Somebody's security guide (a link):



craigevil

Well-Known Member
Joined
Feb 24, 2021
Messages
273
Reaction score
274
Credits
1,879
If you are running Debian/Ubuntu give debsecan a try. Along with debsums.
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
3,864
Reaction score
2,612
Credits
27,935
Yeah, some of it is okay. Some of it is really not that valuable. The stuff about SSH and jails, for example, aren't too bad.
As @craigevil already said most of what is mentioned in that guide seems like waste of time. fail2ban I only run on systems running 247 so usually no not on desktops. As for changing the default ssh port, I only give access to my ssh port for specific ip addresses doing firewall whitelisting. Firejail sounds interesting and fun but seems to much like a PITA for daily use, although I have to admit I never tried it. Currently playing around with podman en containers on my homeserver and that is already a PITA because it's a different way of doing things.
 
OP
K

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
3,988
Reaction score
3,661
Credits
32,046
Firejail sounds interesting and fun but seems to much like a PITA for daily use, although I have to admit I never tried it.

I'm a bit surprised by that. I've set up shortcuts to run browsers in a jail, for example. Once you do the work once, you don't have to replicate it.
 

craigevil

Well-Known Member
Joined
Feb 24, 2021
Messages
273
Reaction score
274
Credits
1,879

All you need to do once you have it installed is changed the command in the menu or desktop file for the apps you want to firejail.
See the examples on the above page.
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
3,864
Reaction score
2,612
Credits
27,935
Next time I am bored or have some time off I will have a look at Firejaill, that way I will at least know what I'm talking about with some actual Firejail experience ;)
 
OP
K

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
3,988
Reaction score
3,661
Credits
32,046
For the longest time, I ran my default browser in a jail automatically. I did the same with other software that connected to the 'net, such as my IRC client. If I picked up potentially sketchy software, I'd run that in a jail as well.

I haven't bothered setting it up on all three of the devices I use most frequently. It is installed on one box that I use exclusively for testing things. I've been a bit negligent with the other two as those are recent upgrades to Lubuntu 20.04 and that meant clean installs.
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!


Top