

Ask HN: Building a secure Linux distribution? - csomar

I want to build a secure and very minimalist system&#x2F;OS. I&#x27;ll be buying a new Laptop for that purpose (thinking of Dell XPS). The purpose of the system is to:<p>- Read&#x2F;Write Emails<p>- Browse the Web (using Tor; and text-only is fine)<p>- VIM &#x2F; Rust<p>- SSH to my server securely<p>* I won&#x27;t be using the system for anything else.<p>* I want the system to be as minimalist as possible. That is, I can do this stuff now with my OS X. But I don&#x27;t want to have XX applications and packages installed.<p>* I would prefer if I only have a command-line. No desktop environment.<p>Now the hardest bits:<p>1. What distribution to choose? I&#x27;m thinking of Arch, but I have little experience in the Linux world.<p>2. Is there a guide that covers what security precaution I should be taking to protect my identity and privacy?<p>3. How to install the system on my FreeOS laptop and make sure that Internet via Wireless both works and secure.<p>I&#x27;m doing this to learn Rust and relying on the Command-line completely for all work. I think Email is superior to Slack or anything else for communication. I think the Web is mostly distracting; and I can use my iPad for non-sensitive and casual browsing. I also think that VIM (or NeoVim) are more superior to IDEs; and so is Rust as a programming language.<p>But this is just my opinion. I want to build my dream setup from scratch and I need: 1. advice and 2. reliable guides or books.<p>(PS: I&#x27;m not limited or required to use Linux but I think it&#x27;s the best for my use-case?)
Thanks!
======
vezzy-fnord
Why do you insist on a Linux distribution to begin with?

In any event, I'd recommend either Alpine Linux or Hardened Gentoo for this
purpose. The latter has SELinux, rule set access control and the PaX/grsec
exploit mitigation kernel patches configured out of the box. The former is
similar, but also uses a non-GNU userland in Busybox and musl libc, which
should lower the TCB attack surface.

