eth4n's security config

[eth4n]

Hi everyone,

I think that this Config Wizard is clearly favoring Windows over Linux...

I'm using Arch Linux, imo the safest distro, because u can tweak it as you like.

My security configuration consists of:

• ufw - great iptables frontend, tweaked settings in order to reduce attack surface
• grsecurity - kernel patch for exploit and 0day protection
• AppArmor - MAC, very simple rules configuration (I actually had to recompile my own kernel to allow it, default Arch kernel with grsecurity comes only with Tomoyo enabled - I've no idea how to use it and I'd also have to write my own profiles, so no thank you)
• firejail - great sandboxing tool, essential for Firefox and vulnerable apps, comes with several predefined profiles
• edithosts - interesting tool, blocks ads on HOSTS level, I tweaked it to block malware domains as well, doesn't slow down my browsing experience so far
• rkhunter - decent tool, scans for generic rootkit files, reports suspicious files and most importantly stores hashes of essential OS files and then reports any tampering with them

It's a bit overkill for a desktop, but well... at least I feel safe.

 

[Deleted member 178]

Arch Linux is a good one, using Apparmor is a good move; you linux security setup is quite tight.

 

[Exterminator]

Very nice Linux Config!! Thanks for sharing it with us

 

[Vasudev]

First of all, Linux is secure out of the box, but you made it still more secure than ever.

 

[Noxx]

I know nothing about Linux, so I take the words of the gentlemen above. Thank you for sharing.

 

[eth4n]

Thanks everyone, I'm starting to really like this board as I assess it.

@Noxx - try it out, you might actually like it.

 

[JM Safe]

Good configuration.

What do you think about Chkrootkit?

 

[jamescv7]

Well honestly since you are already in Linux, then it is already secured for numerous upcoming years.

You may try to install related snapshot/rollback software as your backup.

 

[eth4n]

Hm, any tips? I backup manually and sometimes use Clonezilla for the OS SSD.

@JM Security - it's a solid tool, for servers though, I wouldn't install it on a desktop... RKHunter is more complex, so I'm keeping it.

 

[Vasudev]

I use Grsync to make complete backup of FF & TB profiles along with config files.