Hello which user friendly Linux Distributions that are secure like fedora and arch
You don’t say why you want fedora or arch, so a general reply link. It does tend to be the more security the less user friendly system as a general reply.
When I go away to another country where I am unsure of the protection of my data or need access to something I don’t want to share such as banking or financial then I use tails from a usb stick but it’s a Debian based system, I prefer it but used to the interface now.
https://tails.boum.org/
2 Likes
Fedora and Arch aren’t particularly known for being secure.
They are known for being up-to-date, though.
What I would suggest is Linux Mint, simply because it’s install and secure enough for most purposes out of the box, without sacrificing usability.
2 Likes
I’ve seen cases over the years, where Mint didn’t keep up to date with recommended Debian or Ubuntu security packages. I’m not a Mint user, but I suspect it would probably be less “secure” than Debian itself, and probably Ubuntu.
You could always go with Ubuntu and harden it yourself?
https://ubuntu.com/security/certifications/docs/usg/cis
I run Ubuntu and/or Pop!_OS…
On BOTH machines, I have my system disk encrypted with LUKS (it’s an option on the “advanced settings” for partitioning your Ubuntu machine when you install it).
ANY device that leaves the house, is locked on exit if left powered on, or powered off…
My MacBooks have the encryption that Apple includes as standard, needs my password to get to it on boot. Needs my fingerprint to unlock… Same with my Android phone…
I also use MFA on a few things… Anything that’s “internet facing” is further locked down - e.g. I have a rule on my router to port forward SSH (over non-standard port [ i.e. not port 22!]) to my Raspberry Pi4 system, and I also run fail2ban on it. Neither is foolproof - I still see Russian and Chinese IP addresses try to login with dictionary attacks, i.e. they can port scan my IP address. Root login is disabled - and fail2ban bans their IP address after a few failed attempts…
If you must have a “security focussed” distro, then per what @callpaul.eu suggested, “tails”… And maybe Parrot (I think it’s Debian based, and its more “security focussed” than Kali - but both are for penetration testing I think?).
I still remember hardening Solaris “by hand” for proxy servers, and apache servers, and checkpoint firewalls and SMTP mail transfer agent - some kind third party group, made a thing called “YASP” (yet another security program) that hardened Solaris…
I’d suggest Ubuntu, and harden it yourself. It’s going to be easier for a “newbie” to do than Fedora or Arch…
1 Like
The ultimate security is to use a live distro that is on a read only removable medium.
4 Likes
Tails may be the best distribution of those that can be made persistent on a USB stick.
4 Likes
I would think there would be some sort of free service or list to exclude IPs from a list of countries. We do this at work using AWS and OCI, but not sure how I’d do that at home. That’s worth looking into I think.
2 Likes
also should I use vanilla fedora and arch or their derivatives
There’s no “should”, it’s ok to use any of them. Just avoid Manjaro Linux like the plague and you should be fine.
2 Likes
Its aright Because i Use Pop os Fedora KDE EndeavourOS Gnome Nobara Official Zorin os Xfce And Linux Mint Cinnamon Unbuntu Edition
Thanks for your help my friends hope to see you soon