Desktop Linux Security Review - MX Linux

Desktop Linux Security Review – MX Linux

January 10, 2022

This post documents my testing results for the Desktop Linux distro MX Linux. I performed the same testing on the following distros:

[13 points] Elementary OS (results)
[13 points] Linux Mint (results)
[12 points] Ubuntu (results)
[12 points] Manjaro (results)
[10 points] Garuda Linux (results)
[9 points] EndeavourOS (results)
[9 points] Pop!_OS (results)

The results are based on the methodology described here:

Linux Desktop Security Review

MX Linux collected 10 out of 18 possible points – A good balance between UX and Security.

Distro Name: MX Linux (https://mxlinux.org)

Tested Version: MX-21_x64 (XFCE), downloaded on 2022-01-08

ISO MD5: e773deac72f85dddb9f354d731afe678

Total Score: 10 / 18

MX Linux Installer (FDE)

Summary of Installer – Security Features:

[Y] Does the Installer offer to fully encrypt the main disk?
[Y] Does the installer indicate the strength of chosen passwords?

MX’s graphical installer is very mature and makes it super easy to fully encrypt the disk. The installer also has a password strength indicator that is being used for the disk encryption password as well as the user and root password choices.

Score: 2 / 2

MX Linux (ufw)

Summary of Firewall:

[Y] Is a host firewall installed by default?
[N] Is the host firewall enabled by default?
[N] Does the host firewall block all incoming/ingress traffic by default?
[N] Does the host firewall filter outgoing/egress traffic by default?

MX comes with UFW installed by default. However, the firewall is not enabled automatically and therefore there is no blocking of ingress and no filtering of egress traffic.

Score: 1 / 4

MX Linux (sw update notify)

Summary of Automatic Updates:

[N] Are updates automatically downloaded during installation?
[Y] Is the package manager configured to automatically download updates and notify the user about new updates being available?
[Y] Are the package sources properly authenticated by default?

MX is not downloading updates during installation. The package manager does notify the user about new updates, so it is likely that user will eventually install updates. The tested MX version was using Debian and one MX repository. All the repositories are using cryptographic keys to validate the packages.

Score: 2 / 3

MX Linux (vuln scan)

Vulnerability Scanning Results:

[3] How many critical vulnerabilities are present right after installation?
[2] How many high vulnerabilities are present right after installation?
[0] How many critical vulnerabilities are present after a full software update run?
[0] How many high vulnerabilities are present after a full software update run?

Nessus scans identified 3 critical and 2 high vulnerabilities right after installation. After applying all available updates the vulnerabilities were remediated.

Score: 2 / 4

MX Linux (sudo)

Summary of User Privileges:

[Y] Is sudo required to use root privileges?
[Y] Does sudo require a password?

MX is using sudo for admin task elevation and protects the use of sudo with a password.

Score: 2 / 2

MX Linux (firefox)

Summary of Default Browser:

[Y] Is the default browser updated regularly?
[N] Does the default browser warn about the execution of downloaded files?

MX is installing Firefox as the default browser. It is regularly updated. However, it does not warn about the execution of downloaded files.

Score: 1 / 2

Summary of Application Sand-boxing:

MX does not install AppArmor, nor does it install SELinux.

Score: 0 / 1

Contact via Mastodon: @seb@ioc.exchange