Introduction
The goal was to investigate the security and privacy of specialized Linux distributions for general usability and suitability for security-related tasks.
Most distributions can be used as a liveCD to run directly from a USB flash drive or with a pre-installed virtual machine, without the need for installation on the local disk.
Testing was performed on VirtualBox and, in specific cases, on a dedicated bare-metal machine. Each tested distribution was compared for its intended purpose, available form (ISO or virtual machine image), user-friendliness, and available pre-installed tools. Another factor was the availability of documentation and online tutorials.
Note: the distribution evolves very quickly. This document describes the state as of August 2019.
Tested Distributions
These Linux distributions were investigated and grouped according to the intended purpose:
- Qubes: Secure OS with high compartmentation,
- Tails, Whonix, Kodachi: Portability distros, focus on anonymity,
- Parrot, Kali, BlackArch: Penetration testing OS,
- OpenBSD (not Linux), Alpine Linux: Minimalist software, focused on servers.
These distributions were tested but cannot be suggested for general use:
- Subgraph, PureOS: Not yet finished (alpha or beta status), but promising OS design,
- Container Linux (CoreOS): No longer a separate distribution (Red Hat product),
- Openwall Gnu/*/Linux, Discreete, IprediaOS, Head OS, Seed OS, Mofo Linux: Little to no community or updates.
Comparison
This list contains notes from the testing and comparison. The full details are available on the internal CRoCS wiki pages.
Qubes
Qubes OS is a free and open-source, security-oriented operating system for single-user desktop computing.
- Hyper-Segmentation using VMs with the Xen hypervisor,
- The OS (based on Fedora) for boot is dom0, a Xen hypervisor that starts other VMs,
- Image: Installation from ISO, possible on 32GB USB key,
- Last stable version: 09.01.2019 4.0.1 Final Release,
- Very advanced and not user-friendly at the moment.,
- Active Community.
Tails
The Amnesic Incognito Live System (Tails) is a Debian-based live DVD/USB to provide complete Internet anonymity for the user.
- Image: Live installation ISO for DVD and VM,
- Last stable ver : 3.13.1 2019.03.23,
- Active Community.
Whonix
Debian-based, privacy protection, Anonymous Operating System, routes all Internet traffic through the Tor anonymity network.
- Divided into two VMs: Whonix-Workstation for work activities and Whonix-Gateway to enforce all Internet traffic through the Tor network,
- Pretty much tied to Virtual Box, VMware is not recommended,
- Whonix 14, released on August 6, 2018, does not have a fixed release schedule,
- Live mode possible(RAM), neither Live CD nor USB or OVA image,
- Issue Tracker is pretty active,
- There is a Whonix template on Qubes that plays the function of TorVM.
Kodachi
https://www.digi77.com/linux-kodachi/
Kodachi is a free Debian-based Operating System designed especially for security, anonymity, and privacy.
- Version 6.0 is based on Xubuntu 18.04 LTS. 2019-02-09,
- A suite of tools and utilities that one needs to secure his privacy and anonymity,
- ISO, Live USB or DVD,
- Not a really active community; there is a bug tracker on GitHub.
Parrot
Parrot is an operating system designed for daily use, pen-testing, privacy, and defense while being user-friendly and lightweight.
- Several versions, including security (full) and home (no pentest and forensic tools),
- Image: Live, VM,
- Last stable version: Parrot 4.5.1 2019.01.27,
- The community is active on the forum and git for bugs and packages.
Kali
Penetration Testing and Ethical Hacking Linux Distribution
- Image: Live, VM to check,
- Last stable version: 2019.1a,
- New official ISO every few months, unofficial untested weekly releases,
- Very active community, bug tracker, and tools often updated.
BlackArch
BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.
- Image: Live, OVA (virtual image), installation over Arch Linux,
- Last stable version: 2018.12.01,
- New ISO four times a year,
- Very active community: GitHub is active for bug tracking,
- Some tools may not work, and you may only get errors.
OpenBSD
A free, multi-platform 4.4BSD-based UNIX-like operating system.
- Not Linux based, complete operating system,
- Image: Live,
- Last stable version: 6.4 19.10.2018,
- Updated very often for fixes big release every 6 months,
- Little community, no bug tracker,
- Not for beginners.
Alpine Linux
Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc and busybox.
- For routers, firewalls, VPNs, VoIP boxes and servers,
- Image: lots of versions,
- Last stable version: 3.9.3 08.04.2019,
- Updated often every 6 months,
- Active community, bug tracker.
Recommendation
According to interns’ testing, two distros, Kodachi and Parrot, can be recommended as the best options.
Kodachi is a distro focusing on anonymity, and it provides easily used tools for privacy. The widgets and data on the desktop are very useful. There is a guide to setting up the VPN through tor for extra anonymity.
Parrot is a pen-testing distribution. It is lightweight and has most of the tools you may need or is available on Kali Linux (also often used by pen-testers).