Choosing the Perfect Linux Distro for Advanced Users: Why Endeavour OS is My Final Choice
When it comes to Linux distributions, there are plenty of choices. This can be both a blessing and a curse for an advanced user. You have the tech skills to handle complex setups, but matching those skills to the perfect distribution can be challenging. After a thorough evaluation, I've landed on Endeavour OS as the ideal fit for advanced users looking for a secure, stable, and resource-efficient system. In this article, I dive deep into why Endeavour OS checks all the boxes.
DISCLAIMER:
This was a research based on my and my only review, pain points, preconceptions, and experience in the world of Linux. This is not intended to be the source of truth but another view of Linux usage for advanced users.
The Search for the Perfect Distro
The journey began with an exhaustive list of requirements tailored to an advanced user's needs. The primary use cases involved were:
- Anonymous environment isolated container
- Development environments
- Pen-testing or security-locked container
The distro must be highly secure, out-of-the-box, resource-efficient, and compatible with containerization technologies. It also had to support Mandatory Access Control (MAC) systems like SElinux and Intrusion Detection Systems (IDS)/Intrusion Prevention Systems (IPS).
The Contenders
Several distributions were considered, each with its pros and cons.
- Debian: Known for its stability, the lack of out-of-the-box encrypted disk support on LUKS2, the messy installation, and the lack of up-to-date features were a deal-breaker.
- Fedora Silverlight: Immutable, secure, great for development, has good SElinux integration, and awesome containerization, but the immutable part still needs to be ready from my perspective; the need for restart on every upgrade could be overcome in the future. I know this is the default behavior, but I don't restart my environment to update on an immutable application, so it is a matter of evolution (they already have a beta feature in that regard).
- Arch Linux: Extremely customizable but requires much time and effort for setup and maintenance. It was my main distro for years, but it is too painful to configure; the time/benefit doesn't make sense only if you want to understand/learn the core basics of Linux and how to configure it. Been there, done that.
- Fedora Workstation: This is my main distro for work, so I'm biased to say that it is a strong contender. But is less solid and performative than Endeavour. Endeavour is much cleaner and faster, bringing the best of Fedora in an Arch-based system. Please look at that guy if you want to go, not Arch-based.
- Ubuntu: A lot of talking, short results. For me, the path is defined, standard, and novice usage. The inflexibility, BLOATED system with A LOT of unnecessary apps, and becoming more dependable on Snap make this distro the worst path for advanced users.
While these are great options, they still need to meet stringent criteria.
Why Not Qubes?
Qubes OS, a security-focused distro, was also considered. However, hardware incompatibility issues and the lack of maintainability at a fast pace that gives me confidence in the support and upgrade led me to look elsewhere.
Fedora was the king contender when we looked at usability vs. security tradeoffs and flexibility. Qubes was the security one, with a beautiful architecture that allowed me to create the perfect system and hand-maid for my necessities. In the future, this could be the new king for those searching for security and hand-maid architecture.
Endeavour OS: The Final Frontier
After an extensive evaluation, Endeavour OS emerged as the perfect match. Here's why:
1. Rolling Release
Endeavour OS is based on Arch Linux, meaning you get the latest packages without reinstalling the entire OS. Some people say about instability, but that is less common than people think. For me, updated packages are better than outdated ones.
2. Versatility
Whether developing, chatting anonymously, or engaging in pen-testing, Endeavour OS's lightweight nature and high customizability suit various tasks. The total flexibility of an arch distribution is perfect when you need to change everything and mount everything the way you want. The possibility of working with KVM/QEMU with the proper performance and security customization was the key to that.
3. Security
Endeavour OS offers robust security features right out of the box. It also supports MAC through AppArmor and can integrate easily with various IDS/IPS solutions. I could set up SELinux, AppArmor, Firejail, FirewallD, Suricata, and a Suricata Notifier Event system in just a few minutes.
This included some hardened post configurations and the creation of the notifier event, as described in my other article.
4. Usability
Despite its advanced features, Endeavour OS doesn't compromise on user experience, providing a clean, intuitive UI that advanced users will appreciate. The after-install menu gave me the speed I wanted, not to waste time with basic stuff and go straight to the advanced customizations I wanted.
5. Community and Documentation
The active Endeavour OS community and exhaustive documentation mean you're always there when encountering challenges. If you want to find something outside Endeavour documentation, you can use the Arch, which is 100% compatible and the best Linux documentation.
6. Resource Efficiency
Endeavour OS's minimal resource requirement became an added advantage, not a necessity. I was impressed with the speed of commands and services. The fluid and beautiful UI gave me the experience I was searching for; it was performative delightfully.
Endeavour OS: My initial architecture result
Machine: Alienware M15 R6 with SSD 256 GB dedicated to this system, fully encrypted, and 64RAM disposable for containerization.
Desktop environment: Gnome
Containerization: KVM/QEMU with the virtual manager as the GUI.
1. Security Customization and initial apps
After installing and making a basic configuration, I followed some best practices to harden an Arch-based system and installed some guys to help me with my sanity. Some of them were:
- Suricata and Suricata Notifier system(IDS);
- Snort(IPS);
- SELinux(MAC);
- Apparmor;
- Firejail;
- Firewalld;
Please let me know if you can suggest others or a better composition; let's discuss this in the comments.
2. Anonymous Environment
I added Whonix as my principal anonymous place for anonymous navigation, guaranteeing that I'm not leaking packages and have reasonable security while doing my work. I followed the guide of Whonix, which worked like a charm for my needs.
3. Development environment
I used the host itself to be my development environment. Using VPN and the compatibility to install everything I needed made me a happy man with Fish as my Terminal and Vscode as my primary IDE. Everything else is just details.
4. Pentesting
I have Kali Linux as a container, running with the possibility of attaching it as a bridge network or Whonix gateway for total anonymity with pretty straightforward customization. That also gave me flexibility and isolation from the other areas I was searching for.
The Wrap-Up
Endeavour OS was the golden mean — balancing power, versatility, and security while remaining resource-efficient. Endeavor OS proves to be an almost unbeatable choice for advanced users who are uncompromising on these fronts.
Imuttable OS like Fedora Silverlight could be the future, but it has yet to be ready as a pleasant experience as the usability tradeoff is yet.
Qubes OS, my absolute crush, has everything to turn into the most secure distro for advanced users. We need continued work and more hardware and usability investment to become more stable and usable.
So, are you planning to switch to Endeavour OS, disagree or have suggestions? Let me know in the comments below.
