Any good security programs for linux ?
 

Does anyone know of any good security programs for linux like there are for windows ? Something that locks-hides files & folders so they can`t be edited or moved deleted ? Any that restricts access to certain features like start menu,control panel,registry and others, Folder Lock as a example.

A standard Linux system will generally not allow a normal user (non-root, non-administrator) to write to any location the /home/user directory but will allow reading to many locations. If a user can't write to a directory, s/he cannot edit anything. Not sure what you want to limit in the Menu but the Control Panel used to configure various settings on the computer should require root privileges. There is no 'registry' in Linux, not sure what would be comparable but I'm sure someone else will post.

There are two frameworks that make background services more secure, AppArmor and SELinux. They are installed and configured by default on several distros. Their working principle is containment of attacks: When a service, for example web server, is compromised, an attacker that has gained root privilege can only cause damage to the files that belong to that service, and not to the system at large.

SELinux can tighten security even more by implementing its Multi-Level Security policy, which can make your system get clearance from the CIA and other spy organizations. May be overkill for you, but only the paranoid survive.

Some distros configure a strict firewall that only opens the ssh port by default. It is not too hard to set up such a firewall on a more permissive system.

Linux includes a command, chattr, that allow you to "lock down" a file, so that even root can't modify it. However, root can use chattr to unlock the file.

Funny SELinux or Security Enhanced Linux was developed by the NSA way back when in the 2000`s sometime i don`t remember exactly, but are you trying we can actually trust anything the Gov. or the NSA,FBI or the rest of them say ? I would not trust any thing by them no matter what it is or what they say.

It's open-source. You have to have a high degree of paranoia if you think that everybody competent enough to understand the source code is part of the conspiracy.

Didn`t say it was or was not a conspiracy, just that i would not trust any of them-might be open source but was still developed by the NSA sometime in the 2000`s i do not trust any Gov. rep elected or otherwise & won`t change in the future. I do study history and go by what the facts are so i`m not going to trust them at all no matter what they say-it`s what they do that count`s.

Distrust of governments, people in power and secret services is healthy. My point is that this is not relevant. The software is open-source and has been since 10-15 years; if it contains anything nefarious, it would have been detected by now.

As berndbausch points out the likelyhood of it being a trojan is much less (but perhaps still non-zero) with many eyes reviewing the code.

On the other hand, you still trust those same actors, and more, to have not successfully compromised the kernel code (we know they have tried), and pretty much every other application you depend on... have you actually verified them all?

At some point you have to decide whether and what to expose, and use your best judgment rather than rely on actual trust.

Yes. If you don't trust SELinux, why do you trust Linux?

Perhaps you should look into OpenBSD. As far as I know, it's the most secure free operating system.

As others have pointed out, by default, security is built into Linux out of the box. Linux was built to Unix standards, and, as Unix was a multi-user system from the get-go, security was always a concern.

The basic element of security with Linux are the same as with any other OS: a good firewall. Firewall capability is built into the Linux kernel--it's called iptables. Linux firewall "programs" are usually frontends for configuring iptables.

Viruses are not a major concern, as most viruses target more popular operating systems, but that doesn't mean you should ignore them. There are AV programs for Linux.

The biggest weakness in Linux is the same as with any other OS: The person sitting behind the keyboard: don't go to dodgy websites, don't click on questionable links, don't get phished. All the security software in the world can't protect against stupid.

You may find this a good reference: https://www.linuxtopia.org/LinuxSecurity/index.html

Lock: baked right into Linux filesystems. makes it read only, and readable only by the owner.
Just one of a million examples, read So that's not even touching on SELinux.

Hide: various trivial solutions exist. I use encfs for my porn collection.

Not necessarily. On the basis of "nefarious, implanted back doors", you may have a point, but in terms of vulnerabilities which have been discovered and not disclosed it's a different matter altogether - but the same can be said for any "open source" software. The Linux kernel is a very large and bloated code base, so it's not a given that the fabled "eyeballs" have audited ever single line.

I think OpenSSL taught developers and users, quite a lot with respect to "open source" code, in that problems can still lie hidden for years, if the code is not being continually re-examined, reevaluated and developed.

"chattr" can make files immutable, so they can't be edited or deleted.

I can agree to that-But i still don`t trust them ot it.

What`s this encfs about / Can you explain it ?