Lets talk Linux security! What security programs, CLI tools, GUi tools do you use to keep you linux system secure?

smooth_buddha

Active Member
Joined
Feb 13, 2020
Messages
362
Reaction score
246
Credits
1,648
Would love to hear what security tools, apps and programs any of you use to keep your system secure and safe, also any other security measures that you take like sandbox'ing or virtualization, or specific security based distros you like or prefur????

I personally use clamav and clamtk , rkhunter and ufw (uncomplicated firewall), and virtual box for virtualization. Im currently looking into other security measures and programs as its not talked about that often as linux is reguarded as fairly secure but im not optimistic when it comes to security and malware i think its best to assume theres many unknown linux malware, vulnerabilites and bugs out there which have not yet been identified rather than repeating the mantra Linux is pretty secure, - which it is to some degree, with several different kernel versions it does make it somewhat more arkward for hackers to write malware as systems can vary so much among linux users but its not impossible and has been known to happen.

Would be interested to know if anybody has actually ever had a virus or malware on Linux or knows somebody that has! I personally do not know of anybody who's ever been infected on Linux.
 


Security is a process, not an application.

I have a very poorly written 'bonus article' on my site that's awaiting a rainy day when I'll publish it. It was written while I was really, really inebriated and there's no salvaging it, so I'll eventually just hit the publish button and let 'er rip.

Anyhow, as a general rule, I don't use any of those things - not even a firewall (on my desktops/laptops). Malware exists for Linux. Don't install it. I use least-permissions type of processes and take care to install only from trusted sources.

I don't bother with a firewall. I'm behind a router that has NAT enabled. I used to use a hardware firewall but I haven't bothered with that in ages. You can't do things like access my network without me noticing. I'm gonna see your car in the driveway! However, you could just access the guest network. It's isolated from my network and only allows internet access.

No, you can't SSH into my systems - at least not without a whole lot of work and a whole lot of information. So, I'm not too concerned.

I keep good backups and don't do much in the way of banking online. So, for all that work you're really not going to get anything. Just like using multiple browsers, I keep things compartmentalized.

Public facing servers are a whole other story. That's not really salient as this site is mostly about desktop use.
 
ssh, ssl, iptables, firewall-cmd, clamav, selinux, ( as mentioned above, NAT/router firewall )
passwd-policy enforcer.
For the paranoid..
lynus, chkrootkit, rkhunter...
 
ssh, ssl, iptables, firewall-cmd, clamav, selinux, ( as mentioned above, NAT/router firewall )
passwd-policy enforcer.
For the paranoid..
lynus, chkrootkit, rkhunter...
lynis*
 
I use a combination of different tools, depends on which distribution. I keep documentations of which ones I use on what distribution because I use multiple distros.
 
Silverblue to disable write on the OS. Flatpak are also containerized and up to date so it's great to mitigate any breach. You can also install most of them from a reputable source (flathub.org)

SSH server is disabled on fedora by default too and SELinux is on but i don't know much of how it works.

Extending to web security i am using ublock and common sense. And i never torrent any binary, only video files once again hoping that VLC won't have a huge vulnerability.

And of course i checksum my iso before burning them.
 
firefox blocker ad stopper is all i use .
 
I use gufw, PIA vpn, router firewall, Vivaldi ad blockers and FF miner Block, Also use rkhunter though it produces false positives.
And I do not ever download any file that I'm not sure of and then only from known sources. Most of security and malware come through human error not from be infected by others. But because the op lets it in. Be careful and alert and Linux is very safe.
 
I use gufw, PIA vpn, router firewall, Vivaldi ad blockers and FF miner Block, Also use rkhunter though it produces false positives.
And I do not ever download any file that I'm not sure of and then only from known sources. Most of security and malware come through human error not from be infected by others. But because the op lets it in. Be careful and alert and Linux is very safe.
I have noticed rkhunter can give false positives and i totally agree that most malware comes from human error! the human is probably the weakest point in modern security systems, its easy to see why malicious adversarys resort to social engineering
 
Once I was wondering if Mint is really a malware in the Linux Mint support forum, I posted something like ''what if Mint is really a malware?'' ...I was just wondering, I did not state it for sure... anyway I got instantly banned from the forum forever. Then I made a new account apologizing for what I have said and that account got banned too forever. I don't know why I think Mint is a malware, I have not enough technical knowledge just a feeling like a superstition
 
Last edited:
I only have firewalld installed on my desktop and laptop systems.
 
default iptables settings, Ublock Origin in all of the web browsers that I use.
 
Once I was wondering if Mint is really a malware in the Linux Mint support forum, I posted something like ''what if Mint is really a malware?'' ...I was just wondering, I did not state it for sure... anyway I got instantly banned from the forum forever. Then I made a new account apologizing for what I have said and that account got banned too forever. I don't know why I think Mint is a malware, I have not enough technical knowledge just a feeling like a superstition
Was it because you version of mint kept crashing??? did it have strange buggy things happening , like a strange horizontal pixel strip running through the bottom of the screen? did it sometimes freeze on you??

Its a shame they banned you even after you apologized.
 
Was it because you version of mint kept crashing??? did it have strange buggy things happening , like a strange horizontal pixel strip running through the bottom of the screen? did it sometimes freeze on you??

Its a shame they banned you even after you apologized.
Yes Mint didn't like my Laptops, never worked well but the big issue was that they have a slightly different version of the gnome disk utility (from what I have used to in Debian) that thing didn't work at all
 
Was it because you version of mint kept crashing??? did it have strange buggy things happening , like a strange horizontal pixel strip running through the bottom of the screen? did it sometimes freeze on you??

Its a shame they banned you even after you apologized.
I mean it could have been interpreted as a troll. But yeah sometimes people who manage big project can't distinguish genuine cry for help and passive-agressive critism. I mean cinnamon, the desktop environnement of mint, is their piece of software. It's their added value, the thing that makes them proud and rightfully so. So if you say "look my desktop is laggy is this malware?" you end up with a quick and swift ban.
 
I'd have answered with a resounding "No!"

Then I'd have locked the thread with the reason, "Rabble rousing. Nothing productive will come from this thread."

I'd have not banned the user.

If the user persisted, I'd have banned the user.

If the user then generated another account to bypass the ban, I'd have banned them immediately and taken other steps to prevent it from becoming a problem. It takes me 10 seconds to ban an account. It takes them a while to register a new account. As a moderator, I'd devote the time to it as well as letting other moderators (and administrators) know that we have a problem child.
 
Although, there was that time a few years ago, when hackers managed to break into Mint‘s website and uploaded a modified .iso file that contained malware.

And Mint quickly spotted the attack, patched their website, removed the dodgy files and restored their original .ISO’s.

But quite a few people downloaded and installed the dodgy version before the attack was noticed!

Ref:
 
default iptables settings, Ublock Origin in all of the web browsers that I use.
I'd have answered with a resounding "No!"

Then I'd have locked the thread with the reason, "Rabble rousing. Nothing productive will come from this thread."

I'd have not banned the user.

If the user persisted, I'd have banned the user.

If the user then generated another account to bypass the ban, I'd have banned them immediately and taken other steps to prevent it from becoming a problem. It takes me 10 seconds to ban an account. It takes them a while to register a new account. As a moderator, I'd devote the time to it as well as letting other moderators (and administrators) know that we have a problem child.
Although, there was that time a few years ago, when hackers managed to break into Mint‘s website and uploaded a modified .iso file that contained malware.

And Mint quickly spotted the attack, patched their website, removed the dodgy files and restored their original .ISO’s.

But quite a few people downloaded and installed the dodgy version before the attack was noticed!

Ref:
Man thats mind blowing
 
well, linux distros by default makes it impossible or harder to do certain things, and this is actually more security than i personally need.

One security measure that i have that's vital to me using computers is a document containing passwords, it's a protection against a security attack, which is all too common with user accounts.
 
well, linux distros by default makes it impossible or harder to do certain things, and this is actually more security than i personally need.

One security measure that i have that's vital to me using computers is a document containing passwords, it's a protection against a security attack, which is all too common with user accounts.
do you mean a physical document, where yu write your passwords on paper or do you mean a digital document where you store you passwords in say a digital format???
 


Top