Linux security

apparmor, iptables/iftables, fail2ban...

ut has a brief checklist, or you can get the full thing from CIS
security.utexas.edu/content/operating-system-hardening-checklists

disconnect it from the internet

secure against what, specifically?

meant nftables not iptables.

kek

>fail2ban
is this needed on a desktop running linux that doesn't use SSH?

no lol

how does a linux desktop even get hacked remotely? some vulnerability in an outdated program to which hackers exploit? afaik all ports are closed after a fresh install, so how does it happen?

and a question i've gotten mixed replies on before:
what's safer -- installing linux without internet then turning on its firewall and go online and dl updates,
or the other way around, installing w/ internet and updating during the install? whats the difference if there is one?

bump

anyone?

Nearly any up to date Linux or BSD distro without systemd will generally be safe enough for day to day use, and will surpass even enterprise security standards. Not exactly a high bar there since companies use shit like Windows and RHEL. But the key is staying up to date. Hardened Gentoo is good for desktop use if you aren't retarded. I also recommend Tiny Core due to the incredibly small code base.

If you wanted to really turn your tinfoil levels up to 11, you'd use a microkernel RTOS like GHS Integrity that gets used in the consoles and control systems of tanks and fighter jets. These systems are highly secure, stable, and incredibly specialized. They're designed to be portable, self-healing, and never go offline. They are the best that humanity has to offer in terms of advanced operating system technologies, and most are not even available to the public.

Attached: 1523587924223.jpg (599x522, 297K)

Install openbsd.

Linux is a kernel.

>how does a linux desktop even get hacked remotely?
Intel ME.

There are Linux distributions that do not include any GNU utilities. Linux is an operating system unto itself.

Reminder that systemd is free software™.

No it isn't. It's a giant ball of over a million lines of spaghetti code with insane defaults that can't be reasonably audited in a lifetime. There's nothing free about that, retard.

Install Common Sense (tm) 2018 edition.

These may be true. But it is in fact free software,

(You)
Oh my God, you know the difference between an operating system and a kernel! Have a (You).

>it's not free software if i don't like it

Attached: 1508972000997.jpg (1218x1015, 212K)

>Mail me at "[email protected]" if you have any questions.

>Sadly, a kernel by itself gets you nowhere. To get a working system you
>need a shell, compilers, a library etc. These are separate parts and may
>be under a stricter (or even looser) copyright. Most of the tools used
>with linux are GNU software and are under the GNU copyleft. These tools
>aren't in the distribution - ask me (or GNU) for more info.
>Linus, ftp.funet.fi/pub/linux/historical/kernel/old-versions/RELNOTES-0.01

No, faggots. It's not free software. The GPL exists in part to make sure that the user can view the source code and modify it as they please. When you bloat the software to a million fucking lines of code, it becomes an unreadable blackbox that might as well be closed source. There is nothing open or free about systemd, and nothing secure either with an attack surface that large.

>op·er·at·ing sys·tem
>noun
>noun: operating system; plural noun: operating systems
>the software that supports a computer's basic functions, such as scheduling tasks, executing applications, and controlling peripherals.
The kernel doesn't handle scheduling, applications, and device drivers?

Attached: 1512867116881.png (866x900, 94K)

>The GPL exists in part to make sure that the user can view the source code and modify it as they please.
That's literally enough to make it free software. Again, this is you:
>it's not free software if i don't like it

Since you like behaving like a pseudointellectual redditor by citing dictionary definitions and spouting memes without any substance, I'll play your game and cite you the four basic freedoms™ of software, directly from the FSF:
>The freedom to run the program as you wish, for any purpose (freedom 0).
systemd fulfills it.
>The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
As large as it is, you can technically do it, you yourself admitted it in your post.
>The freedom to redistribute copies so you can help others (freedom 2).
Again, systemd allows this.
>The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
And again, systemd allows this.
It respects the four essential software freedoms. It is licensed under a free software license. This is enough to fully qualify it as free software, whether you like it or not.

Now, if you want to discuss it from a technical point of view, that's another story. But systemd's issues are technical, not ethical. You can't twist definitions as you please, that makes you literally look like pic related.

Attached: 1494249767401.png (406x438, 46K)

The Linux operative system.

>When you bloat the software to a million fucking lines of code, it becomes an unreadable blackbox
Fucking THIS.

If you want real security, you should encrypt your entire Hard drive and use a good alphanumeric password 10-20 characters. BUT, if you're installing it on an older PC, check to see if your PC is new enough to support it. Otherwise it will be laggy as fuck. If you can't go that route, still fully encrypt your home folder with a big password. Beyond that, get a firewall and just use common sense. Stay away from shitty sites, don't fall for email scams. The basic stuff. Do that and you should be fine.

>>it's not free software if i don't like it
Practicality > Legalism

You're falling into the trap of legalism here. Besides, how are you going to prove that systemd is completely FOSS code? Will you do audit the whole thing to prove it? No, you won't. It could be using leaked Microsoft NT source code for all you know. Prove me wrong.

You're like one of those macfaggots who calls OS X UNIX because of the POSIX certification when it's not even POSIX compliant the name of the kernel is an acronym that means "X is Not UNIX". This is literally the same level of ignorant drivel. "B-b-but muh papaerz!" I'll wipe my ass with your licensing and certs, bitch. They're worthless when debating the underlying technologies.

Attached: finally smart.png (932x944, 241K)

look up into lynis. Install the software and its going to do a security audit. Fix the problems ur getting. It's aimed at server security, so if you're using a desktop, you might not need some of the features

install openbsd

Hardware exploits and zero days. Intel ME is a good example, and if you belive that the NSA backdoors hardware, then you can consider your machien compromised if it has a wifi card or speakers/mic since it is possible to communicate in weird ways with those.

Remove any I/O apart from keyboard, mouse and monitor and you should be safe, even on windows.

Linux is insecure use OpenBSD if you don't want botnet.

Attached: 1521081838066.jpg (954x711, 97K)

>The GPL exists in part to make sure that the user can view the source code and modify it as they please.
But the user can, as a matter of fact, do this with systemd. Just because (You) can't figure it out doesn't mean that the source code isn't readily available for people to read and modify as they please.

OpenBSD is too insecure for bluetooth.

>It could be using leaked Microsoft NT source code for all you know. Prove me wrong.
The burden of proof is on your side.

Disconnect from internet. Work in farraday cage.
But srsly - there is no security

GRSecurity kernel patches (hardened-sources on Gentoo)
PaX
Kill services you don't absolutely need
SELinux
Decent firewall (pf)

gentoo hardened sources died in september after they made all versions pay only.

Fuck. Oh well, just use all the userspace hardening until a company that aren't full blown cunts takes their place

github.com/copperhead/linux-hardened is what distros are using now.

In that case, I'm going to start my migration from Alpine back to Gentoo

Learn iptables and study other peoples scripts. Like: github.com/endwall2/endware/blob/master/endwall.sh

Sandbox applications, firejail is cool.

github.com/endwall2/endware has a not of nice scripts you can study and edit/use.
Check out endchan(dot)xyz/os/ that's where the dev of these scripts usually hangs out. Helpful dude.

You might be the dumbest motherfucker on the planet.

>Practicality > Legalism
>You're falling into the trap of legalism here.
Nice way to say nothing at all, and the funny thing is that you believe it means anything just because you used cute words.

>Besides, how are you going to prove that systemd is completely FOSS code? Will you do audit the whole thing to prove it? No, you won't. It could be using leaked Microsoft NT source code for all you know. Prove me wrong.
As another user said, the burden of proof is on you. Thhe code is available, check for yourself. Have you yourself audited the whole Linux kernel?

>You're like one of those macfaggots who calls OS X UNIX because of the POSIX certification when it's not even POSIX compliant the name of the kernel is an acronym that means "X is Not UNIX". This is literally the same level of ignorant drivel. "B-b-but muh papaerz!" I'll wipe my ass with your licensing and certs, bitch. They're worthless when debating the underlying technologies.
I don't get how this is relevant or even related. OS X is not Unix, and neither is Gahnoo/Linux, since you clearly don't even know what GNU stands for, despite hinting at it in your sperging. And no, GNU is not a kernel, you are forcing me to state the obvious since you seem unable to comprehend it.
Also, "licensing and certs" matter outside of your basement.

systemd is free software. This is an undeniable fact, which won't change no matter how you twist the definition to fit your hurt feelings. If you want to discuss systemd from a T E C H N I C A L point of view then I'm all ears, but saying it's not free software just because you don't like it, when it undeniably is, is just plain retardation.

You can either keep living in your fantasy world where all FOSS is good and pure and all evil software is proprietary or you can wake up and accept that there are exceptions to every rule.