|
|
|
|
|
|
by jfindley
4304 days ago
|
|
|
While I sympathise with the sentiment, there's a couple of things to point out here. Firstly, none of the firewall distros I've seen have really prioritised security all that much - they tend to prioritise fancy interfaces and rolling lots (often far too many) features into one box. I'm not aware of a single one of the commonly used firewall distros that enables selinux, for example (although I've not looked at all of them - I could have missed one). Secondly, this is clearly a home product - not a device that's likely to be the focus of a large amount of determined attacks. As long as you don't allow password-based logins, and regularly apply security patches the likelyhood of being compromised is very small. Modern mainstream linux distributions aren't as horrendously insecure by default as you imply - the job of locking them down isn't a massively complex black art. |
|
|
commonly used "for" firewalls distro is Debian and selinux "works" on vanilla Debian. Its a labor hog making it less efficient to enable selinux than to look for / fix other problems, but it can be done if you insist and are willing to spend less time securing more important areas (pretty much everything, unfortunately)
On the other hand I am also unable to find a "firewall distro" solely for FW work that does selinux as of last time I looked. Hard to prove a negative but it is possible to prove that if it exists, its well hidden. The marketplace for FW distros is focused on ease of use, security theater, and authoritarianism and credentialism so actual security related features are going to be a pretty low priority in the market, which is humorous / ironic.