I use keepassxc and although I’m unlikely to ever install it any other way than through my distro’s package manager without 3rd party repos, this is good to know and hits a personal note.
Fuck all nefarious hackes and scammers. I just re-installed my server and installed crowdsec on it not 24h hours ago, and already got 20 000 bans. Twenty thousand! It’s getting worse and worse and worse and worse.
i’m brand new to linux after decades of windows. is there a comprehensive resource that talks about security on linux beyond just “linux is super secure don’t worry about it”? i feel like the more people continue to ditch windows, the more scammers are going to focus their energy on linux, and i know next to nothing
I don’t know of any comprehensive source but there are a few basic things you that I do.
Ensure sudo is on the system so that root account is not used.
Get a secure browser that with add ons to protect against malicious sites (https everywhere, JavaScript blockers, etc…)
Download software from trusted repositories and verify with GPG keys or hashes. Be wary on installing anything using a shell script with super user access.
Use keys instead of passwords for ssh if you are going to use ssh.
Password tools like Vaultwarden and KeePass can help secure passwords.
You can encrypt your hard drive with LUKS before you install Linux with many distros.
Flatpak (Docker as well) can allow you to run applications with limited access to your system much like phone apps on Android. This can be more secure but comes with larger app sizes and limits what you can do with the app sometimes (e.g. browsers not being able to upload files because they don’t have full filesystem access)
If you want a firewall on your workstation (not needed much anymore with hardware firewalls from routers), UFW makes it easy
If you want to check for viruses use ClamAV (ClamTK for a GUI app).
Install from the repositories, if it isn’t in your “app store” or installed using apt or yum or whatever your distro package manager is, don’t bother with it until you’re more familiar with Linux.
Your system is 99%+ of the time going to be secure as long as you don’t install something sketch. You need to install it, it won’t just happen on it’s own, things can be hidden behind copy paste instructions so be sure you have a good idea of what each step does if you’re doing that (I’ve never come across this in the wild, FYI). The other small percentage is a bug or something in packages (see the xz debacle) which you have little control over. The best thing you can do is just keep packages up to date.
That’s a lot of advanced shit, which can totally bork a system.
What average user paths can we take program wise or etc?
Like a Linux mint user for instance who’s first stop is diving into a Linux distro of their choice and wanting to gain 80 percent of the gains with 20 percent of the hassle and maintenance.
Basic internet precautions: if you’re looking at a GitHub for a famous piece of software that has only 250 total downloads: double check the Url, read any commands before you run them and compare to documentation if you’re unfamiliar with a piece of one, if you run something in docker or similar containerization for any reason make sure you set the PUID and GUID of the containers to a user other than root or they’ll be root by default
I get that. Which is why anti virus and things are kind of common sense is what everyone usually says. Watch what you do and click etc. But your reply did not really address my question. What’s the average Joe version of the link you posted, as it was for advanced users.
Thank you for your service.
I use keepassxc and although I’m unlikely to ever install it any other way than through my distro’s package manager without 3rd party repos, this is good to know and hits a personal note.
Fuck all nefarious hackes and scammers. I just re-installed my server and installed crowdsec on it not 24h hours ago, and already got 20 000 bans. Twenty thousand! It’s getting worse and worse and worse and worse.
i’m brand new to linux after decades of windows. is there a comprehensive resource that talks about security on linux beyond just “linux is super secure don’t worry about it”? i feel like the more people continue to ditch windows, the more scammers are going to focus their energy on linux, and i know next to nothing
edit: thank you for all the responses
I don’t know of any comprehensive source but there are a few basic things you that I do.
Sorry, I missed this in my first reply.
It is true.
A few simple rules:
Unless you have some extraordinary usage scenarios, that’s it really.
I’ve used Linux for 15+ years.
Install from the repositories, if it isn’t in your “app store” or installed using apt or yum or whatever your distro package manager is, don’t bother with it until you’re more familiar with Linux.
Your system is 99%+ of the time going to be secure as long as you don’t install something sketch. You need to install it, it won’t just happen on it’s own, things can be hidden behind copy paste instructions so be sure you have a good idea of what each step does if you’re doing that (I’ve never come across this in the wild, FYI). The other small percentage is a bug or something in packages (see the xz debacle) which you have little control over. The best thing you can do is just keep packages up to date.
https://wiki.archlinux.org/title/Security
Applicable to most Linux distros.
That’s a lot of advanced shit, which can totally bork a system. What average user paths can we take program wise or etc?
Like a Linux mint user for instance who’s first stop is diving into a Linux distro of their choice and wanting to gain 80 percent of the gains with 20 percent of the hassle and maintenance.
Basic internet precautions: if you’re looking at a GitHub for a famous piece of software that has only 250 total downloads: double check the Url, read any commands before you run them and compare to documentation if you’re unfamiliar with a piece of one, if you run something in docker or similar containerization for any reason make sure you set the PUID and GUID of the containers to a user other than root or they’ll be root by default
I get that. Which is why anti virus and things are kind of common sense is what everyone usually says. Watch what you do and click etc. But your reply did not really address my question. What’s the average Joe version of the link you posted, as it was for advanced users.
First of all there isn’t One Linux.
In simple terms for an end user, yes, you are definitely better off with any of the major distros.
Non-commerciality is probably the most important aspect. Or as someone put it a long time ago: “Suddenly I realized that the software is on my side.”
Please nobody wheel out the Swiss cheese analogy or I’ll shit myself.
Lactose intolerance is rough.