Somebody's security guide (a link):

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
12,658
Reaction score
11,607
Credits
104,309


Yeah, some of it is okay. Some of it is really not that valuable. The stuff about SSH and jails, for example, aren't too bad.
 
If you are running Debian/Ubuntu give debsecan a try. Along with debsums.
 
If I were in a business environment, I'd be giving that USBGuard a try, though I'd probably still rely on physical locks.
 
Yeah, some of it is okay. Some of it is really not that valuable. The stuff about SSH and jails, for example, aren't too bad.
As @craigevil already said most of what is mentioned in that guide seems like waste of time. fail2ban I only run on systems running 247 so usually no not on desktops. As for changing the default ssh port, I only give access to my ssh port for specific ip addresses doing firewall whitelisting. Firejail sounds interesting and fun but seems to much like a PITA for daily use, although I have to admit I never tried it. Currently playing around with podman en containers on my homeserver and that is already a PITA because it's a different way of doing things.
 
Firejail sounds interesting and fun but seems to much like a PITA for daily use, although I have to admit I never tried it.

I'm a bit surprised by that. I've set up shortcuts to run browsers in a jail, for example. Once you do the work once, you don't have to replicate it.
 

All you need to do once you have it installed is changed the command in the menu or desktop file for the apps you want to firejail.
See the examples on the above page.
 
Next time I am bored or have some time off I will have a look at Firejaill, that way I will at least know what I'm talking about with some actual Firejail experience ;)
 
For the longest time, I ran my default browser in a jail automatically. I did the same with other software that connected to the 'net, such as my IRC client. If I picked up potentially sketchy software, I'd run that in a jail as well.

I haven't bothered setting it up on all three of the devices I use most frequently. It is installed on one box that I use exclusively for testing things. I've been a bit negligent with the other two as those are recent upgrades to Lubuntu 20.04 and that meant clean installs.
 

Members online


Latest posts

Top