eth4n's security config

E

eth4n

New Member
Thread author
Jul 9, 2016
3
7
4
27
Scotland
Hi everyone,

I think that this Config Wizard is clearly favoring Windows over Linux... :D

I'm using Arch Linux, imo the safest distro, because u can tweak it as you like.

My security configuration consists of:
  • ufw - great iptables frontend, tweaked settings in order to reduce attack surface
  • grsecurity - kernel patch for exploit and 0day protection
  • AppArmor - MAC, very simple rules configuration (I actually had to recompile my own kernel to allow it, default Arch kernel with grsecurity comes only with Tomoyo enabled - I've no idea how to use it :D and I'd also have to write my own profiles, so no thank you)
  • firejail - great sandboxing tool, essential for Firefox and vulnerable apps, comes with several predefined profiles
  • edithosts - interesting tool, blocks ads on HOSTS level, I tweaked it to block malware domains as well, doesn't slow down my browsing experience so far
  • rkhunter - decent tool, scans for generic rootkit files, reports suspicious files and most importantly stores hashes of essential OS files and then reports any tampering with them
It's a bit overkill for a desktop, but well... at least I feel safe. :)
 
  • Like
Reactions: Noxx, Deleted Member 3a5v73x, Vasudev and 1 other person
Well honestly since you are already in Linux, then it is already secured for numerous upcoming years. ;)

You may try to install related snapshot/rollback software as your backup.
 
Hm, any tips? :) I backup manually and sometimes use Clonezilla for the OS SSD.

@JM Security - it's a solid tool, for servers though, I wouldn't install it on a desktop... RKHunter is more complex, so I'm keeping it. ;)
 
You must log in or register to reply here.

You may also like...