956
Distro Focuses
(lemmy.ca)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 13 Dec 2024
956 points (100.0% liked)
linuxmemes
22935 readers
914 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
- These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. 🇬🇧 Language/язык/Sprache
- This is primarily an English-speaking community. 🇬🇧🇦🇺🇺🇸
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
Fedora is security? I mean, don't get me wrong, I love it, it's my daily driver after trying just about every distro under the sun, but I would've figured something like Qubes would stand head and shoulders above it.
i would say fedora is the "security distro for every day people" kind of distro
Qubes is specialised, whereas Fedora is a general purpose distro with a security focus.
Fedora doesn't have any more of a security focus than anything else in the industry
It has SELinux, what does ubuntu (for example) has?
Apparmor
AppArmor is great but it isn't nearly as powerful as SELinux. Way more user friendly though.
It can be but it takes a lot more effort.
SELinux: high bar to entry but extremely power right away
Apparmor: lower bar to entry but much harder to get advanced functionality and control
Yea, but there are also some things AppArmor just can't do. Although in my experience most aren't as big of a deal. Things like saying "only processes of this type can bind to port X" for example and much more fine grained control of file or directory actions. Does AppArmor provide kernel module controls?
They both have really bad documentation though :(
One of the few with SELinux by default
Outside of everything else that has MAC enabled by default. It doesn't even ship with a Firewall.
Fedora has firewalld by default but in the desktop version all ports are open by default. Pretty sure the server version only has ssh and cockpit exposed by default
( ͝סּ ͜ʖ͡סּ)
I haven't looked around that much in years beyond NixOS, what else has MAC by default these days? I remember a lot of the Debian based ones having some things constrained by AppArmor, but I personally prefer SELinux and it wasn't everything.
I don't know if it ships with a firewall, but that's definitely easier than an ad hoc SELinux setup. I always just transfer my iptables (nftables now) rules over.
As a Fedora user, I thought Debian would be more secure.
Maybe Fedora Atomic?
I mean, image based (immutable) distros are quite a bit more secure than regular ones, and Fedora Atomic (Silverblue, Bazzite, etc.) is pretty much the only great choice when it comes to those kind of operating systems.