Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Maintaining A Secure Linux System?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
slicktux
n00b
n00b


Joined: 16 Jul 2013
Posts: 22
Location: CA

PostPosted: Tue Jul 16, 2013 5:16 am    Post subject: Maintaining A Secure Linux System? Reply with quote

i am making Gentoo my primary OS for my laptop, and i want to know how to keep my system secure as well as my data.
_________________
"Yeah! I am just an atom in an ectoplasmic sea, Without direction or a reason to exist.
The anechoic nebula rotating in my brain is persuading me contritely to persist."

Dr. Graffin


Last edited by slicktux on Mon Aug 03, 2015 8:05 am; edited 2 times in total
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2678

PostPosted: Tue Jul 16, 2013 6:05 am    Post subject: Reply with quote

Welcome to Gentoo!

Secure against what? Stolen Laptop? Hacking? Water boarding the user to give up the password*?

If secure against theft is a priority, I would use a complete disk encryption scheme. I would use serpent since it appears to be the most secure cypher for the job.

In addition to keeping your system up to date, you should also make it a point to disable possible security holes. For example, you should configure ssh to never allow root log ins and you should probably restrict it to public key authentication rather than password. If you don't need ssh running, don't even add it to your default run level.

Use flags are another powerful tool. For example, if you don't need policykit, consolkit, pam etc, why install them at all? All they would be doing in that case is adding a possible security hole. Just in time (jit) is another risk. Compiling code as you need it is handy for java, etc but it leaves the possibility of malicious code being introduced.

Your kernel is another area to pay attention to. Just use what you need. If you don't need loadable module support, disable it and don't build any modules. This is because you (or your kernel) could be tricked into running a tainted module. Also, choose your kernel carefully. Hardened-sources has many security features, such as PaX.

You should also run a strong firewall such as iptables. You should set your rules to be on the conservative side, etc.

Of course, if you are just an average user then simply keeping up to date, running a firewall, and exercising good Internet safety should be adequate. I am sure other people will have suggestions, but without knowing exactly what kind of security you are thinking of, its hard to give any kind of answer.

* If your data is worth your life, you would be stupid to rely on any information online.
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Tue Jul 16, 2013 11:59 am    Post subject: Reply with quote

Use e.g. AppArmor on the Internet-facing apps (web browser, email, etc) and proprietary apps.

Use privoxy to filter ads etc. for your web browser.
Back to top
View user's profile Send private message
slicktux
n00b
n00b


Joined: 16 Jul 2013
Posts: 22
Location: CA

PostPosted: Thu Jul 18, 2013 2:54 am    Post subject: reply Reply with quote

The Doctor wrote:
Welcome to Gentoo!

Secure against what? Stolen Laptop? Hacking? Water boarding the user to give up the password*?


Thank you for thee informative answer for such a broad question.
"i don't see myself being water boarded in my life time "knocks on wood". :)"
_________________
"Yeah! I am just an atom in an ectoplasmic sea, Without direction or a reason to exist.
The anechoic nebula rotating in my brain is persuading me contritely to persist."

Dr. Graffin


Last edited by slicktux on Mon Aug 03, 2015 8:05 am; edited 1 time in total
Back to top
View user's profile Send private message
mvaterlaus
Apprentice
Apprentice


Joined: 01 Oct 2010
Posts: 234
Location: Switzerland

PostPosted: Thu Jul 18, 2013 8:33 am    Post subject: Reply with quote

hi,
I don't know, if you allready know this [1] guide, but it gives a start to general security in gentoo linux. check it out.


[1]http://www.gentoo.org/doc/en/security/security-handbook.xml
Back to top
View user's profile Send private message
slicktux
n00b
n00b


Joined: 16 Jul 2013
Posts: 22
Location: CA

PostPosted: Fri Jul 19, 2013 2:55 am    Post subject: Reply with quote

mvaterlaus wrote:
hi,
I don't know, if you allready know this [1] guide, but it gives a start to general security in gentoo linux. check it out.


[1]http://www.gentoo.org/doc/en/security/security-handbook.xml


ah great, thank you! i will be doing some reading on this handbook.
_________________
"Yeah! I am just an atom in an ectoplasmic sea, Without direction or a reason to exist.
The anechoic nebula rotating in my brain is persuading me contritely to persist."

Dr. Graffin
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum