Advanced Plus Security Overkill's Linux Mint Config 2021

Last updated
Mar 7, 2021
How it's used?
For sharing
Operating system
Linux
Other operating system
Linux Mint MATE 19.3
On-device encryption
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Smart App Control
Network firewall
Real-time security
AppArmor | Firejail
Firewall security
About custom security
Firejail sandbox protecting various apps...

Configuring symlinks in /usr/local/bin based on firecfg.config VirtualBox created Xephyr created audacious created bleachbit created brasero created chromium-browser created cmus created cvlc created dconf-editor created dig created dnsmasq created enchant created enchant-lsmod created evince created ffmpegthumbnailer created ffplay created ffprobe created file-roller created firefox created gapplication created gcalccmd created gnome-calculator created gnome-character-map created gnote created gucharmap created highlight created host created kazam created keepassxc created keepassxc-cli created keepassxc-proxy created mate-color-select created mate-dictionary created mpv created nslookup created onboard created patch created pdftotext created picard created pix created qbittorrent created qt-faststart created redshift created ssh created strings created torbrowser-launcher created transmission-gtk created uudeview created virtualbox created vlc created wget created xcalc created xed created xreader created xreader-previewer created xreader-thumbnailer created xviewer created Warning: cannot create /usr/local/bin/yelp - already exists! Skipping... youtube-dl created Adding user family to Firejail access database in /etc/firejail/firejail.users User family already in the database Loading AppArmor profile Configuring symlinks in /usr/local/bin based on local firejail config directory Fixing desktop files in /home/family/.local/share/applications vlc.desktop skipped: file exists ca.desrt.dconf-editor.desktop skipped: file exists
Periodic malware scanners
None
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Firefox: TrafficLight | uBlock Origin | HTTPS Everywhere
Chromium: TrafficLight | uBlock Origin | HTTPS Everywhere
Secure DNS
NextDNS
Desktop VPN
None
Password manager
KeePass2
Maintenance tools
BleachBit: I use BB mainly to clean browsers. I create a Timeshift snapshot before I clean my system.
File and Photo backup
Manually, (no schedule) to my External Drive
MEGA (Encrypted Cloud Storage)
System recovery
Timeshift snapshots taken daily
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Downloading software and files from reputable sites
Computer specs
HP Pavillion Desktop
Intel Core 2 CPU 6300 @1.86GHz
3.00 GB RAM 320GB HDD
Notable changes
Removed Chromium, Click&Clean
Added Firefox, Firejail, BleachBit, HTTPS Everywhere, The Ultimate Blacklist Hosts file
Removed:The Ultimate Blacklist Hosts file
Added:Chromium: TrafficLight, uBlock Origin, HTTPS Everywhere and NextDNS
What I'm looking for?

Looking for medium feedback.

sepik

sepik

Level 11
Verified
Well-known
Aug 21, 2018
505
Hello,
Just my suggestions. Do not use firewall that relys on the WFP. Its easy to bypass. Instead, use a firewall that have a own firewall kernel mode driver and loads in ring 012 before windows own "firewall".
 
  • Like
  • Applause
Reactions: plat, Protomartyr, harlan4096 and 2 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,600
Good setup (y)

Some suggestions:
Best for security would be working from a standard user account.
Set UAC to always notify to prevent UAC bypasses.
No need to mention SwitchDefaultDeny, because it's part of Hard_Configurator and does nothing in your defense but can be used to temporarily pause your defenses.
Zemana AntiMalware 3.0 Free is not really developed anymore, good alternatives would be Norton Power Eraser or Kaspersky Virus Removal tool.
VoodooShield and KB SSL Enforcer are IMO not really needed with this setup, the Overkill part of your setup? 🤔

EDIT: because of your light Hard_Configurator settings (Windows 10 Basic Recommended Settings) it makes sense to use VS for a double check on EXE and MSI files. Maybe the AutoPilot mode would be enough for that?
 
Last edited:
  • Like
  • +Reputation
Reactions: Venustus, plat, Protomartyr and 4 others
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,669
@Overkill:

You may set UAC to Always Notify.

In Photos and Files Backup , consider also cloud services.

In Periodic Scanners, You should change ZAM3 to EmsiSoft Emergengy Kit and add HitManPro Free.

A PassWord Manager would be welcome also.

Please kindly reflect Your changes editing Your config, and announcing them here, thanks for sharing :)
 
  • Like
Reactions: Venustus, plat, Protomartyr and 4 others
sepik

sepik

Level 11
Verified
Well-known
Aug 21, 2018
505
I comply, do not use any "password managers" softwares that connects to internet. I recommend old way, your brain. Challenge-Response is traditional way aka PGP, but it does have a flaw(s). Many military agencies use this tech in a general communication in between... cant say more, because im in the military reserve.
 
  • Like
Reactions: Venustus, Nevi, oldschool and 1 other person
Thales

Thales

Level 15
Verified
Top Poster
Well-known
Nov 26, 2017
708
sepik said:
I comply, do not use any "password managers" softwares that connects to internet. I recommend old way, your brain. Challenge-Response is traditional way aka PGP, but it does have a flaw(s). Many military agencies use this tech in a general communication in between... cant say more, because im in the military reserve.
Click to expand...
There are password managers that use offline solutions. Keepass, KeepassXC, Sticky password.
I prefer the offline password managers.
 
  • Like
Reactions: Venustus, Protomartyr, Overkill and 3 others
F

ForgottenSeer 72227

Overkill said:
I have finally made the switch to Linux! Any tips and tricks would be greatly appreciated!
Click to expand...

As with Windows, just make sure you continue to practice safe computing/online habits. Linux is more secure than Windows, largely due to the fact that it's market share on the desktop is quite low in comparison...so it's typically not a target. That being said there is still malware out there for Linux. If anything you could add (if you haven't already) GUFW, which is a GUI for uncomplicated firewall (ufw). There are AV's for Linux, but it's debatable if it's warranted.

If anything don't go copying and pasting every command line string that you may see unless you know what it does. Mostly stick to the app store for installing apps. Since you are using Linux Mint which is based of Debain/Ubuntu, you can also add PPAs which allows you to install apps that may not be in the store. So similarly be careful which PPAs you add (if you add any).

Moral of the story, mostly just practice good computing hygiene and you should be fine. Same can be said for any OS really.;):emoji_beer:
 
  • Like
  • Applause
Reactions: Thales, Venustus, Overkill and 1 other person
Overkill

Overkill

Level 31
Thread author
Verified
Honorary Member
Feb 15, 2012
2,128
geminis3 said:
Ubuntu/Debian based distros are the best choice if you need good support and documentation available on the web
Click to expand...
I've tried so many distros...Debian, Ubuntu, all 3 DE's of Mint, Pop OS, MX Linux, Zorin, Q4OS, Ubuntu Mate, Fedora, openSUSE, Puppy, antiX, Peppermint, Kubuntu, RebornOS, Ultimate and LXLE :LOL: but I keep coming back to Linux Mint!
 
  • Like
Reactions: Venustus and Gandalf_The_Grey
You must log in or register to reply here.

Similar threads

simmerskool
Advice Request Linux Firefox & Bitwarden
Replies
3
Views
646
ChromeOS & Linux
Bot
Bot
Gandalf_The_Grey
    • Like
    • Applause
    • HaHa
Technology Linux Surpasses 4 Percent Usage Share on the Desktop for the First Time
Replies
7
Views
407
Technology News
MuzzMelbourne
MuzzMelbourne
Gandalf_The_Grey
    • HaHa
    • Wow
Technology Linux is the only OS to support diagonal PC monitor mode — dev champions the case for 22-degree-rotation computing
Replies
4
Views
641
Technology News
blackice
blackice

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top