The goal was to investigate the security and privacy of specialized Linux distributions for general usability and suitability for security-related tasks.
Most distributions can be used as a liveCD to run directly from a USB flash drive or with a pre-installed virtual machine, without the need for installation on the local disk.
Testing was performed on VirtualBox and, in specific cases, on a dedicated bare-metal machine. Each tested distribution was compared for its intended purpose, available form (ISO or virtual machine image), user-friendliness, and available pre-installed tools. Another factor was the availability of documentation and online tutorials.
Note: the distribution evolves very quickly. This document describes the state as of August 2019.
These Linux distributions were investigated and grouped according to the intended purpose:
- Qubes: Secure OS with high compartmentation,
- Tails, Whonix, Kodachi: Portability distros, focus on anonymity,
- Parrot, Kali, BlackArch: Penetration testing OS,
- OpenBSD (not Linux), Alpine Linux: Minimalist software, focused on servers.
These distributions were tested but cannot be suggested for general use:
- Subgraph, PureOS: Not yet finished (alpha or beta status), but promising OS design,
- Container Linux (CoreOS): No longer a separate distribution (Red Hat product),
- Openwall Gnu/*/Linux, Discreete, IprediaOS, Head OS, Seed OS, Mofo Linux: Little to no community or updates.
This list contains notes from the testing and comparison. The full details are available on the internal CRoCS wiki pages.
Qubes OS is a free and open-source, security-oriented operating system for single-user desktop computing.
- Hyper-Segmentation using VMs with the Xen hypervisor,
- The OS (based on Fedora) for boot is dom0, a Xen hypervisor that starts other VMs,
- Image: Installation from ISO, possible on 32GB USB key,
- Last stable version: 09.01.2019 4.0.1 Final Release,
- Very advanced and not user-friendly at the moment.,
- Active Community.
The Amnesic Incognito Live System (Tails) is a Debian-based live DVD/USB to provide complete Internet anonymity for the user.
- Image: Live installation ISO for DVD and VM,
- Last stable ver : 3.13.1 2019.03.23,
- Active Community.
Debian-based, privacy protection, Anonymous Operating System, routes all Internet traffic through the Tor anonymity network.
- Divided into two VMs: Whonix-Workstation for work activities and Whonix-Gateway to enforce all Internet traffic through the Tor network,
- Pretty much tied to Virtual Box, VMware is not recommended,
- Whonix 14, released on August 6, 2018, does not have a fixed release schedule,
- Live mode possible(RAM), neither Live CD nor USB or OVA image,
- Issue Tracker is pretty active,
- There is a Whonix template on Qubes that plays the function of TorVM.
Kodachi is a free Debian-based Operating System designed especially for security, anonymity, and privacy.
- Version 6.0 is based on Xubuntu 18.04 LTS. 2019-02-09,
- A suite of tools and utilities that one needs to secure his privacy and anonymity,
- ISO, Live USB or DVD,
- Not a really active community; there is a bug tracker on GitHub.
Parrot is an operating system designed for daily use, pen-testing, privacy, and defense while being user-friendly and lightweight.
- Several versions, including security (full) and home (no pentest and forensic tools),
- Image: Live, VM,
- Last stable version: Parrot 4.5.1 2019.01.27,
- The community is active on the forum and git for bugs and packages.
Penetration Testing and Ethical Hacking Linux Distribution
- Image: Live, VM to check,
- Last stable version: 2019.1a,
- New official ISO every few months, unofficial untested weekly releases,
- Very active community, bug tracker, and tools often updated.
BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.
- Image: Live, OVA (virtual image), installation over Arch Linux,
- Last stable version: 2018.12.01,
- New ISO four times a year,
- Very active community: GitHub is active for bug tracking,
- Some tools may not work, and you may only get errors.
A free, multi-platform 4.4BSD-based UNIX-like operating system.
- Not Linux based, complete operating system,
- Image: Live,
- Last stable version: 6.4 19.10.2018,
- Updated very often for fixes big release every 6 months,
- Little community, no bug tracker,
- Not for beginners.
Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc and busybox.
- For routers, firewalls, VPNs, VoIP boxes and servers,
- Image: lots of versions,
- Last stable version: 3.9.3 08.04.2019,
- Updated often every 6 months,
- Active community, bug tracker.
According to interns’ testing, two distros, Kodachi and Parrot, can be recommended as the best options.
Kodachi is a distro focusing on anonymity, and it provides easily used tools for privacy. The widgets and data on the desktop are very useful. There is a guide to setting up the VPN through tor for extra anonymity.
Parrot is a pen-testing distribution. It is lightweight and has most of the tools you may need or is available on Kali Linux (also often used by pen-testers).