and Grsecurity
- Easy-to-use & Easy-to-Implement (most system tasks are automatized)
- Own installer written in bash which easily build new server
- It is still Gentoo, still up to date and with great support on IRC or forums
With this distribution you don’t need to read hundreds of documents like “Top 10/20/50/100 Tips for Linux Security” because Securix already enforce recommended settings. Securix is compliant with POSIX, LFS, ISO, NSA, CIS Security Benchmark and other linux/security standards and recommendations.
It is recommended to use Securix for any network services like: Authentication server, Certificate Authority, Database, DHCP/DNS, File server, Firewall, FTP, IDS/IPS, Mail server, network monitoring, network security scanner, reverse proxy, VPN gateway, Webserver, … and have pre-configured setup for all those roles.
In fact you can use Securix for anything on servers.
This distribution safe your time spent on system hardening and should provide you very secure and trusted Linux distribution by default.
# Securix GNU/Linux is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <;http://www.gnu.org/licenses/>;.