L2. Choosing a Distribution: Ubuntu, RHEL, Kali and Beyond

What Is a Linux Distribution?

The Linux kernel alone cannot do much for an end user. You need a shell, a package manager, system utilities, configuration tools, and optionally a desktop environment. A distribution (or "distro") bundles all of these components together into a coherent, installable operating system.

Each distribution makes its own choices about:

• Which package manager to use (apt, dnf, pacman, apk)
• Which init system manages services (systemd, OpenRC)
• How long releases receive security updates
• What default configuration ships out of the box
• Whether the distro targets servers, desktops, security professionals, or embedded devices

These choices have direct security implications. A distribution with short support cycles means you must upgrade more frequently or risk running unpatched software. A distro that ships with permissive defaults requires more hardening before production use.

The Major Distribution Families

Most distributions descend from one of three families. Understanding the family tells you which package manager to expect and where to find documentation.

Debian Family

Ubuntu Server is the most common Linux distribution in cloud environments. AWS, Azure, and GCP all offer Ubuntu images. Its large community means you will find answers to almost any configuration question quickly. Kali Linux is built specifically for penetration testers. It ships with hundreds of pre-installed security tools (Nmap, Metasploit, Burp Suite, John the Ripper, and many more). Kali is not intended as a daily-use operating system or a production server. It runs as root by default in some configurations and has security trade-offs that make sense only in a controlled testing environment.

Red Hat Family

RHEL dominates in enterprise environments, especially in finance, healthcare, and government. Red Hat provides long-term support (10+ years per major version), certified hardware and software compatibility, and commercial support contracts. If your employer runs RHEL, you need to be comfortable with dnf, rpm, and systemctl. Rocky Linux and AlmaLinux emerged as free, community-driven replacements after CentOS shifted to CentOS Stream. They aim for binary compatibility with RHEL, making them popular for organizations that want RHEL-like stability without the subscription cost.

Other Notable Distributions

Alpine Linux uses musl libc and BusyBox instead of glibc and GNU coreutils, resulting in container images as small as 5 MB. Its minimal attack surface makes it a popular base image for Docker containers. However, its differences from mainstream distributions can cause compatibility issues with some software.

Choosing the Right Distribution

For Learning and Labs

Start with Ubuntu Server (LTS version). It has the largest community, the most tutorials, and the broadest cloud support. When you are comfortable, try an RHEL-family distro like Rocky Linux so you understand both apt and dnf.

For Enterprise Servers

Your employer will likely standardize on either Ubuntu LTS or RHEL (or a compatible derivative). Follow the organizational standard. Mixing distributions in production creates maintenance overhead and inconsistent security baselines.

For Penetration Testing

Use Kali Linux in a virtual machine or as a live boot. Do not install it as your primary operating system. Kali's pre-installed tools and root-first approach are designed for controlled assessments, not general computing.

For Containers

Use Alpine Linux or distroless images for production containers. Smaller images mean fewer packages, fewer potential vulnerabilities, and faster scanning with tools like Trivy.

Security Implications of Your Choice

Support Lifecycle

Every distribution has a defined support window during which security patches are released. Running an end-of-life (EOL) distribution means no more patches, which is one of the most common audit findings in enterprise environments.

Ubuntu 24.04 LTS    Supported until April 2029 (standard), 2034 (ESM)
RHEL 9              Full support until May 2027, maintenance until May 2032
Alpine 3.20         Supported until May 2026

Always check the EOL date before deploying a distribution in production.

Default Configuration

Some distributions ship with stricter defaults than others. For example, Ubuntu enables ufw (Uncomplicated Firewall) by default on desktop installations but not on server installations. RHEL enables SELinux in enforcing mode by default. These defaults shape your security posture from the moment of installation.

Package Freshness vs. Stability

Rolling-release distributions (Arch, Fedora) get the newest software quickly but may introduce breaking changes. LTS distributions (Ubuntu LTS, RHEL) prioritize stability and backport security fixes without upgrading to new major versions. For production security workloads, LTS releases are almost always the right choice.

Setting Up Your Lab Environment

For this course, you should have access to a Linux terminal. The easiest options:

1. Cloud VM: Launch a free-tier Ubuntu Server instance on AWS, Azure, or GCP
2. Virtual Machine: Use VirtualBox or VMware to run Ubuntu Server locally
3. WSL 2: If you are on Windows, install Ubuntu via Windows Subsystem for Linux
4. macOS Terminal: macOS is UNIX-based and shares many commands, but some Linux-specific features (systemd, apt) will not be available

Whichever method you choose, make sure you have a working terminal where you can practice the commands in the upcoming lessons.