L3V9's config

[L3V9]

A lot has changed since the thread original creation time. Yes, just as I suspected Flash is pure evil and shouldn't have anything in common with me.

 

[Ink]

Welcome, what OS do you use in the VM?

I would recommend using an alternative Ad-Blocking software such as, uBlock or AdBlock. Where you can create your own custom whitelist for the sites you support and NOT by whom the AdBlock Plus developers have been paid by.
https://chrome.google.com/webstore/detail/µblock/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
More: https://github.com/gorhill/uBlock

I am a Windows users and have little or no experience with Linux.
However, @Inkurax @illumination may be able to help.

 

[Cats-4_Owners-2]

Hello L3V9. I agree with Huracan and use uBlock interchangeably with Adguard (also on lubuntu 14.10)!
Both members named I consider linux experts!
Removing Flash, although something I've considered because of vulnerabilities, I have chosen not to resort to removing as ubuntu repositories continue to update security back ports. Is Firefox your default browser? As far as I know, Chrome updates pepper flash along with their browser.

I imagine your 64 bit system must allow your lubuntu to funtion much quicker than my x86 with 1 GB RAM tower!
Realizing you've requested tips on what to remove, my suggestions below are meant sincerely to help even as they are additions rather than removals to an extremely light distribution!

1. Activate Gufw (firewall) Set: ON, incoming: deny / outgoing: allow
2. Install bleachbit (similar to CCleaner for linux)

Thank you for sharing your very nice configuration!

 

[L3V9]

what OS do you use in the VM?

Right now I have: FreeDOS 1.1, Windows 2000, XP, Vista, 7, 8, 8.1, 10, Tails 1.2.3 , Kali Linux, Fedora 20, Oracle Linux (Virtual Sysadmin Days, Developer Days), Zorin OS 9, Q4OS, minimalistic Arch Linux.
Win7 VM is the one that's used mostly for malware and other suspicious software testing. Has such software installed that I don't trust and that can be found in "casual user's" machine, like Adobe Flash, Adobe Reader, Java, IE11.

I would recommend using an alternative Ad-Blocking software such as, uBlock or AdBlock. Where you can create your own custom whitelist for the sites you support and NOT by whom the AdBlock Plus developers have been paid by.

Changed to AdBlock. Thank you for the tip.

I imagine your 64 bit system must allow your lubuntu to funtion much quicker than my x86 with 1 GB RAM tower!

Actually... I'm not sure. Massive lagging can occur mainly when there's huge disk usage.

Is Firefox your default browser?

Yes.

Activate Gufw (firewall) Set: ON, incoming: allow / outgoing: deny

"Incoming: allow" ? I'm not familiar with networking, I decided to use "reject". Could the current option block something important ?

 

[Cats-4_Owners-2]

"Incoming: allow" ? I'm not familiar with networking, I decided to use "reject". Could the current option block something important ?

Firefox users have the benefit of "Check for plug-in updates/vulnerabilities (to flash player)", & as in windows, receive a warning indicated upon checking when flash vulnerabilities need attention. Though nerve racking at times, disabling remains one more option besides uninstalling. I do respect your safety first approach!

You were right! (fixed)
The settings "incoming: deny" & "outgoing: allow" are those specifically recommended most commonly for linx Gufw firewall users, therefore it allows one to go about the internet freely while protecting against spying / or phoning home by intrusions, though linux is less vulnerable we agree it is not impregnable. I am not 'network knowing' either!

Update:

I actually meant to advise "Incoming: deny" & "Outgoing: allow". Excuse me for getting my right confused with my left! *pours a needed cup of coffee for self!

 

[Soulbound]

Adobe Flash Player (installed by default) removed for extra security (on physical machine). Could anyone give me tips, what else should I remove or configure to be safer ?

Not sure what tips you are looking for, if it is for your main Host OS or the VMs.

Care to elaborate what exactly was removed from Lubuntu in terms of extra security?

Linux by default is quite safe up to a certain extend, as long as you update the system whenever security updates are available. Judging by one of your VMs, minimal Arch Linux, don't think your knowledge is set to be medium. Even just going through the wiki to install arch, unless you know what you are doing, you will end up messing it up the installation (contrary to popular belief, AURs are not installed by default etc, since Arch is built from ground up, pretty much like Gentoo).

Any case, unless you are running KDE as one of the DEs, then remove Konqueror as it just pulls KDE dependancies for no reason, adding stuff not needed to your system. Even if you do run KDE, Konqueror is just subpar to other browsers in my opinion.


PS: I am aware of Konqueror full capabilities beyond a browser.

 

[L3V9]

Changed back to AdBlock Plus, standard AdBlock didn't allow me to block a specific advert.

Judging by one of your VMs, minimal Arch Linux, don't think your knowledge is set to be medium.

Sir, I did not install Arch, I downloaded an OVA appliance. It's more like an experiment rather than a comfortable and usable environment. In fact, I still don't know, how to start X Server !
While my knowledge might be higher compared to some people, I definitely wouldn't call myself an expert.

Not sure what tips you are looking for, if it is for your main Host OS or the VMs.

I'd like my Host OS to be secure and usable at the same time.

Care to elaborate what exactly was removed from Lubuntu in terms of extra security?

I believe flashplugin-installer only.

Any case, unless you are running KDE as one of the DEs, then remove Konqueror as it just pulls KDE dependancies for no reason, adding stuff not needed to your system. Even if you do run KDE, Konqueror is just subpar to other browsers in my opinion.

Removed. Thank you.

 

[Exterminator]

Thanks for sharing your config If you need advice or help with Linux @illumination & @Inkurax are the two members who I would ask for advice and or help running a Linux system

 

[jamescv7]

Good to see you are using Linux and part of that case you will hae really low chance to be infected.

You try this if possible but that's optional though:

http://www.noobslab.com/2014/10/create-system-restore-points-for.html

 

[illumination]

Adobe Flash Player (installed by default) removed for extra security (on physical machine). Could anyone give me tips, what else should I remove or configure to be safer ?

Linux by default is mostly secure. Windows runs on a different file system then Linux, hence windows based malware will not execute on it. There are to date 48 known pieces of malware that will execute on Linux and are coded for Linux, but can not run unless you "the user" give it permission to run. If you are dual booting or have other windows machines on the same network, and or transfer files via usb from the linux machine to any windows machines you may want to consider an AV scanner for those devices to make sure that you are not transferring anything from the Linux machine to those.

There are rootkit scanners you can use on Linux if you worries lie there "chkrootkit & rkhunter". Other then this, just use you machine and enjoy it, as this is one of the benefits of running an operating system that lacks in hardware support and better known programs, but offers excellent security compared.

 

[Soulbound]

I'd like my Host OS to be secure and usable at the same time.


I believe flashplugin-installer only.

Install GetDeb and PlayDeb
Install WGET
Install unace unrar zip unzip p7zip-full p7zip-rar sharutils rar uudeview mpack arj cabextract file-roller
Install TLP
Intall YPPA Manager (to manage PPAs)

Final cleanup:
In Terminal run:

echo "Cleaning Up" && sudo apt-get -f install && sudo apt-get autoremove && sudo apt-get -y autoclean && sudo apt-get -y clean

Can refer to my Linux config for other tools for maintenance.


PS: if you have XORG and everything installed, simply type startx

 

[L3V9]

Additional software installed. I'm grateful.

Nevertheless, I'd rather be careful with Adobe Flash Player. Somehow it does seem like an unsafe software for me. Let's assume I'm using it and someone discovered a security hole, which allows to execute any commands the attacker wants. It could then execute: rm -rf ~. Or am I being too paranoid ?

Should I also take precautions about Java ? If so, what should I do ?

Other than that most attacks rely on social-engineering, tricking the user to execute a malicious script and/or give it appropriate permissions ?

If you are dual booting or have other windows machines on the same network, and or transfer files via usb from the linux machine to any windows machines you may want to consider an AV scanner for those devices to make sure that you are not transferring anything from the Linux machine to those.

I'm sorry. I'm unsure, whether I understood correctly. Should I use a scanner on my Linux machine (if so, which will get the job done best?) or make sure other people's Windows machines (I don't have any) have appropriate scanners installed ?

 

[Soulbound]

scanner that works in Linux is ClamAV which is CLI base. If you want GUI front end, you will also have to install ClamTK.
You can get both in synaptic package manager. basically sudo apt-get install clamav clamav-daemon

For ClamTK, you need to add the PPA for it (if you have YPPA installed, then just add the following PPA):
ppa:landronimirc/clamtk

Then simply run sudo apt-get update && sudo apt-get install clamtk

Official website: ClamAV

 

[L3V9]

Bump. Massive configuration change has occured since the last answer.

 

[Cats-4_Owners-2]

Bump. Massive configuration change has occured since the last answer.

Thank you for sharing your wonderful revisions. I am very impressed as "Debian GNU/Linux 8" represents, in a word, "stability"; and it was also nice to read you've escaped the "Flash"-mob monster!