[Solved] Would really like some advice regarding security on Linux
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
[Solved] Would really like some advice regarding security on Linux
Hi all! So I've been using Linux for a few years now and am very happy with it. Recently a friend of mine has shown heavy interest in having me install it as a dual boot on her Mac too. Here's the thing, she does all her work on her home computer. She owns an online store, does most of her banking online, and is often required to download things or open various links to lesser known sites. (This is unfortunately not avoidable)
I know the general consensus is that anti-virus is not needed on Linux and that using safe online practices is enough to keep your pc safe. However, I don't feel this really applies to her in this regard, since her work requires her to do things most users don't. I know she's gone to great lengths to keep her pc and personal information safe, so the idea of not using an anti-virus is not sitting well with her. (Or me honestly)
I don't know what the best option here is, but I'd really like to help her out. Are there any other ways besides anti-virus that can help keep her secure on Linux? Or should she just avoid it altogether?
I know the general consensus is that anti-virus is not needed on Linux and that using safe online practices is enough to keep your pc safe. However, I don't feel this really applies to her in this regard, since her work requires her to do things most users don't. I know she's gone to great lengths to keep her pc and personal information safe, so the idea of not using an anti-virus is not sitting well with her. (Or me honestly)
I don't know what the best option here is, but I'd really like to help her out. Are there any other ways besides anti-virus that can help keep her secure on Linux? Or should she just avoid it altogether?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Would really like some advice regarding security on Linux
Thanks for the link, however I've already read through that site and post multiple times.(Have it bookmarked in fact ) My main concern here is that she sometimes has download and visit sites that could potentially cause issues. The post says not to do that and be extra careful, but there's no avoiding it for her.
If her work requires her to download something and Linux comes up with a pop up saying it's a risk to install, she'll still have to install anyway out of necessity. I know for sure there are some programs essential to her work that would require either PPA's or installation via .Deb files. So with this is mind, is she better off sticking with what she has and only using Linux for simple stuff like general web browsing?
If her work requires her to download something and Linux comes up with a pop up saying it's a risk to install, she'll still have to install anyway out of necessity. I know for sure there are some programs essential to her work that would require either PPA's or installation via .Deb files. So with this is mind, is she better off sticking with what she has and only using Linux for simple stuff like general web browsing?
Re: Would really like some advice regarding security on Linux
Good link sleeper12.
My take:
IMHO the bottom line is she won't find anything as secure that's a snap to use as Mint. Good idea to enable the firewall after install.
A link with a similar question: viewtopic.php?f=90&t=301455&p=1685394&h ... s#p1685394
My take:
IMHO the bottom line is she won't find anything as secure that's a snap to use as Mint. Good idea to enable the firewall after install.
A link with a similar question: viewtopic.php?f=90&t=301455&p=1685394&h ... s#p1685394
Re: Would really like some advice regarding security on Linux
There is nothing totally bulletproof. There's only the best the planet has. Linux is in that niche, indisputably, and Mint is tops for ease of use - enough said.Cosmic47 wrote: ⤴Fri Sep 27, 2019 4:48 pm Thanks for the link, however I've already read through that site and post multiple times.(Have it bookmarked in fact ) My main concern here is that she sometimes has download and visit sites that could potentially cause issues. The post says not to do that and be extra careful, but there's no avoiding it for her.
If her work requires her to download something and Linux comes up with a pop up saying it's a risk to install, she'll still have to install anyway out of necessity. I know for sure there are some programs essential to her work that would require either PPA's or installation via .Deb files. So with this is mind, is she better off sticking with what she has and only using Linux for simple stuff like general web browsing?
Last edited by LanceM on Fri Sep 27, 2019 10:58 pm, edited 1 time in total.
Re: Would really like some advice regarding security on Linux
Hi Cosmic47,
+1 for reading the link from "sleeper12".
Anyone can install the sandboxing application "firejail" to protect Internet-enabled applications like browsers, messengers, etc... so that anything you encounter through those cannot harm your entire system. I recommend installing the firejail PPA or downloading the deb files from their PPA.
Firejail and Mint 19 - Linux Mint Forums
viewtopic.php?f=42&t=273533&hilit=firejail#p1497699
There are many good posts in this forum on securing your system including for "online banking", etc... Recommend changing the ISP connection's default DNS servers to Cloudflare or even better setting up DNS over TLS and using a VPN provider's servers to encrypt your Internet activity and change your default IP address.
If you frequently exchange files (pictures, music, videos, data, documents, etc...) from anyone using MS Windows, Mac, etc... or download various files from the Internet, or provide support for MS Windows or Mac users, then installing an antivirus and or anti-malware is probably a good idea.
There are various Linux anti-virus and anti-malware applications and options available to use. You can either run an anti-virus application in "realtime" mode (always running) which will slow down your system somewhat and may provide an attack vector for hackers and other bad people targeting anti-virus and anti-malware applications, or you can run them "on-demand" which is what I do. I download everything to my "/Downloads" folder and scan just that folder before I move or copy anything from there to somewhere else. Some anti-virus applications (apps) can also provide realtime monitoring of just certain folders instead of the entire system (everything) which may also be appealing to some users.
I have Linux Malware Detect (LMD, maldet) installed with ClamAV and ClamTK. I also have BitDefender installed for secondary checks; not used in realtime. I also have various bootable anti-virus rescue discs that I can boot to and run overnight whenever I feel the need to; make sure these can scan Linux systems).
Good post:
Need for an antivirus.? - Linux Mint Forums
- instructions for installing LMD with ClamAV
viewtopic.php?f=90&t=238726&hilit=maldet
Hope this helps ...
+1 for reading the link from "sleeper12".
Anyone can install the sandboxing application "firejail" to protect Internet-enabled applications like browsers, messengers, etc... so that anything you encounter through those cannot harm your entire system. I recommend installing the firejail PPA or downloading the deb files from their PPA.
Firejail and Mint 19 - Linux Mint Forums
viewtopic.php?f=42&t=273533&hilit=firejail#p1497699
There are many good posts in this forum on securing your system including for "online banking", etc... Recommend changing the ISP connection's default DNS servers to Cloudflare or even better setting up DNS over TLS and using a VPN provider's servers to encrypt your Internet activity and change your default IP address.
If you frequently exchange files (pictures, music, videos, data, documents, etc...) from anyone using MS Windows, Mac, etc... or download various files from the Internet, or provide support for MS Windows or Mac users, then installing an antivirus and or anti-malware is probably a good idea.
There are various Linux anti-virus and anti-malware applications and options available to use. You can either run an anti-virus application in "realtime" mode (always running) which will slow down your system somewhat and may provide an attack vector for hackers and other bad people targeting anti-virus and anti-malware applications, or you can run them "on-demand" which is what I do. I download everything to my "/Downloads" folder and scan just that folder before I move or copy anything from there to somewhere else. Some anti-virus applications (apps) can also provide realtime monitoring of just certain folders instead of the entire system (everything) which may also be appealing to some users.
I have Linux Malware Detect (LMD, maldet) installed with ClamAV and ClamTK. I also have BitDefender installed for secondary checks; not used in realtime. I also have various bootable anti-virus rescue discs that I can boot to and run overnight whenever I feel the need to; make sure these can scan Linux systems).
Good post:
Need for an antivirus.? - Linux Mint Forums
- instructions for installing LMD with ClamAV
viewtopic.php?f=90&t=238726&hilit=maldet
Hope this helps ...
Phd21: Mint 20 Cinnamon & KDE Neon 64-bit Awesome OS's, Dell Inspiron I5 7000 (7573, quad core i5-8250U ) 2 in 1 touch screen
Re: Would really like some advice regarding security on Linux
While you've read ELTP (by forum member Pjotr), it's not clear you noticed or understood the importance of the reference to Firejail. Firejail restricts access rights of the browser, which IMHO is more useful than anti-virus software. And that's on top of Linux's intrinsic security. What keeps desktop Linux secure are obscurity, complexity (each distro is different) and the tireless efforts of acutely paranoid developers.
Also, understand the reason there's no Linux anti-virus app is that attacks are so rare there's nothing to put in the database. How is it better or safer to use an OS where there are enough attacks to create a database?
Re: Would really like some advice regarding security on Linux
Plus the inherent separation of user owned files from root owned files.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: Would really like some advice regarding security on Linux
First of all, thank you all very much for your responses! I've read through the links, thanks for providing them. Some of the stuff mentioned I knew about, but haven't delved in too much (i.e.Firejail)
I have a couple of questions regarding Firejail. My friend prefers to use the Brave browser in favor of Firefox since the latter tends to give her issues with her work. Is it possible to use Firejail for the Brave browser as well? Are there any special steps required after installing it or is it just as simple as typing in in the terminal like how it is for Firefox and Google? (My apologies if this was mentioned somewhere, I might have missed it)
Also, the post mentioned that it could cause issues with printing web pages. She regularly has to print shipping labels, does this mean she would have to go through a normal browser whenever she needs to print, or is this issue a rare one?
I have a couple of questions regarding Firejail. My friend prefers to use the Brave browser in favor of Firefox since the latter tends to give her issues with her work. Is it possible to use Firejail for the Brave browser as well? Are there any special steps required after installing it or is it just as simple as typing in
Code: Select all
firejail brave
Also, the post mentioned that it could cause issues with printing web pages. She regularly has to print shipping labels, does this mean she would have to go through a normal browser whenever she needs to print, or is this issue a rare one?
Re: Would really like some advice regarding security on Linux
To me the most important thing remains the central software repository model. The rest is just details that are mostly the same on Windows, anyway.
Re: Would really like some advice regarding security on Linux
Works for everything like that. You can even runCosmic47 wrote: ⤴Sat Sep 28, 2019 3:54 am I have a couple of questions regarding Firejail. My friend prefers to use the Brave browser in favor of Firefox since the latter tends to give her issues with her work. Is it possible to use Firejail for the Brave browser as well? Are there any special steps required after installing it or is it just as simple as typing inin the terminal like how it is for Firefox and Google? (My apologies if this was mentioned somewhere, I might have missed it)Code: Select all
firejail brave
sudo firecfg
to simply have all supported applications be run through firejail automatically. To undo that change again you can run sudo firecfg --clean
.Note that Firejail's default policies include blocking access to the system message bus (dbus), which, while the safest choice, breaks quite a bit of functionality in a number of applications (including browsers), so that's something to be aware of. You can change all the configuration but I'd say that's non-trivial without an understanding of the inner workings of your system.
Last edited by gm10 on Sat Sep 28, 2019 5:03 am, edited 1 time in total.
- catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
Re: Would really like some advice regarding security on Linux
Only if firejail has a profile for the application in
/etc/firejail
.Code: Select all
0ad.profile gnome-clocks.profile qmmp.profile
2048-qt.profile gnome-contacts.profile QOwnNotes.profile
7za.profile gnome-documents.profile qpdfview.profile
7z.profile gnome-font-viewer.profile qt-faststart.profile
7zr.profile gnome-keyring-3.profile qtox.profile
abrowser.profile gnome-keyring.profile quassel.profile
acat.profile gnome-logs.profile quiterss.profile
adiff.profile gnome-maps.profile qupzilla.profile
akonadi_control.profile gnome-mplayer.profile qutebrowser.profile
akregator.profile gnome-mpv.profile rambox.profile
als.profile gnome-music.profile ranger.profile
amarok.profile gnome-nettool.profile redeclipse.profile
amule.profile gnome-photos.profile redshift.profile
android-studio.profile gnome-pie.profile regextester.profile
anki.profile gnome-recipes.profile remmina.profile
anydesk.profile gnome-ring.profile rhythmbox.profile
aosp.profile gnome-schedule.profile ricochet.profile
apack.profile gnome-system-log.profile riot-desktop.profile
apktool.profile gnome-twitch.profile riot-web.profile
arch-audit.profile gnome-weather.profile ristretto.profile
archaudit-report.profile goobox.profile rnano.profile
ardour4.profile google-chrome-beta.profile rocketchat.profile
ardour5.profile google-chrome.profile rtorrent.profile
arduino.profile google-chrome-stable.profile runenpass.sh.profile
arepack.profile google-chrome-unstable.profile rview.profile
aria2c.profile google-earth.profile rvim.profile
ark.profile google-earth-pro.profile sayonara.profile
arm.profile google-play-music-desktop-player.profile scallion.profile
artha.profile gpa.profile scorched3d.profile
assogiate.profile gpg-agent.profile scp.profile
asunder.profile gpg.profile scribus.profile
atom-beta.profile gpicview.profile sdat2img.profile
atom.profile gpredict.profile seahorse-daemon.profile
atool.profile gradio.profile seahorse.profile
atril-previewer.profile gramps.profile seahorse-tool.profile
atril.profile gsettings-data-convert.profile seamonkey-bin.profile
atril-thumbnailer.profile gsettings.profile seamonkey.profile
audacious.profile gsettings-schema-convert.profile secret-tool.profile
audacity.profile gtar.profile server.profile
aunpack.profile gthumb.profile sftp.profile
authenticator.profile guayadeque.profile shellcheck.profile
autokey-common.profile gucharmap.profile shotcut.profile
autokey-gtk.profile gunzip.profile signal-desktop.profile
autokey-qt.profile gwenview.profile silentarmy.profile
autokey-run.profile gzip.profile simple-scan.profile
autokey-shell.profile handbrake-gtk.profile simplescreenrecorder.profile
aweather.profile handbrake.profile simutrans.profile
awesome.profile hashcat.profile skanlite.profile
baloo_filemetadata_temp_extractor.profile hedgewars.profile skypeforlinux.profile
baloo_file.profile hexchat.profile skype.profile
baobab.profile highlight.profile slack.profile
basilisk.profile hugin.profile slashem.profile
beaker.profile i3.profile smplayer.profile
bibletime.profile icecat.profile smtube.profile
bitcoin-qt.profile icedove.profile snox.profile
bitlbee.profile iceweasel.profile soffice.profile
bitwarden.profile ideaIC.profile sol.profile
blackbox.profile idea.profile soundconverter.profile
bleachbit.profile idea.sh.profile spectre-meltdown-checker.profile
blender-2.8.profile imagej.profile spotify.profile
blender.profile img2txt.profile sqlitebrowser.profile
bless.profile inkscape.profile ssh-agent.profile
bluefish.profile inkview.profile ssh.profile
bnox.profile inox.profile standardnotes-desktop.profile
brackets.profile iridium-browser.profile start-tor-browser.desktop.profile
brasero.profile iridium.profile start-tor-browser.profile
brave-browser.profile itch.profile steam-native.profile
brave.profile jd-gui.profile steam.profile
bsdcat.profile jdownloader.profile stellarium.profile
bsdcpio.profile JDownloader.profile strings.profile
bsdtar.profile jitsi.profile studio.sh.profile
Builder.profile k3b.profile subdownloader.profile
bunzip2.profile kaffeine.profile supertux2.profile
bzflag.profile karbon.profile supertuxkart.profile
bzip2.profile kate.profile surf.profile
caja.profile kcalc.profile sylpheed.profile
calibre.profile kdeinit4.profile synfigstudio.profile
calligraauthor.profile kdenlive.profile sysprof-cli.profile
calligraconverter.profile keepass2.profile sysprof.profile
calligraflow.profile keepass.profile tar.profile
calligraplan.profile keepassx2.profile tcpserver.net
calligraplanwork.profile keepassxc.profile teamspeak3.profile
calligra.profile keepassx.profile teeworlds.profile
calligrasheets.profile kget.profile telegram-desktop.profile
calligrastage.profile kid3-cli.profile telegram.profile
calligrawords.profile kid3.profile Telegram.profile
cantata.profile kid3-qt.profile terasology.profile
catfish.profile kino.profile thunar.profile
celluloid.profile klavaro.profile Thunar.profile
checkbashisms.profile kmail.profile thunderbird-beta.profile
cheese.profile knotes.profile thunderbird.profile
Cheese.profile kodi.profile thunderbird-wayland.profile
cherrytree.profile konversation.profile tilp.profile
chromium-browser.profile kopete.profile tor-browser-ar.profile
chromium-common.profile krita.profile tor-browser_ar.profile
chromium.profile krunner.profile tor-browser-ca.profile
cinelerra.profile ktorrent.profile tor-browser_ca.profile
cin.profile ktouch.profile tor-browser-cs.profile
clamav.profile kwin_x11.profile tor-browser_cs.profile
clamdscan.profile kwrite.profile tor-browser-da.profile
clamdtop.profile lbunzip2.profile tor-browser_da.profile
clamscan.profile lbzcat.profile tor-browser-de.profile
clamtk.profile lbzip2.profile tor-browser_de.profile
clawsker.profile leafpad.profile tor-browser-el.profile
claws-mail.profile less.profile tor-browser_el.profile
clementine.profile libreoffice.profile tor-browser-en.profile
clion.profile liferea.profile tor-browser_en.profile
clipit.profile lincity-ng.profile tor-browser-en-us.profile
cliqz.profile linphone.profile tor-browser_en-US.profile
clocks.profile lmms.profile tor-browser-es-es.profile
cmus.profile lobase.profile tor-browser_es-ES.profile
code-oss.profile localc.profile tor-browser-es.profile
code.profile lodraw.profile tor-browser_es.profile
conkeror.profile loffice.profile tor-browser-fa.profile
conky.profile lofromtemplate.profile tor-browser_fa.profile
corebird.profile login.users tor-browser-fr.profile
cower.profile Logs.profile tor-browser_fr.profile
cpio.profile loimpress.profile tor-browser-ga-ie.profile
crawl.profile lollypop.profile tor-browser_ga-IE.profile
crawl-tiles.profile lomath.profile tor-browser-he.profile
crow.profile loweb.profile tor-browser_he.profile
cryptocat.profile lowriter.profile tor-browser-hu.profile
Cryptocat.profile lrunzip.profile tor-browser_hu.profile
curl.profile lrzcat.profile tor-browser-id.profile
cvlc.profile lrzip.profile tor-browser_id.profile
cyberfox.profile lrz.profile tor-browser-is.profile
Cyberfox.profile lrztar.profile tor-browser_is.profile
darktable.profile lrzuntar.profile tor-browser-it.profile
dconf-editor.profile lugaru.profile tor-browser_it.profile
dconf.profile luminance-hdr.profile tor-browser-ja.profile
deadbeef.profile lximage-qt.profile tor-browser_ja.profile
default.profile lxmusic.profile tor-browser-ka.profile
deluge.profile lynx.profile tor-browser_ka.profile
devhelp.profile lzcat.profile tor-browser-ko.profile
devilspie2.profile lzcmp.profile tor-browser_ko.profile
devilspie.profile lzdiff.profile torbrowser-launcher.profile
dex2jar.profile lzegrep.profile tor-browser-nb.profile
d-feet.profile lzfgrep.profile tor-browser_nb.profile
dia.profile lzgrep.profile tor-browser-nl.profile
digikam.profile lzip.profile tor-browser_nl.profile
dig.profile lzless.profile tor-browser-pl.profile
dillo.profile lzmadec.profile tor-browser_pl.profile
dino.profile lzmainfo.profile tor-browser-pt-br.profile
disable-common.inc lzma.profile tor-browser_pt-BR.profile
disable-devel.inc lzmore.profile tor-browser-ru.profile
disable-exec.inc macrofusion.profile tor-browser_ru.profile
disable-interpreters.inc Maelstrom.profile tor-browser-sv-se.profile
disable-passwdmgr.inc makepkg.profile tor-browser_sv-SE.profile
disable-programs.inc manaplus.profile tor-browser-tr.profile
disable-xdg.inc Maps.profile tor-browser_tr.profile
discord-canary.profile masterpdfeditor4.profile tor-browser-vi.profile
DiscordCanary.profile masterpdfeditor5.profile tor-browser_vi.profile
discord-common.profile masterpdfeditor.profile tor-browser-zh-cn.profile
discord.profile mate-calc.profile tor-browser_zh-CN.profile
Discord.profile mate-calculator.profile tor-browser-zh-tw.profile
display.profile mate-color-select.profile tor-browser_zh-TW.profile
dnox.profile mate-dictionary.profile torcs.profile
dnscrypt-proxy.profile mathematica.profile tor.profile
dnsmasq.profile Mathematica.profile totem.profile
Documents.profile mcabber.profile tracker.profile
dolphin.profile mediainfo.profile transgui.profile
dooble.profile mediathekview.profile transmission-cli.profile
dooble-qt4.profile megaglest_editor.profile transmission-create.profile
dosbox.profile megaglest.profile transmission-daemon.profile
dragon.profile meld.profile transmission-edit.profile
dropbox.profile mencoder.profile transmission-gtk.profile
easystroke.profile mendeleydesktop.profile transmission-qt.profile
ebook-viewer.profile meteo-qt.profile transmission-remote-cli.profile
electron.profile midori.profile transmission-remote-gtk.profile
electrum.profile minetest.profile transmission-remote.profile
elinks.profile min.profile transmission-show.profile
emacs.profile mousepad.profile tremulous.profile
empathy.profile mp3splt-gtk.profile truecraft.profile
enchant-2.profile mp3splt.profile tuxguitar.profile
enchant-lsmod-2.profile mp3wrap.profile uefitool.profile
enchant-lsmod.profile mpd.profile uget-gtk.profile
enchant.profile mpDris2.profile unbound.profile
engrampa.profile mplayer.profile unknown-horizons.profile
enox.profile mpsyt.profile unlzma.profile
enpass.profile mpv.profile unrar.profile
eo-common.profile ms-excel.profile unxz.profile
eog.profile ms-office.profile unzip.profile
eom.profile ms-onenote.profile utox.profile
epiphany.profile ms-outlook.profile uudeview.profile
etr.profile ms-powerpoint.profile uzbl-browser.profile
evince-previewer.profile ms-skype.profile Viber.profile
evince.profile ms-word.profile viewnior.profile
evince-thumbnailer.profile multimc5.profile viking.profile
evolution.profile mumble.profile vimcat.profile
exfalso.profile mupdf.profile vimdiff.profile
exiftool.profile mupen64plus.profile vimpager.profile
falkon.profile musescore.profile vim.profile
fbreader.profile musixmatch.profile vimtutor.profile
feedreader.profile mutt.profile virtualbox.profile
feh-network.inc mypaint-ora-thumbnailer.profile VirtualBox.profile
feh.profile mypaint.profile vivaldi-beta.profile
fetchmail.profile nano.profile vivaldi.profile
ffmpeg.profile natron.profile vivaldi-snapshot.profile
ffmpegthumbnailer.profile Natron.profile vivaldi-stable.profile
ffplay.profile nautilus.profile vlc.profile
ffprobe.profile ncdu.profile vscodium.profile
file.profile nemo.profile vulturesclaw.profile
file-roller.profile netactview.profile vultureseye.profile
filezilla.profile nethack.profile vym.profile
firefox-beta.profile nethack-vultures.profile w3m.profile
firefox-common-addons.inc netsurf.profile warsow.profile
firefox-common.profile neverball.profile warzone2100.profile
firefox-developer-edition.profile newsboat.profile waterfox.profile
firefox-esr.profile nheko.profile webserver.net
firefox-nightly.profile nitroshare-cli.profile webstorm.profile
firefox.profile nitroshare-nmh.profile webui-aria2.profile
firefox-wayland.profile nitroshare.profile weechat-curses.profile
firejail.config nitroshare-send.profile weechat.profile
flacsplt.profile nitroshare-ui.profile wesnoth.profile
flameshot.profile nolocal.net wget.profile
flashpeak-slimjet.profile nomacs.profile whitelist-common.inc
flowblade.profile nylas.profile whitelist-var-common.inc
fluxbox.profile nyx.profile whois.profile
fontforge.profile obs.profile widelands.profile
font-manager.profile ocenaudio.profile wine.profile
fossamail.profile odt2txt.profile wire-desktop.profile
FossaMail.profile oggsplt.profile wireshark-gtk.profile
franz.profile okular.profile wireshark.profile
freecadcmd.profile onionshare-gui.profile wireshark-qt.profile
freecad.profile openbox.profile xcalc.profile
freeciv-gtk3.profile opencity.profile xchat.profile
freeciv-mp-gtk3.profile openclonk.profile xed.profile
freeciv.profile open-invaders.profile Xephyr.profile
freecol.profile openshot.profile xfburn.profile
freemind.profile openshot-qt.profile xfce4-dict.profile
freeoffice-planmaker.profile openttd.profile xfce4-mixer.profile
freeoffice-presentations.profile opera-beta.profile xfce4-notes.profile
freeoffice-textmaker.profile opera.profile xiphos.profile
freshclam.profile orage.profile XMind.profile
Fritzing.profile ostrichriders.profile xmms.profile
frozen-bubble.profile p7zip.profile xmr-stak.profile
gajim-history-manager.profile palemoon.profile xonotic-glx.profile
gajim.profile parole.profile xonotic.profile
galculator.profile patch.profile xonotic-sdl.profile
gcalccmd.profile pavucontrol.profile xpdf.profile
gcloud.profile pcmanfm.profile xplayer-audio-preview.profile
gconf-editor.profile pdfchain.profile xplayer.profile
gconf-merge-schema.profile pdfmod.profile xplayer-video-thumbnailer.profile
gconf-merge-tree.profile pdfsam.profile xpra.profile
gconfpkg.profile pdftotext.profile xreader-previewer.profile
gconf.profile peek.profile xreader.profile
gconftool-2.profile picard.profile xreader-thumbnailer.profile
geany.profile pidgin.profile x-terminal-emulator.profile
geary.profile ping.profile Xvfb.profile
gedit.profile pingus.profile xviewer.profile
geekbench.profile pinta.profile xxd.profile
geeqie.profile pioneer.profile xzcat.profile
ghb.profile pithos.profile xzcmp.profile
ghostwriter.profile pitivi.profile xzdec.profile
gimp-2.10.profile pix.profile xzdiff.profile
gimp-2.8.profile playonlinux.profile xzegrep.profile
gimp.profile pluma.profile xzfgrep.profile
gitg.profile polari.profile xzgrep.profile
github-desktop.profile ppsspp.profile xzless.profile
git.profile pragha.profile xzmore.profile
gitter.profile psi-plus.profile xz.profile
Gitter.profile pybitmessage.profile yandex-browser.profile
gjs.profile pycharm-community.profile yelp.profile
globaltime.profile pycharm-professional.profile youtube-dl.profile
gnome-2048.profile qbittorrent.profile zaproxy.profile
gnome-books.profile qemu-launcher.profile zart.profile
gnome-builder.profile qemu-system-x86_64.profile zathura.profile
gnome-calculator.profile qlipper.profile zoom.profile
gnome-chess.profile QMediathekView.profile zpaq.profile
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Re: Would really like some advice regarding security on Linux
Actually it does not depend on the profile but a hardcoded list at
/usr/lib/firejail/firecfg.config
. But yes, I should have clarified that (I now added "supported" to my sentence above).- Pjotr
- Level 24
- Posts: 20120
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Would really like some advice regarding security on Linux
Because of that, I strongly discourage to do this....gm10 wrote: ⤴Sat Sep 28, 2019 4:53 am You can even runsudo firecfg
to simply have all supported applications be run through firejail automatically. To undo that change again you can runsudo firecfg --clean
.
Note that Firejail's default policies include blocking access to the system message bus (dbus), which, while the safest choice, breaks quite a bit of functionality in a number of applications (including browsers), so that's something to be aware of. You can change all the configuration but I'd say that's non-trivial without an understanding of the inner workings of your system.
It's good to know that this feature exists (I didn't know it), but for the vast majority of users applying this feature will create untold misery.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Would really like some advice regarding security on Linux
Installing Firejail is simple. Be aware the repo version usually lags a bit. OTOH, it updates automatically, whereas installing from deb file requires the user to monitor updates. Also, see this post by Fred Barclay (a member of the dev team) on how to do manual updates.
An important wrinkle is how to configure the browser to use Firejail. Ordinary procedure is to right-click the launcher and edit Properties, prefixing the command with firejail (lower case). Last I heard, this doesn't work in Cinnamon 19.1 onwards. Instead, per xenopeek, the same result can be achieved with a symlink. FYI, you can have multiple symlinks if using multiple browsers.
-
- Level 5
- Posts: 564
- Joined: Fri Sep 05, 2014 1:39 am
Re: Would really like some advice regarding security on Linux
This as far as protecting your system from malware or bad actors. Further, in linux one can control user access to any files/directories and or encrypt/password protect important directories or drives. So I don't understand the need for the headache of firejail.
comadore, pcDOS, hpux, solaris, vms-vax ....blah blah blah..
Yet I'm still a fn nooob
Yet I'm still a fn nooob
- Pjotr
- Level 24
- Posts: 20120
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Would really like some advice regarding security on Linux
Simple: what kind of access do you want to allow to your web browser? By default, your web browser can access each and every file in your home directory. Firejail restricts that to the Downloads folder and (of course) the profile folder of your web browser.oldgranola wrote: ⤴Sat Sep 28, 2019 2:57 pm I don't understand the need for the headache of firejail.
Last edited by Pjotr on Sat Sep 28, 2019 3:02 pm, edited 1 time in total.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Would really like some advice regarding security on Linux
It's for preventing applications running under your user account from accessing your own files or other applications. But you don't need third-party software like Firejail for that, the kernel's own AppArmor solution provides similar functionality. But Firejail comes with pre-defined configuration profiles for a large number of applications so many prefer it.oldgranola wrote: ⤴Sat Sep 28, 2019 2:57 pm Further, in linux one can control user access to any files/directories and or encrypt/password protect important directories or drives. So I don't understand the need for the headache of firejail.
But there's no strict "need" for it, it's just an additional security barrier that lets many sleep better at night.
Re: Would really like some advice regarding security on Linux
Awesome, thanks so much for the help and information! I'll be sure to point my friend to here and the ELTP site so she can learn more about Linux and how to keep it safe.
Re: Would really like some advice regarding security on Linux
Security through obscurity? Isn't that usually frowned upon and generally considered to be a Bad Thing?
Running Mint 19.3 Cinnamon on an Intel NUC8i5BEH with 16GB RAM and 500GB SSD