How secure...

lumiwa · 2006-02-03 14:42:49

Hi!

In my experience with SuSE and/or Debian there were many times security fix/update.How is in the Arch Linux? How secure is an Arch Linux?
Thanks.

Mitja

Pajaro · 2006-02-03 14:54:03

i know the part of bugfixes. Since it installs the latest versions of packages, al bugfixes are applied once they are released.

lumiwa · 2006-02-03 15:27:39

Pajaro wrote:

i know the part of bugfixes. Since it installs the latest versions of packages, al bugfixes are applied once they are released.

Thank you. I am a little paranoid ).

Pajaro · 2006-02-03 15:48:08

in my opinion, arch may be one the most stable distros

Pajaro · 2006-02-03 15:49:54

sorry
i meant secure

Gullible Jones · 2006-02-03 17:30:35

It's pretty secure, I'd say, but Hardened Gentoo it ain't.

(I still think that a PaX kernel should be default... That would make a lot of bugs less annoying, and no one would have to bother with MAC. :twisted: )

cactus · 2006-02-03 17:51:57

lies!
MAC and pax cover different things. There is some overlap, but not everything.

deft · 2006-02-04 22:43:01

lumiwa wrote:

Hi!
In my experience with SuSE and/or Debian there were many times security fix/update.How is in the Arch Linux? How secure is an Arch Linux?
Thanks.
Mitja

Security's usefully seen as a process - given that, there are several things you can do to make whichever distribution you're using more secure.

1) - During the install, install what you need and no more.
2) - Create strong passwords for your accounts etc.
3) - Always log-in via an ordinary un-priviledged account.
4) - Disable any unecessary services.
5) - Use a firewall
6) - Keep your system updated.

Bralkein · 2006-02-04 23:20:51

Although a distribution can definitely help by making updates rapidly available, and configuring things to sensible defaults. Arch Linux doesn't go out of its way to be the most secure Linux distro, but it's not lax about security either. If it were, I wouldn't be posting here

Gullible Jones · 2006-02-05 02:35:14

cactus wrote:

lies!
MAC and pax cover different things. There is some overlap, but not everything.

Nonono... what I mean was that a plain PaX kernel would give protection from some buffer overflows without requiring us to also use MAC, as GRSecurity would. MAC and PaX are different, yes, and do different things, but from what I've heard MAC might be a pain - it might be better for Arch to use a plain PaX kernel if the devs decide to toughen the distro up a bit. Sorry about the ambiguity, I should have noticed that.

LB06 · 2006-02-05 11:00:24

I don't know how PaX would affect performance and compatibility (can we still run X?) http://www.gentoo.org/proj/en/hardened/hardenedxorg.xml

So I'm not sure it's a good idea to build PaX in by default. It also goes against Arch' philosophy, afaik. Then again, so does the current stock kernel (patchset applied).

Gullible Jones · 2006-02-05 17:18:02

Hardened Gentoo is SELinux or GRSecurity. GRSecurity includes MAC and PaX, plus some other stuff... It's a bit different.

ChrisX · 2006-02-05 20:57:04

I love Archlinux. You can make your installation reasonably secure. Security is a unique issue when dealing with software. There really is no scale or bar to compare software security against to where you can say that it is truly secure. One of my college professors said, "If you want to have a secure computer, then what you have to do is get rid of your computer." That is a good point; if somebody is determined to get into your computer, they are going to get in. I guess to determine if Archlinux is secure enough for you is to see what you want it to do and in what environment you will be setting it up in. I'm sure the forums here could help out with security configurations and the such. Ah, you know what would be cool, is if sombody could setup an Archlinux system on the net and let us try to hack into it. Unfortunately, that usually requires quite a bit of resources and can encompass legal issues also. Hmmm..., but if somebody or a group of people would be willing to work something out, that would be awesome. It would definitely help us figure out security flaws in the software, configurations, etc... This would really help us figure out where the distro would be lacking, security wise.

iphitus · 2006-02-06 06:06:29

Security depends on the user, not the distro.

Gullible Jones · 2006-02-06 11:54:25

To a great extent, that is the case, but there are some things ("Ping of Death" attacks, for example - now fixed) that you cannot avoid.

lumiwa · 2006-02-08 12:12:03

1) - During the install, install what you need and no more.
2) - Create strong passwords for your accounts etc.
3) - Always log-in via an ordinary un-priviledged account.
4) - Disable any unecessary services.
5) - Use a firewall
6) - Keep your system updated.

Thank. I did like you wrote. On Arch is a little more difficult for me. Every day is something new, every day I need something to correct. From Linux I expected stability and security. I am long time user of Tripwire for example. On Arch doesn't works for me. Shorewall I built by myself...
I have programs which I don't like that something happened with them. Are they safe under Arch?
And I agree with Gullible Jones, everything is not ''just a user case''.

Lone_Wolf · 2006-02-08 22:34:05

encrypt your filesystems ?

especially /

Arch Linux

#1 2006-02-03 14:42:49

How secure...

#2 2006-02-03 14:54:03

Re: How secure...

#3 2006-02-03 15:27:39

Re: How secure...

#4 2006-02-03 15:48:08

Re: How secure...

#5 2006-02-03 15:49:54

Re: How secure...

#6 2006-02-03 17:30:35

Re: How secure...

#7 2006-02-03 17:51:57

Re: How secure...

#8 2006-02-04 22:43:01

Re: How secure...

#9 2006-02-04 23:20:51

Re: How secure...

#10 2006-02-05 02:35:14

Re: How secure...

#11 2006-02-05 11:00:24

Re: How secure...

#12 2006-02-05 17:18:02

Re: How secure...

#13 2006-02-05 20:57:04

Re: How secure...

#14 2006-02-06 06:06:29

Re: How secure...

#15 2006-02-06 11:54:25

Re: How secure...

#16 2006-02-08 12:12:03

Re: How secure...

#17 2006-02-08 22:34:05

Re: How secure...

Board footer