Linux

48072 readers

1 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

What to use for system hardening (lemmy.world)

submitted 2 years ago* (last edited 2 years ago) by Hercules@lemmy.world to c/linux@lemmy.ml

7 comments fedilink hide all child comments

Im using linux for +-3 yrs and im pretty used to it. Im currently running nixos on my laptop. My question is what kind of hardening do i need firejail, apparmor, selinux, .. all 3 of them ? none of them ? Thanks for the advice and have a nice day

all 9 comments

sorted by: hot top controversial new old

[–] nous@programming.dev 32 points 2 years ago (1 children)

Linux is fairly secure out the box and typically does not need any sort of extra hardening for most people unless you have a specific case you are worried about or some threat model that requires it. And hardening a system is not simply about installing some package, but more about learning to setup and utilise said packages to mitigate the threats you think you are going to be dealing with. Hardening a system generally comes with tradeoffs and these are not always worth the cost involved for what you get from them. All depends on what types of threats you think you will face - a journalist in a hostile country is going to want a far more secure system and will be more willing to compromise on other aspects to get that then some grandma that just wants to look at pictures on facebook. Both of these will want different tradeoffs for their systems.

Generally speaking I would start by reading up more about hardening linux systems, and what types of things these tools are designed to do. I would start with anything related to the system you are interested in, nixos has its own guides general security which links to many things you might want to think about. Arch Linux also has some good guides on security that are worth a read. And there is more general stuff like The Practical Linux Hardening Guide or redhats guides though these are more server focused and might offer tips that can be too restrictive for desktop systems.

As for apparmor and selinux, these are competing technologies and I don't think you can use both at once.

[–] Hercules@lemmy.world 2 points 2 years ago

Thanks for your anwser i will look into your links!!!

[–] Krafting@lemmy.world 13 points 2 years ago

You can use Lynis to scan your system for settings or weird behavior, it's pretty useful, some stuff don't have great explainations however... so you will need to do a bit of research to know why a certain setting should be turn off or stuff like that

https://cisofy.com/lynis/

[–] Skimmer@lemmy.zip 6 points 2 years ago* (last edited 2 years ago)

You're off to a good start, I'd recommend reading through and following this guide, its the best resource out there at the moment for Linux hardening/security imo.

[–] knobbysideup@lemm.ee 2 points 2 years ago

Start with lynis and go from there. Also lsof -ni and disable things that you don't need.

Lynis will help you to comply with cis benchmarks, which are another thing you should read through.

[–] ilya@l.matestmc.ru 1 points 2 years ago (1 children)

You could use a hardened kernel. I don't remember exactly how to set it up, but look it up like Nixos hardened kernel.

[–] PoorPocketsMcNewHold@lemmy.ml 1 points 2 years ago

grapheneX https://github.com/grapheneX/grapheneX Unrelated to grapheneOS