Linux Security
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Linux Security
What are some of the things one can do to make Linux (and Linux Mint) more secure? What I know so far:
a) Firewall
b) Don't load unknown software
c) ?????
Browser security? How do you keep Chromium/Chrome from "phoning home"
Internet security? Logging into the coffee shop wifi?
Perhaps a good tutorial?
a) Firewall
b) Don't load unknown software
c) ?????
Browser security? How do you keep Chromium/Chrome from "phoning home"
Internet security? Logging into the coffee shop wifi?
Perhaps a good tutorial?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Linux Security
at the coffee shop huh...lol...the county sheriffs come to my house for coffee, they say mines better than they get at the shops lol...as far as browser security on chromium/chrome based browsers, i like to start with the "startpage.com" search engine as its about as private and secure as can be, duck duck go is also my second choice...browser extension "must haves" would be ublock origin, (make sure to set up its settings to your preferences), along with its ublock origin extra, also privacy possum is a good sidekick to use with the ublock origins...there all found in the chrome store and work quite well...enjoy your java this morning...DAMIEN
PS...if anyone recommends "Trace" right now, dont even consider it at the moment...it used to be good but after an update they put out on the 2nd i think it was, half of the most needed features of it no longer work...ive reported to them just what was wrong with it 3Xs over the last 5 days with no response from the trace team even though they ask for email address to do so.
PS...if anyone recommends "Trace" right now, dont even consider it at the moment...it used to be good but after an update they put out on the 2nd i think it was, half of the most needed features of it no longer work...ive reported to them just what was wrong with it 3Xs over the last 5 days with no response from the trace team even though they ask for email address to do so.
- JoeFootball
- Level 13
- Posts: 4673
- Joined: Tue Nov 24, 2009 1:52 pm
- Location: /home/usa/mn/minneapolis/joe
Re: Linux Security
Actually Startpage HTTPS is even better.DAMIEN1307 wrote: ⤴Tue Jul 16, 2019 7:13 am ... i like to start with the "startpage.com" search engine ....
For every complex problem there is an answer that is clear, simple, and wrong - H. L. Mencken
Re: Linux Security
i actually have been manually changing it to HTTPS:// when i change other settings for search as follows which also includes dark theme settings, celsius vs. farenheight, post vs. get etc...DAMIEN
Last edited by DAMIEN1307 on Tue Jul 16, 2019 9:04 am, edited 1 time in total.
- JoeFootball
- Level 13
- Posts: 4673
- Joined: Tue Nov 24, 2009 1:52 pm
- Location: /home/usa/mn/minneapolis/joe
Re: Linux Security
hi joe...Brave browser enforces https as well it as well...DAMIEN
Last edited by DAMIEN1307 on Tue Jul 16, 2019 9:32 am, edited 1 time in total.
- JoeFootball
- Level 13
- Posts: 4673
- Joined: Tue Nov 24, 2009 1:52 pm
- Location: /home/usa/mn/minneapolis/joe
Re: Linux Security
[removed per above edit]
Last edited by JoeFootball on Tue Jul 16, 2019 9:38 am, edited 1 time in total.
Re: Linux Security
hi joe...i think i mispoke here...its the brave browser doing the https thing, not ublock origin...sorry...DAMIEN
PS...ammended my post concerning ublock origin and instead just mentioned brave browser as enforcing https.
PS...ammended my post concerning ublock origin and instead just mentioned brave browser as enforcing https.
Re: Linux Security
Forgot to mention that one, it's good.JoeFootball wrote: ⤴Tue Jul 16, 2019 9:04 am Speaking of HTTPS, I like to use HTTPS Everywhere for my browser.
Joe
If you really want to go nuts try noscript. However, there's a real tension between security and useability in general, and I think thatt strays too far from useability for most people.
And re coffee shops, I have an old netbook that's used for little else. It's also the machine I used to do distro/DE hopping a while back. And several times, after reinstalling, I forgot to turn on the firewall. Once for over a month. Guess what? I never got hacked. I'm certainly not suggesting you be so cavalier but that shows you just how secure Linux really is.
For every complex problem there is an answer that is clear, simple, and wrong - H. L. Mencken
- absque fenestris
- Level 12
- Posts: 4110
- Joined: Sat Nov 12, 2016 8:42 pm
- Location: Confoederatio Helvetica
Re: Linux Security
Maybe turn off JavaScript?Logging into the coffee shop wifi?
It's easy with uBlock Origin: Click on the logo and switch JavaScript on or off in the pop-up window at the bottom right.
Or/and install uMatrix (also by Mr. Gorhill...)
Or Tor Browser on security level high...
Re: Linux Security
Security/Privacy - Linux or otherwise:
1-3 too easy and good2go out of the box and you probably don't even need #2 for general home use
1.) Any linux OS (note: without WINE)
2.) Turn on the fire wall
3.) Install firejail
4.) FireFox (or other more secure browser than Chrome/Chromium- this is an opinion and there are many when it comes to browsers)
5.) StartPage Search Engine
6.) Browser extensions (Again lots of opinions here - a,b,c probably enough)
a.) HTTPS Everywhere
b.) Privacy Possum
c.) uBlock Origin
d.) Disable WebRTC (WebRTC is a communication protocol that relies on JavaScript that can leak your actual IP address from behind your VPN, by default. This addon fixes that, making VPNs more effective)
e.) IDN Safe (IDN Safe is a browser extension which blocks internationalized domain names to prevent you from visiting probable fake sites.)
7.) Encrypted password vault (I like LastPass but there are others that are just as good)
8.) Change your DNS settings away from your ISP (I like CloudFlare 1.1.1.1 1.0.0.1 but again the opinions range on providers)
9.) install a VPN (there are many good choices and some not so good so do a little research - I like PrivateTunnel they are associated with OpenVPN and easy to use)
10.) Install a PiHole DNS server (easy to do for ~$100 - makes your browser run faster and blocks ads and bad guys - probably overkill to some https://pi-hole.net/)
11.) Your router (maybe the weakest link in your security)
a.) make sure the firmware is up to date
b.) turn on the firewall
c.) turn off UPnP (gamers evidently need this turned on but if not a gamer turn it off)
d.) turn off remote access
e.) Do Not turn off SSID
Edited:
Using MAC filtering is useless but implement it if you want. I had previously stated the same about SSID but I was wrong actually - see Pjotr's comment below. Also I change the network address away from the typical default to something like 192.168. 63.31
EDIT: Add Pjotr comments RE: SSID and MAC filtering.
1-3 too easy and good2go out of the box and you probably don't even need #2 for general home use
1.) Any linux OS (note: without WINE)
2.) Turn on the fire wall
3.) Install firejail
4.) FireFox (or other more secure browser than Chrome/Chromium- this is an opinion and there are many when it comes to browsers)
5.) StartPage Search Engine
6.) Browser extensions (Again lots of opinions here - a,b,c probably enough)
a.) HTTPS Everywhere
b.) Privacy Possum
c.) uBlock Origin
d.) Disable WebRTC (WebRTC is a communication protocol that relies on JavaScript that can leak your actual IP address from behind your VPN, by default. This addon fixes that, making VPNs more effective)
e.) IDN Safe (IDN Safe is a browser extension which blocks internationalized domain names to prevent you from visiting probable fake sites.)
7.) Encrypted password vault (I like LastPass but there are others that are just as good)
8.) Change your DNS settings away from your ISP (I like CloudFlare 1.1.1.1 1.0.0.1 but again the opinions range on providers)
9.) install a VPN (there are many good choices and some not so good so do a little research - I like PrivateTunnel they are associated with OpenVPN and easy to use)
10.) Install a PiHole DNS server (easy to do for ~$100 - makes your browser run faster and blocks ads and bad guys - probably overkill to some https://pi-hole.net/)
11.) Your router (maybe the weakest link in your security)
a.) make sure the firmware is up to date
b.) turn on the firewall
c.) turn off UPnP (gamers evidently need this turned on but if not a gamer turn it off)
d.) turn off remote access
e.) Do Not turn off SSID
Edited:
Using MAC filtering is useless but implement it if you want. I had previously stated the same about SSID but I was wrong actually - see Pjotr's comment below. Also I change the network address away from the typical default to something like 192.168. 63.31
12.) Y router configuration (definitely overkill but I put my wired devices on a separate network from my wireless and guest devices - https://pcper.com/2016/08/steve-gibsons ... nsecurity/)by Pjotr » 17 Jul 2019, 05:44
Implementing MAC filtering is merely useless (and bothersome), so this particular useless complication is innocent.
But turning of SSID broadcasting is worse, because besides being useless it actually diminishes your security:
https://easylinuxtipsproject.blogspot.c ... html#ID1.1
TL;DNR: You then turn your laptop into a machine that's literally shouting that it can be hacked, whenever it's moved outside the range of your WiFi network.
Turning off SSID broadcasting for security, is a myth that should be dragged behind the barn and shot.
EDIT: Add Pjotr comments RE: SSID and MAC filtering.
Last edited by majpooper on Wed Jul 17, 2019 9:30 am, edited 2 times in total.
Re: Linux Security
THAT is a beautifully done comprehensive list there majpooper...DAMIEN
Last edited by DAMIEN1307 on Wed Jul 17, 2019 9:38 am, edited 1 time in total.
Re: Linux Security
Excellent list. Thanks.
- Pjotr
- Level 24
- Posts: 20092
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Linux Security
Implementing MAC filtering is merely useless (and bothersome), so this particular useless complication is innocent.
But turning of SSID broadcasting is worse, because besides being useless it actually diminishes your security:
https://easylinuxtipsproject.blogspot.c ... html#ID1.1
TL;DNR: You then turn your laptop into a machine that's literally shouting that it can be hacked, whenever it's moved outside the range of your WiFi network.
Turning off SSID broadcasting for security, is a myth that should be dragged behind the barn and shot.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Linux Security
THX much Pjotr - I edited my post to reflect your commentsPjotr wrote: ⤴Wed Jul 17, 2019 6:44 amImplementing MAC filtering is merely useless (and bothersome), so this particular useless complication is innocent.
But turning of SSID broadcasting is worse, because besides being useless it actually diminishes your security:
https://easylinuxtipsproject.blogspot.c ... html#ID1.1
TL;DNR: You then turn your laptop into a machine that's literally shouting that it can be hacked, whenever it's moved outside the range of your WiFi network.
Turning off SSID broadcasting for security, is a myth that should be dragged behind the barn and shot.