Linux

65097 readers

762 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 7 years ago

MODERATORS

nooter692@lemmy.ml

AgreeableLandscape@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

-37

Linux is actually very vulnerable to exploits and it's showing with high value vulnerabilities that has been dropping in the latest years; FreeBSD is way better in security record (piefed.world)

submitted 1 day ago* (last edited 1 day ago) by beep@piefed.world to c/linux@lemmy.ml

20 comments fedilink hide all child comments

cross-posted from: https://piefed.world/c/uncommon/p/1089778/linux-is-actually-very-vulnerable-to-exploits-and-it-s-showing-with-high-value-vulnerabi

I hate when people keep repeating the myth that Linux is more secure than X OS without any understanding of how much Linux gets exploited.

On the other hand, FreeBSD rarely suffers from wide security issues.

Overall, I don't think anyone should repeat the myth that Linux is secure.

And at least if they gonna recommend Linux, they better recommend a good distro with SeLinux, hardened kernel and hardened OS.

you are viewing a single comment's thread
view the rest of the comments

[–] Mikelius@lemmy.ml 15 points 1 day ago (3 children)

"I hate when people keep repeating the myth that Linux is more secure than X OS without any understanding of how much Linux gets exploited."

Very few operating systems are secure out of the box. It's up to the users to make it secure. It just so happens to be that Linux is the easiest to make secure, therefore I've always seen it as such when done right. Not to mention, I can know exactly how everything works rather than the blackboxes of Win or Mac.

[–] KianaTabion@lemmy.today 0 points 10 hours ago (1 children)

It just so happens to be that Linux is the easiest to make secure

Could you back that up? Thanks in advance!

[–] Mikelius@lemmy.ml 1 points 58 minutes ago

I have template iptables/nftables rules on my devices on the network that I can just copy and paste to a machine to have a firewall that works (with tweaks specific to that device). With it I can tell it to send all logs of my choice through syslog-ng to my server just by installing it and telling it the destination, allowing me to have (already made) alerts and dashboards on every device on my internal network. My router runs Linux (openwrt) and allows me to do something other routers can't do because I'm able to add a module into the kernel: permit switch-level firewall access. What this means is I don't need (but do still have) VLAN to restrict traffic between devices. I can block firewall access completely at the router level before a device is tweaked to also add additional security (e.g. helps prevent my smart tv from probing every device on my network to gather information. Or if I purchase a malicious hardware online, it won't know the rest of the network exists because the router doesn't tell it unless I say it's okay).

That's firewall stuff. System security: can compile and modify the kernel to just the modules and such I want, lowering the scope of issues from a kernel level vulnerability. I can be very granular with file and directory permissions with a single command in the terminal. I can easily track file metadata changes down to just about anything you can think of with simple tools, like aide. Python scripts through cron and inotify can help me monitor when something sus happens on my machines.

Most of all this being done on Windows or Mac would require extra effort to work correctly, and not to mention probably cost money for software that can do the same but isn't free. Also not entirely sure a router can be setup on either of those OS.

[–] Neptr@lemmy.blahaj.zone 4 points 23 hours ago

What does it mean to "make Linux secure"? What does secure mean to you (genuine question). I see people say they can make Linux secure but from what kinds of attacks. I think madaidan's blog explains why you can't as an individual fix an issue with the entire ecosystem, or fix the kernel of its inherent security flaws https://madaidans-insecurities.github.io/linux.html

I think "good security" in my personal opinion means that even if you try to run a malicious app, it either crashes out right or can't do anything because it doesn't have the permission to.

One thing that I think is very misunderstood is that messy or extremely large/dense code can be very hard to understand, even if you have the source code. Like systemd, it is several million lines of code and is very tangled together. Is it that much better than a blackbox if no one can audit the whole thing (unless you are a massive team)? I do think it is better to have source code and documentation, but vulnerabilities arise from unintended interactions in the code. The more code there is, the higher the chance of this happening.

[–] racoon@lemmy.ml 4 points 1 day ago

It’s impossible to know what’s happening on macOS. The number of open processes that are running on their computer is mesmerising, so the user feels disempowered. I dream of daily driving FreeBSD