Fedora is security? I mean, don’t get me wrong, I love it, it’s my daily driver after trying just about every distro under the sun, but I would’ve figured something like Qubes would stand head and shoulders above it.
Fedora has firewalld by default but in the desktop version all ports are open by default. Pretty sure the server version only has ssh and cockpit exposed by default
I haven’t looked around that much in years beyond NixOS, what else has MAC by default these days? I remember a lot of the Debian based ones having some things constrained by AppArmor, but I personally prefer SELinux and it wasn’t everything.
I don’t know if it ships with a firewall, but that’s definitely easier than an ad hoc SELinux setup. I always just transfer my iptables (nftables now) rules over.
I mean, image based (immutable) distros are quite a bit more secure than regular ones, and Fedora Atomic (Silverblue, Bazzite, etc.) is pretty much the only great choice when it comes to those kind of operating systems.
Yea, but there are also some things AppArmor just can’t do. Although in my experience most aren’t as big of a deal. Things like saying “only processes of this type can bind to port X” for example and much more fine grained control of file or directory actions. Does AppArmor provide kernel module controls?
Fedora is security? I mean, don’t get me wrong, I love it, it’s my daily driver after trying just about every distro under the sun, but I would’ve figured something like Qubes would stand head and shoulders above it.
One of the few with SELinux by default
Outside of everything else that has MAC enabled by default. It doesn’t even ship with a Firewall.
Fedora has firewalld by default but in the desktop version all ports are open by default. Pretty sure the server version only has ssh and cockpit exposed by default
( ͝סּ ͜ʖ͡סּ)
I haven’t looked around that much in years beyond NixOS, what else has MAC by default these days? I remember a lot of the Debian based ones having some things constrained by AppArmor, but I personally prefer SELinux and it wasn’t everything.
I don’t know if it ships with a firewall, but that’s definitely easier than an ad hoc SELinux setup. I always just transfer my iptables (nftables now) rules over.
Maybe Fedora Atomic?
I mean, image based (immutable) distros are quite a bit more secure than regular ones, and Fedora Atomic (Silverblue, Bazzite, etc.) is pretty much the only great choice when it comes to those kind of operating systems.
i would say fedora is the “security distro for every day people” kind of distro
As a Fedora user, I thought Debian would be more secure.
Qubes is specialised, whereas Fedora is a general purpose distro with a security focus.
Fedora doesn’t have any more of a security focus than anything else in the industry
It has SELinux, what does ubuntu (for example) has?
Apparmor
AppArmor is great but it isn’t nearly as powerful as SELinux. Way more user friendly though.
It can be but it takes a lot more effort.
SELinux: high bar to entry but extremely power right away
Apparmor: lower bar to entry but much harder to get advanced functionality and control
Yea, but there are also some things AppArmor just can’t do. Although in my experience most aren’t as big of a deal. Things like saying “only processes of this type can bind to port X” for example and much more fine grained control of file or directory actions. Does AppArmor provide kernel module controls?
They both have really bad documentation though :(