Thread replies: 56
Thread images: 11
Thread images: 11
File: penguin shill.png (569KB, 2000x2357px) Image search:
[Google]
569KB, 2000x2357px
What is the best way to secure your Linux-based system?
Is an anti virus really needed for an extra layer of security?
Is it worth installing SELINUX?
>>
File: 4e83b9aa1ac06b35f3c5a00c96944de7445b7677d4b1a8a130b1ac7157906e9a.png (191KB, 438x403px) Image search:
[Google]
191KB, 438x403px
>>59307211
Use a distro that doesn't have systemd as the init system. It was designed by a social justice warrior faggot that works for RedHat, a company with known links to the intelligence community. It runs at PID 1 and has its tendrils in everything, creating a wide attack surface. It was pushed on the Linux community virtually overnight despite massive outcry from the Linux community. It's basically an NSA/CIA backdoor built into Linux.
Don't use SELinux, the original author was the NSA and it adds a backdoor to the Linux kernel. Use AppArmor instead.
>>
>>59307286
Which distro would you recommend? I'm looking for something that would be great for software development (C programming and Android development).
>>
>>59307286
Please provide source of your claims by pointing it in the sourcecode of systemd.
>>
don't connect to the internet ever
>>
>>59307329
Devuan is basically Debian 8 Jessie without the systemd backdoor. It's fine for C programming and Android development. You can also get installations of Arch and Manjaro working without systemd if you're more of an Arch guy.
http://systemd-free.org/
http://without-systemd.org/wiki/index.php/Main_Page
>>
>>59307286
0 to full retard in 7.01 seconds.
Impressive.
>>
>>59307286
>Use a distro that doesn't have systemd as the init system
This. Use OpenRC instead. It's made by the awesome Gentoo team!
>Don't use SELinux, the original author was the NSA and it adds a backdoor to the Linux kernel. Use AppArmor instead.
Yeah, go with AppArmor, even ignoring the fact that SELinux was created by NSA, it's a fucking pain writing rules for it compared to AppArmor. Firejail is also worth looking into.
>Which distro would you recommend? I'm looking for something that would be great for software development (C programming and Android development).
Unironically Gentoo.
>>59307368
binary logs = botnet
>>
There's antivirus software for linux such as clamav, but it's purpose is for scanning file or mail servers to protect windows clients.
>>
File: gentoo.png (210KB, 534x259px) Image search:
[Google]
210KB, 534x259px
>>59307421
Source code, not a meme about a feature.
>>
>>59307329
>looking for something that would be great for software development (C programming and Android development)
That would be a Mac. Despite the brand hating and the memes, it's a fact that most developers use Macs. Second after that comes Windows, because frameworks and because it makes sense to develop software in the same OS it's meant to run. GNU/Linux as a developer OS is basically a meme because it has no advantages over doing it in Windows; some people claim that you can have better GUIs that allow you to make it cleaner/whatever, but they conveniently ignore that Windows has all the frameworks that allow you to make it more efficiently, and more important, everything works great out of the box.
>>
File: 3a781d22db098994a74622cebabc3efc211dab2d69fe55212ad2138e5b15e0c6.png (38KB, 499x338px) Image search:
[Google]
38KB, 499x338px
>>59307488
Anon didn't asked for shitty advertizing.
>>
File: Untitled.png (39KB, 716x279px) Image search:
[Google]
39KB, 716x279px
>>59307529
It is not. I have been running GNU/Linux as my main OS almost since the adoption of the kernel by the GNU, for 23 years now. GNU/Linux is pretty good but it's nowhere near mature as a desktop OS. The only reason to use it is because you like it, there are really no advantages. On a related note, I can understand why most people here have such a twisted fanatical view on it from the way they use it: most of them like to "rice" it and do ridiculous pointless stuff. I have never even changed a wallpaper ever, but I actually use GNU/Linux computer to do some office work and server stuff; believe whomever you want, I'm just telling the truth because I'm not fanatically invested.
>>
>>59307610
>The only reason to use it is because you like it, there are really no advantages.
Being free isn't an advantage?
>>
File: 512501530-republican-presidential-candidate-donald-trump-speaks.jpg.CROP.promo-xlarge2.jpg (59KB, 1180x842px) Image search:
[Google]
59KB, 1180x842px
>>59307286
>>59307393
>>59307421
DONT listen to these faggots
They want to trick you into installing obsolete/legacy software. They are just retards.
Install Ubuntu or fedora
I think Fedora has selinux preinstalled but you don't need it anyway
Just install Ubuntu or Fedora and continue being a nonretard
>>
>>59307635
>Being free isn't an advantage?
Free as in beer, of course; that's the reason why it's the main OS for servers. Free as in freedom? Of course not; you can do the same work on Windows on Mac and even in a much more efficient way.
>>
File: f7a6e1ea646cc19f0a70d9507fe9d016e16032ea7cf89347c997d36112c70232.jpg (103KB, 800x884px) Image search:
[Google]
103KB, 800x884px
>>59307645
DON'T listen to this faggot, he's a CIA shill who wants you to install backdoors.
>>
>>59307645
just because it is install does not mean it is properly configured on top of that SElinux defaults to promiscuous mode but even if it is not perfect to start off with i still use it.
it helps to run a hardened kernel with canaries. also learning to configure SElinux will teach a massive about about linux in general
>>
>>59307753
>just because it is install does not mean it is properly configured
This. Many distros provide their default kernels ready for it, but it isn't even turned on by default. The only one I've used that doesn't is Ubuntu, and probably the more pleb distros don't do either.
>>
>>59307610
>The only reason to use it is because you like it
To be independent from proprietary cuckmakers and use a system the way you like which this way only possible on Linux.
Deal with it.
>>
>>59307374
This is certainly the most fool proof security measure. If you encase the pc in concrete and hide it somewhere you'll never have t worry about it.
>>
>>59307610
>The only reason to use it is because you like it
You make it sound like this would be next to irrelevant when it's actually a really good reason to use an OS.
>>
>>59307211
You are asking the wrong questions.
>>
>>59307211
The best way of securing any system js making it air tight and not connecting to the internet. Or atleast use a router/hardware firewall.
Also use whole disk encryption with portable/exterbal bootloader boot loader so even if your shit gets stolen nsa/cia most likely will not be able to decrypt it
>>
>>59307463
No, ClamAV is a stand alone malware scanner as well. In addition to Linux threats it scans for other OS malware as well which makes it well suited for mail servers.
>>
Daily reminder that 99% of distros have firewall disabled by default.
>>
>>59308847
And?
>>
File: 1477462203465.png (12KB, 370x101px) Image search:
[Google]
12KB, 370x101px
>>59307211
I'd just like to interject for a moment. What you're referring to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called "Linux", and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called "Linux" distributions are really distributions of GNU/Linux.
>>
>>59307211
Install Gentoo, is not a meme.
>>
>>59307211
Buy RHEL. It is literally in cahoots with the government to prevent any spying.
>>
>>59308847
>>59308863
plebs who are trying to get into linux are going to complain about how insecure linux is along with the trolls. linux security does not have an end all be all solution for servers, databases, and desktops all. they all require different level of security and threat modeling
>>59309650
this, the hardest part of gentoo is reading
>>
File: 1488149120478.jpg (37KB, 471x600px) Image search:
[Google]
37KB, 471x600px
There is no secure OS once it is in the hands of a couple intelligent users.
>>
>>59310198
Their is no OS once you realize you are too smart for computing
>>
Gentoo is the safest distro there is, but it's very hard for novice users, sadly.
>>
>>59310284
only for the illiterate or children
>>
What if Americans unite and raid NSA/CIA buildings and smash their servers and broke their power systems? (Then afterwards raid GOOGLE HQ)
>>
>>59310284
It's usually not a matter of being hard but the fact it does not install and work out of the box without tweaking and compiling
>>
>>59307211
Delete SystemDildo from Uranus.
>>
>>59310271
There is no possession once you realize there is no possession.
>>
File: IMG_1239.png (204KB, 750x1334px) Image search:
[Google]
204KB, 750x1334px
>>59310680
>>
>>59307211
Having nothing to hide is a great way to secure every facet of your life
>>
AppArmor
iptables
Fail2Ban
>>
https://www.youtube.com/watch?v=rhZpoALaIRo
>>
On a Linux server this is a really good place to start. Run CentOS with selinux enabled and apply this and you'll have a pretty secure system.
http://dev-sec.io
>>
>>59312618
>SELinux
Why though? AppArmor does everything SELinux does with less work and easier configurability.
>>
>>59307211
1- use hardened gentoo with PaX/grsec
2- actually activate grsec
3- run everything in a suitable firejail (ALWAYS use --x11, ALWAYS use --net, even if it's just --net=none, because otherwise some X11 resources can leak, ALWAYS use overlay, copy files from the overlay down to the actual FS as needed).
4- Correctly setup your firewall
>>
>>59312646
even if it's just --net=eth0 rather
>>
>>59312646
Also always use DNSSEC and dnscrypt, and setup unbound.
>>
>>59312646
What about a hardened, minimalist Arch install with the same setup? What benefit would Gentoo have security wise?
>>
>>59312679
Gentoo allows you to patch things at any granularity level simply by dropping a patch file in the proper directory and reinstalling the program (i.e. it's 100% handled by the package manager), and software on gentoo tends to be a lot more stable, both of which contribute (though mostly indirectly in the case of stability) to security. You could also use an arch setup (so long as you replace systemd with something else).
It just tends to be simpler to setup grsec and PaX features on gentoo than on other distros, but you can also just set it up on arch if you want to.
>>
>>59312642
App armor is fine too, but you'll find way way more EL (CentOS, rhel, OEL) in the professional world so if you're looking for job skills this is a good way to go. Still though If you prefer Ubuntu go for it.
>>
>>59312713
Actually, apparmor is not fine. It has significant and critical flaws like working on the file level instead of the inode level, for example. Selinux is unironically better than apparmor, but grsecurity is the true gold standard.
>>
>>59312713
AppArmor isn't an Ubuntu thing, it's a SUSE thing.
>>
>>59312708
Gentoo just doesn't scale well. Gentoo isn't well supported at all by common config management systems like Puppet and Chef.
>>
>>59312741
I stand corrected, but it is available on Ubuntu.
>>
>>59312679
canaries if you do not use the already
Thread posts: 56
Thread images: 11
Thread images: 11