|
I run Slackware 13.1 with GNOME 2.30.0 so I do a Slackware full-installation with GNOME.
To harden this I do the following for a laptop: 1. Completely encrypt the hard drive with LUKS. 2. Use a good password for root user and regular user. 3. Disable unneeded services. Use the command "netstat -lundt" to see which services are running. Then use "cat /etc/services | grep <service_number> to see what this port is used for. Then, either remove the executable bit from the startup script in /etc/rc.d/rc.<service> or comment-out the unneeded services in /etc/inetd.conf 4. Install the FireHOL application from SlackBuilds.org. It lets you configure a firewall using plain English. 5. For the more paranoid, you can password-protect lilo so boot parameters cannot be changed and it will only boot Slackware. Also you can disable booting from a CD-ROM/USB in the BIOS and add a BIOS password so no one can boot using a Live-CD. 6. Check the Slackware website and keep up with patches so your system is up-to-date. 7. I harden Firefox with a) Better Privacy (Flash Cookies) b) No Script (Browser Scripting) c) Ad-Block Plus (Popup Blocker) |
Arniekat,
Thanks for the excellent response! I'll especially need to check out FireHOL. Regards, |
I beat the crap out of my systems and I can't see any slow down in my laptop when I use LUKS, AES 256, and LVM as specified in the Slackware distribution docs.
I stayed away from disk encryption for a long time because I am always trying to eek out as much performance as possible. I use Fluxbox for my Window Manager, KDE is a pig. This is a 2.2 GHz dual Core Intel Centrino with 4 Gigabytes of RAM. It's a decent system but there is seriously no performance difference as far as I can tell. Things have been rock solid and reliable. Suspend works as well. I should have encrypted it a long time ago. The speed difference was the boogy man. I can't see that it exists. The benefits of data safety are obvious. I wish I had tried this sooner. I would have slept better when traveling with this thing. AES appears to be "Good Enough" for Top Secret government stuff, so I guess I'll live with it ;-) Top Secret requires AES 192 or something. |
All times are GMT -5. The time now is 11:34 PM. |