There are numerous Linux distributions and for many people, it is hard to know which one to choose. A few of the choices are Ubuntu, CentOS, Debian, Kali, Gentoo, Alpine, Fedora, Slackware, Suse, Arch, and so on. In today's world, everyone seems to value data privacy. The tasks you perform on your desktop are your personal business or in the case of corporations, their personal business. This is why it is important to choose a Linux distribution that is both minimal and customizable. GNU/Linux is the kernel and is licensed under GLPv2. The below information is a more traditional view of Linux. While not always practical, it is the way Linux was designed. Software subscription services, closed source firmware, third party device drivers, proprietary hardware abstraction layers, and non GPL licensing are many of the issues that modern corporations deal with on a daily basis. Many corporations choose to completely ignore GNU/Linux licensing and instead choose to layer in a multitude of software, both closed and open source, with restrictive licensing that commonly violates GNU/Linux licensing and the components that are linked to. Such systems often contain a mix of open source, distribution specific packages and custom compiled software with restrictive or absent licensing. These systems are then packaged and resold as custom appliances.
Software should be compiled and not pulled from arbitrary, distribution specific, package sources across the Internet. This is a huge source of a myriad of issues, from file system block issues to security vulnerabilities, and complex device driver issues. By comparison, FreeBSD handles package management well. On Linux systems, a minimal set of Linux kernel modules should be loaded and it is important to know exactly what each one does. Many Linux distributions boot by default with over 30 kernel modules dynamically loaded. Only a few are typically needed. Outbound network connections to third party companies should not exist on boot. All outbound network connections should be monitored and easily configured at all times. GPU drivers should be thoroughly examined, audited, community reviewed, and properly licensed. This is very important. Only those specific to the video device on the host should be loaded. As one moves their mouse across the screen and types on the keyboard, is their activity private and can only be seen by them? Many people ask this question and there are some things one can do, as described here, to mitigate a lot of the risk. Selecting the right monitor and video card is important. When X and the window manager are running, can one easily pull up a list of all network connections? Finally, all BIOS and processor specific components, including those in kernel, and user space, should be clearly documented and understood.
With these basic considerations in hand, the first choice would be to create a custom Linux distribution and compile the kernel and user-space with only the necessary components. While this is not always practical, Arch Linux is the next logical choice that meets the above requirements. For those interested in creating custom appliances with Linux, it is important to follow properly licensing. And for those purchasing custom appliances and cloud services that use such appliances, performing the proper due diligence is critical.