Hardening Linux
 

I've downloaded Linux Mint and have installed in on my hard drive. Am I ready to start using it to perform some confidential work (eg banking, email, etc), or is there something else I need to do to harden the OS. I am running under a guest account instead of the admin account.

With Windows, I'd install the OS, install security patches, enable firewall/AV etc.

Thank you

Well, I have doubts about the safety of online banking anyway, whichever OS you use (that is to say, some financial institutions are unsafe whatever OS you use, although how you find out how safe or unsafe a particular one is is another matter) and if you are using wireless, for example, there are problems that you could have added that no operating system can overcome.

So, you are not running as root...that is good. If you mean that you are running with a user name of guest with an easily-guessed password like guest, that would be rather bad, particularly for the security of your confidential information.

You really ought to have an account with a personalised username and a non-dictionary-word as a password string (and 'password1' would be nearly as bad).

OK, so update everything. Go into the package manger and update, that has done the equivalent of getting security patches AND performed a lot of other updates to applications.

You don't say anything about how you connect to the internet (or whether you use wireless and whether there are other risks local to your connection) so it is difficult to be specific, but there is a firewall. the firewall is iptables, which is really a firewall programming language.

You can choose to learn that, or use a graphical front end (choice of many, check the package manager). I found it easy enough to learn iptables, but most people think that this is an eccentric approach.

In practice, there is no need for AV provided that you are sensible and aren't downloading files for Windows. But you might want AV anyway, so use the package manager to find out what is available for your platform. But bear in mind that most threats aren't technically viruses, so Av doesn't protect you against, eg, phishing etc.

Hi,

Welcome to LQ!

LQ Security would be one link to look at in the Security section of 'Slackware-Links'.

You can encrypt a partition or a USB drive to protect its contents. Ubuntu's Disk Utility supports encryption, but you need to install cryptsetup. Encrypting a drive doesn't slow the performance as I had initially thought.

This article might be helpful: http://www.fsckin.com/tag/cryptsetup/

@onebuck, Thank you, this is a great read, I will go through it, but a quick scan today does show me that some of the material in this document is beyond the scope of my knowledge.

@salasi - I don't use wireless, trusting a wired connection much more for my work. I am also running under a non root account with a unique username/password.

With package manager, should I update just the level 1 updates or do I do all the updates (level 1-3)?

Hi,

Baby steps!

Read for understanding and if there's something you don't understand then post a query. <Linux> - Google Search or even Search LQ with proper keywords.

:hattip: