For about two days now I'm looking for some ways to secure Linux environment as I have with Windows and I'm getting too damn frustrating about this, because I see threads(around i-net) with the same exactly issue(or kinda) I have and the answers are so fricking dumb - they are not even answers, because it doesn't answer the question. I'm also super upset, because it seems like there's no solution for what I'm looking for in Linux - even tho I refuse to believe in that.

So here I am, asking you the same thing in a hope I will get some reasonable answer/s and hopefully will eventually find one and switch to Linux at the end.

The question:
I'm getting super nervous if I don't have control of inbound/outbound traffic(of applications/anything else). By "control", I mean actually controlling it: be able to see the requested connection(ip, port, what application/something else is making a request) AND to actually make some decisions about it: temp block it, block it, temp allow it, allow it, etc.

What are my options? are there any?

If I am understanding you correctly, are you just wanting a firewall? If so, do a search for iptables, or, depending on your exact Linux distro, ufw (uncomplicated firewall).

If not, there are plenty of other security and network utilities for *nix systems. AIDE, ClamAV, OSSEC, fail2ban,Wireshark, etc. It would just depend on your needs.

3 members found this post helpful.

There are currently no easy solutions for an application-based firewall of the type you speak of (I've been looking for one myself for a while).

There are a couple of options but they are not easy to implement and are not yet solid enough as applications, in my experience anyway:

OpenSnitch (https://www.opensnitch.io/)

Douane (https://douaneapp.com/; https://www.dedoimedo.com/computers/...-firewall.html)

In saying that, making the logical leap from not being able to implement an easy application-based firewall to stating that "the Linux environment is less secure than Windows" is not correct in my opinion.

My short advice is: if having an application-based firewall of the type you are looking for is important to you and not having one will make you super upset, stick to Windows or macOS.

I don't know what distro you use but if it is Slackware just follow the guide.
https://docs.slackware.com/howtos:se...basic_security
I agree firewall setup can be complicated, I used the guide for the iptable but as the first reply said ufw is good and if you prefer using a gui then also install gui-ufw.
Oh according to this video a firewall may not be needed in Linux but is still recommended.
https://youtu.be/e_Xi8e_ZOlE

If you are looking for an application firewall, then the tool you are looking for is AppArmor. However, the UI is still for professionals, which are fewer and farther between these days. It lacks a point-and-click UI or front-end like GUFW for iptables. It's also a bit lacking in granularity in regards to networking. While at the file system level you can really lock it down to specific directories, network access is still either on or off. However, when you get down to it, in most cases that is adequate.

Just to build on what others have said and perhaps to add some context, the particular requirements you have may be may be more--er--difficult to meet easily in Linux, but as to the general question you started with, Linux is more secure out of the box than Windows and always has been. Linux was designed to Unix standards, and Unix was designed from the beginning as a multi-user OS for mainframes, and, in a multi-user environment, security was a concern from the git-go.

Windows was built on DOS, a single user system which, at its outset, did not envision networking or multiple users. In Windows world, security has always been a catch-up job.

Firewall capability (iptables) is built into the Linux kernel. Most Linux "firewall" programs are actually front-ends for configuring iptables. (The one I usually recommend is gufw.) In addition, in Linux, user cannot exercise administrative privileges; only root can do so. An invader who may gain access to user's home directory cannot access administrative privileges without gaining root access, and this requires entering a password, not just clicking an item in a dialog box.

In most distributions, you create a root password and use su to attain root privileges; in the *buntus, sudo is configured out-of-the-box, and the installing user is given privileges to perform administrative actions, but a password is still required to gain administrative privileges. (As an aside, I've not yet seen a convincing argument for the *buntus' sudo fetish, but that's just me.) Note that some distros activate a firewall on install and some do not.

So yes, meeting the precise desires you enumerated may be more complex on Linux than on Windows, but security in general is better on Linux than on Windows.

To expand on TurboCapitalist's recommendation regarding AppArmor, it's not uncommon for truly basic functions on Linux to be best approached from the command line. In the *nixes, the desktop environment is not part of the operating system, but rather floats on top of it, in a manner of speaking.

There are many desktop environments/window managers available, and some provide more GUI functionality than others. But the command line is the command line is the command line, regardless of the graphical environment and regardless of the distro.

1 members found this post helpful.

That's because, out of the box, the *buntus have seriously misconfigured sudo. They seem to be both badly misusing and underutilizing its capabilities. However, sudo configuration is not something you just stumble upon, most people have to be taught the idea behind it. It's obvious once you know it but the initial though might not occur to people.

(Grin) They are certainly using it for a purpose for which it was never intended!

If I run a *buntu (other than in a VM for playing with purposes), the first thing I do is enable root. But, I must say, as much as I like Mint (AKA, "Ubuntu done right"), I haven't run a *buntu for quite some time. I think I'll stick with Debian on that branch of the Linux tree.

Well, you could use SELinux to block network access for application X and Y to start off with. Not easy no (selinux).

I think there must be some optimal way to combine selinux with some networking tools to restrict network access to "only allow if..." then xyz.

Actually, theoretically, doesn't that make it far more dangerous if a hostile user is able to crack the user account? A lot more damage can be done with the user account than in a non-sudo setup. Or am I wrong?

Just pondering on the theoreticals..

If that is the case, any system with sudo is far more vulnerable to social engineering and weak password setups, no?

No. Only systems with badly misconfigured sudoers files (like the *buntus have) are more vulnerable. If you would like to read more, see the sudo rant in my LQ blog which I link to again here. Or see M W Lucas' presentation "sudo: You're Doing It Wrong", you'll find both slides and a video with a quick search. Watching it, even though it is long, will clear up about any question you could reasonably come up with regarding sudoers, such as the "theoretical" one posted just now.

See also

Edit: I'd be far more worried about polkit's pkexec which is a lot less polished and comes from a dodgy group.

Well. IF someone manage to take over a user account on a sudo system, they can do alot more than if they take over a user account on a non sudo system. Sudo gives the "user" the right to do many admin tasks that a normal user on a non-sudo system just cannot do.

So, how does taking over a user account with sudo, prevent the "hostile" from using all those admin functions that the user account can use?

No it does not do that automatically. It does that only if it has been (mis-)configured to do so. It is quite easy to apply privileges safely via sudoers. Your worries have nothing to do with sudo per se and more about misconfiguration of permissions. Polkit is less granular and harder to configure and thus more dangerous, IMHO, but is less visible and thus flies in under the radar. Your concerns are more applicable to polkit's pkexec. However, please read up on what sudo is and how it works or at least listed the M W Lucas' presentation. Some background information is needed before informed questions can be posed.

Well, in a way you are right. If you manually implement sudo it does not have to be unsafe and can add safe convenience. But since you mention misconfiguration, you have to admit that probably 90% of sudo users are *buntu users, and thus 90% of all sudo setups are grossly misconfigured and unsafe.

So yeah, I can imagine a way that I personally could implement sudo in a useful and safe way, so perhaps you want me to not blame sudo in and of itself?

That is the point of my blog post... So I do not admit it, I proclaim it and want it fixed. So no the fault is not sudo itself, it is the distros which provide misconfigured defaults for it.

It is still possible, however unlikely, for individuals to fix the broken defaults. Far better would have been for the distros to fix the broken defaults themselves before shipping. Probably won't happen even for Ubuntu 20.04

And againk if you are worried about the misconfigured defaults for sudo, take a look at polkit and pkexec
Edit: for clarity: pkexec is even worse.

1 members found this post helpful.