Most secure Linux on PC and on rPi3
-
Hello.
I've watched 5 series on Linux now and dpezet (lol) has me wanting to switch over from Windows to Linux
I'd like to run the most secure Linux on my desktop and on a Raspberry Pi 3b that I have.
Which distro should I run on each?
I'm thinking that for the desktop, it would be CentOS 8 with SELinux.
And the rPi3, I have no idea. But I would also like to run SELinux.
Thanks for your help.
-
Hi Michael, I tried running Linux in Pi3 but there is insufficient resources to have a meanigful and stable system with a GUI. After trying out several very basic branches of Debian, I only decided to use it as a headless server for Pi-hole or other simple services. If you can get a RaspPi4 you will probably save yourself alot of time and frustration. That is only just my experience maybe others can share a better solution.
-
Hi FLM,
Thank you for your reply.
I should have said more about the rPi3. I do want it to be headless and non-GUI. I also want a minimal base OS install as possible. I will ssh into it.
My goal is to run a web server (Apache or nginx), webmail server (RoundCube), etc.
Do you happen to know of a secure yet popular Linux OS in as a small footprint as possible. I'm totally ok with ubuntu or CentOS, hoping for a super-small install.
(I found TinyCore Linux for example, though not sure if that would work.)
-
Hi Michael, I wouldn't recommend using a rPi3 for anything you are going to be depending on. I consider this device as more of an experimental tool (perform labs or prototype with). However, the rPi4 is a very different animal.
As far as the distros or flavors of Linux, I would suggest CentOS as the better choice for your project.
Trial and failure, that is really the bottom line. Bite the bullet and be ready to try several until you find something that actually will behave like you want it to and personally like.
I would like to hear the Grand-Master Pezet's expert opinion on this also. -
For your desktop, I would recommend Fedora. CentOS is great, but you will quickly run in to situations where you need updated packages that aren't available under CentOS. Fedora gives you the great Red Hat ecosystem coupled with the latest and greatest drivers and libraries. Linus Torvalds runs Fedora on his own machine.
For the Raspberry Pi I would recommend Ubuntu Linux. There are versions of CentOS and Fedora that can run on a Raspberry Pi, but I have had mixed results with them (as MichaelS pointed out). However, I have had really good luck with Ubuntu on Raspberry Pi hardware (3b and 4). Ubuntu defaults to AppArmor instead of SE Linux but it is not very hard to remove AppArmor and replace it with SE Linux if you specifically need it.
-
A Pi will not really support using it as a desktop. When you start adding SELinux, it will take resources to run that the Pi isn't designed for.
Ubuntu 20.04 is easier to use than CentOS 8. SELinux is not easy to configure and you can lock yourself out.
Windows 10 out of the box is more secure than Linux. You will have more software available. Easier installations. I have 6 Ubuntu servers and 2 Ubuntu Desktops. I spend a lot of time in the CLI upgrading Openssl, various components of Wordpress, etc.
https://wp.scsiraidguru.com has my Linux and Wordpress notes on it.
-
I would encourage everyone to have an open mind and understand that what might be true for one person's use case may not be true for another. The Raspberry Pi is capable of a great many things as long as you plan for its limitations. Most operating systems these days (Windows, macOS, and even Linux) have become bloated and assume access to near limitless hardware resources. When working on a RasPi you have to be frugal with your resources and Linux is very much suited to that task.
-
@Don-Pezet I found with many users who want to go to Linux, they are novices. I found Linux has a learning curve. Linux support online is not always easy to find. Linux doesn't support a lot of hardware fully. Drivers are hard to find and install. Many users on these forums run into issues. Don't understand how to back up Linux to save pictures and files. Linux updates and fill up these device quickly. You need to understand the autoremove and autoclean commands or you will fill it and it won't boot. Storage is an issue with them for files and pictures.
You can get old PC hardware that will run Linux great and not at the limitation of a Pi. I use Ubuntu 20.04 LTS because it is supported for 5 years. I used Fedora and CentOS in the past. Fedora web server would crash on updates.
My web site has all my linux notes from over a decade of using it. Ubuntu and Debian flavors are more forgiving then Fedora for most hardware. Raspberry Pi devices are act up on many flavors of Linux. I belong to many Pi and Arduino groups and users have issues with the limitations of these devices.
Buying a Windows 10 workstation is cheap now a days. They can game on most of them. Free software is available as shareware. Much of it is simple install and use. VEEAM community is my favorite backup software for Windows, Linux, and VMWare. You can do 10 devices.
