Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I was thinking what is the best way to secure my Arch install, but many tutorials devirge from the others, which makes decision making a hard thing.
Right now I don't have a firewall configured, but I intend to do so. I visit a lot of websites that might want to harm my install, and I have a "nerdy" friend who claims all he needs to invade my install is my IP adress, which I hardly doubt he can.
I intend to use ufw with DENY to all incoming. I tested it and everything I have (Steam, for instance) worked just fine. But I read ufw is not that good and that I need more tweaking in order to be completely protected.
So, what do I do? What programs to use? How to properly lock down my install to the point where only Linus or a very acknowledged programmer might be able to invade Linux installs just by getting your IP when you visit their pages?
By lock you mean not letting anybody use your computer? That can be achieve by a screensaver+password feature for example, or to put a password to access the BIOS and or computer.
Now when it comes to security we do block the remote access to it by installing a firewall, it is a good thing that everyone should have to have a minimum protection, here in this link you can find valuable information about all that.
With physical access to your computer, there's no way you can lock things down. The best you can do is encrypt your data so that crooks short of the NSA won't be able to read it even if they can access it.
Ignoring the physical access method to breech all your security, about the only way to be truly secure is to disconnect from any and all networks. But that is impractical for 99.99% of computer users. You will be more secure with an external, dedicated, hardware, physical firewall device than you will be with firewall software running on the box you are trying to protect. That's expensive and overkill for 99.99% of computer users.
So to be somewhat practical (for home users), I would say put yourself behind a good quality NAT router (helps a little, but not for the really bad guys), shutdown all services on your box except SSH, keep SSH updated and configured securely, and configure it to only allow pubkey authentication (no password authentication allowed). Configure it to only allow one user - YOU - to have access. Only allow a bare minimum number of userids on your system, and make them "no password" so you can't login to them. For the ones that have to be logged in to, enforce very strong passwords. If you must run network services, run them only on the localhost interface and access them from the outside by tunnelling in over SSH. Encrypt all your user data. Be diligent about backups - do them frequently, automated (with verification), and store the backups (encrypted) off-site. Have multiple layers of backups so you never have to depend on the most recent one as your only one.
It depends on whether you are talking about physical or internet security. Physical security is quite easy: all that you have to do is encrypt your hard drive and give your cmos a password, and also use a cmos password for access to your computer.
As far as security on the internet goes, a good firewall is just about the best you can do, as the other posters have said.
ukiuki, I was talking about online security with Linux
Thanks for the link. I'll give it a read.
haertig, thanks. I already encrypt my drive with twofish-xts-plain64 and 64-bit (random characters) password. I also keep backups of my MBR and /boot partition.
Could you point me to how to do what you said?
Nbiser, what are good firewalls and how to configure them properly? (Don't need to explain the whole thing, just point me to the right directions). I use ufw with 'deny all incoming'. How better than that can I get?
I'm not sure if using two firewalls would increase security, so personally I wouldn't. Unless I studied how both behaved and did some penetration tests so see if any breach is present.
I'm starting to consider using iptables, with no GUI. But if 'ufw + deny all' is enough then I'm going with that.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.