I’m new to the cyber-security/privacy space. I am interested in teaching myself about it, as well as dabbling in OSINT and general linux-type-stuff too. ATM this is all a hobby so while it is not crucial to have everything air-tight, I would like to do my best to follow best practices.

That being said, I am currently using a Mac M1 so my VM capabilities are (AFAIK) limited to the OS’s provided by the UTM virtual machine software. For those who are unaware, the OS’s they provide can be found here:

https://mac.getutm.app/gallery/

From a security/privacy perspective, which of these OS’s would you consider to be the most secure or, able to be the most secure with configuration? At first glance and with my limited knowledge, I want to say Kali, but I feel this may be cliché as it’s what your stereotypical-hacker-type would use.

Any guidance would be appreciated.

N.B., ease of use/convenience is not a top priority for me, as I’m using this as a learning experience and I’m open to trying different things and making mistakes along the way.

Thanks!

***EDIT: Thank you to all who provided information. I learned a lot. I’ve decided to try a few different distros that work with UTM namely, Parrot OS (both home and security editions for different purposes), as well as Kali and Debian.

  • OnePhoenix@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    5
    ·
    8 months ago

    Is SELinux enabled by default in Fedora? I’ve tried researching it but everyone seems to be wanting to do the opposite and disable SELinux (presumably because it restricts ease-of-use)?

    • Orbital@infosec.pub
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      8 months ago

      Yes, SELinux is enabled (in “enforcing” mode) by default in Fedora. In my experience, it doesn’t hamper usability.

      I remember seeing old advice from blogs and listicles about turning it off, on the theory that it might get in the way. But it’s better to leave it on if you care about security – especially if you want to learn.

      When SELinux blocks a piece of software from doing something sketchy, an alert is generated to explain what happened and why. That’s rare but it’s a learning opportunity for you, not to mention preventing a potential security threat.