Linux distributions for security and privacy

Introduction

The goal was to investigate the security and privacy of specialized Linux distributions for general usability and suitability for security-related tasks.

Most distributions can be used as a liveCD to run directly from a USB flash drive or with a pre-installed virtual machine, without the need for installation on the local disk.

Testing was performed on VirtualBox and, in specific cases, on a dedicated bare-metal machine. Each tested distribution was compared for its intended purpose, available form (ISO or virtual machine image), user-friendliness, and available pre-installed tools. Another factor was the availability of documentation and online tutorials.

Note: the distribution evolves very quickly. This document describes the state as of August 2019.

Tested Distributions

These Linux distributions were investigated and grouped according to the intended purpose:

  • Qubes: Secure OS with high compartmentation,
  • Tails, Whonix, Kodachi: Portability distros, focus on anonymity,
  • Parrot, Kali, BlackArch: Penetration testing OS,
  • OpenBSD (not Linux), Alpine Linux: Minimalist software, focused on servers.

These distributions were tested but cannot be suggested for general use:

  • Subgraph, PureOS: Not yet finished (alpha or beta status), but promising OS design,
  • Container Linux (CoreOS): No longer a separate distribution (Red Hat product),
  • Openwall Gnu/*/Linux, Discreete, IprediaOS, Head OS, Seed OS, Mofo Linux: Little to no community or updates.

Comparison

This list contains notes from the testing and comparison. The full details are available on the internal CRoCS wiki pages.

Qubes

https://www.qubes-os.org

Qubes OS is a free and open-source, security-oriented operating system for single-user desktop computing.

  • Hyper-Segmentation using VMs with the Xen hypervisor,
  • The OS (based on Fedora) for boot is dom0, a Xen hypervisor that starts other VMs,
  • Image: Installation from ISO, possible on 32GB USB key,
  • Last stable version: 09.01.2019 4.0.1 Final Release,
  • Very advanced and not user-friendly at the moment.,
  • Active Community.

Tails

https://tails.boum.org

The Amnesic Incognito Live System (Tails) is a Debian-based live DVD/USB to provide complete Internet anonymity for the user.

  • Image: Live installation ISO for DVD and VM,
  • Last stable ver : 3.13.1 2019.03.23,
  • Active Community.

Whonix

https://www.whonix.org

Debian-based, privacy protection, Anonymous Operating System, routes all Internet traffic through the Tor anonymity network.

  • Divided into two VMs: Whonix-Workstation for work activities and Whonix-Gateway to enforce all Internet traffic through the Tor network,
  • Pretty much tied to Virtual Box, VMware is not recommended,
  • Whonix 14, released on August 6, 2018, does not have a fixed release schedule,
  • Live mode possible(RAM), neither Live CD nor USB or OVA image,
  • Issue Tracker is pretty active,
  • There is a Whonix template on Qubes that plays the function of TorVM.

Kodachi

https://www.digi77.com/linux-kodachi/

Kodachi is a free Debian-based Operating System designed especially for security, anonymity, and privacy.

  • Version 6.0 is based on Xubuntu 18.04 LTS. 2019-02-09,
  • A suite of tools and utilities that one needs to secure his privacy and anonymity,
  • ISO, Live USB or DVD,
  • Not a really active community; there is a bug tracker on GitHub.

Parrot

https://www.parrotsec.org/

Parrot is an operating system designed for daily use, pen-testing, privacy, and defense while being user-friendly and lightweight.

  • Several versions, including security (full) and home (no pentest and forensic tools),
  • Image: Live, VM,
  • Last stable version: Parrot 4.5.1 2019.01.27,
  • The community is active on the forum and git for bugs and packages.

Kali

https://www.kali.org/

Penetration Testing and Ethical Hacking Linux Distribution

  • Image: Live, VM to check,
  • Last stable version: 2019.1a,
  • New official ISO every few months, unofficial untested weekly releases,
  • Very active community, bug tracker, and tools often updated.

BlackArch

https://blackarch.org/

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.

  • Image: Live, OVA (virtual image), installation over Arch Linux,
  • Last stable version: 2018.12.01,
  • New ISO four times a year,
  • Very active community: GitHub is active for bug tracking,
  • Some tools may not work, and you may only get errors.

OpenBSD

https://www.openbsd.org/

A free, multi-platform 4.4BSD-based UNIX-like operating system.

  • Not Linux based, complete operating system,
  • Image: Live,
  • Last stable version: 6.4 19.10.2018,
  • Updated very often for fixes big release every 6 months,
  • Little community, no bug tracker,
  • Not for beginners.

Alpine Linux

https://www.alpinelinux.org/

Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc and busybox.

  • For routers, firewalls, VPNs, VoIP boxes and servers,
  • Image: lots of versions,
  • Last stable version: 3.9.3 08.04.2019,
  • Updated often every 6 months,
  • Active community, bug tracker.

Recommendation

According to interns’ testing, two distros, Kodachi and Parrot, can be recommended as the best options.

Kodachi is a distro focusing on anonymity, and it provides easily used tools for privacy. The widgets and data on the desktop are very useful. There is a guide to setting up the VPN through tor for extra anonymity.

Parrot is a pen-testing distribution. It is lightweight and has most of the tools you may need or is available on Kali Linux (also often used by pen-testers).