View previous topic :: View next topic |
Author |
Message |
slicktux n00b
Joined: 16 Jul 2013 Posts: 22 Location: CA
|
Posted: Tue Jul 16, 2013 5:16 am Post subject: Maintaining A Secure Linux System? |
|
|
i am making Gentoo my primary OS for my laptop, and i want to know how to keep my system secure as well as my data. _________________ "Yeah! I am just an atom in an ectoplasmic sea, Without direction or a reason to exist.
The anechoic nebula rotating in my brain is persuading me contritely to persist."
Dr. Graffin
Last edited by slicktux on Mon Aug 03, 2015 8:05 am; edited 2 times in total |
|
Back to top |
|
|
The Doctor Moderator
Joined: 27 Jul 2010 Posts: 2678
|
Posted: Tue Jul 16, 2013 6:05 am Post subject: |
|
|
Welcome to Gentoo!
Secure against what? Stolen Laptop? Hacking? Water boarding the user to give up the password*?
If secure against theft is a priority, I would use a complete disk encryption scheme. I would use serpent since it appears to be the most secure cypher for the job.
In addition to keeping your system up to date, you should also make it a point to disable possible security holes. For example, you should configure ssh to never allow root log ins and you should probably restrict it to public key authentication rather than password. If you don't need ssh running, don't even add it to your default run level.
Use flags are another powerful tool. For example, if you don't need policykit, consolkit, pam etc, why install them at all? All they would be doing in that case is adding a possible security hole. Just in time (jit) is another risk. Compiling code as you need it is handy for java, etc but it leaves the possibility of malicious code being introduced.
Your kernel is another area to pay attention to. Just use what you need. If you don't need loadable module support, disable it and don't build any modules. This is because you (or your kernel) could be tricked into running a tainted module. Also, choose your kernel carefully. Hardened-sources has many security features, such as PaX.
You should also run a strong firewall such as iptables. You should set your rules to be on the conservative side, etc.
Of course, if you are just an average user then simply keeping up to date, running a firewall, and exercising good Internet safety should be adequate. I am sure other people will have suggestions, but without knowing exactly what kind of security you are thinking of, its hard to give any kind of answer.
* If your data is worth your life, you would be stupid to rely on any information online. _________________ First things first, but not necessarily in that order.
Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box. |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Tue Jul 16, 2013 11:59 am Post subject: |
|
|
Use e.g. AppArmor on the Internet-facing apps (web browser, email, etc) and proprietary apps.
Use privoxy to filter ads etc. for your web browser. |
|
Back to top |
|
|
slicktux n00b
Joined: 16 Jul 2013 Posts: 22 Location: CA
|
Posted: Thu Jul 18, 2013 2:54 am Post subject: reply |
|
|
The Doctor wrote: | Welcome to Gentoo!
Secure against what? Stolen Laptop? Hacking? Water boarding the user to give up the password*?
|
Thank you for thee informative answer for such a broad question.
"i don't see myself being water boarded in my life time "knocks on wood". " _________________ "Yeah! I am just an atom in an ectoplasmic sea, Without direction or a reason to exist.
The anechoic nebula rotating in my brain is persuading me contritely to persist."
Dr. Graffin
Last edited by slicktux on Mon Aug 03, 2015 8:05 am; edited 1 time in total |
|
Back to top |
|
|
mvaterlaus Apprentice
Joined: 01 Oct 2010 Posts: 234 Location: Switzerland
|
|
Back to top |
|
|
slicktux n00b
Joined: 16 Jul 2013 Posts: 22 Location: CA
|
Posted: Fri Jul 19, 2013 2:55 am Post subject: |
|
|
ah great, thank you! i will be doing some reading on this handbook. _________________ "Yeah! I am just an atom in an ectoplasmic sea, Without direction or a reason to exist.
The anechoic nebula rotating in my brain is persuading me contritely to persist."
Dr. Graffin |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|