Thread replies: 12
Thread images: 3
Thread images: 3
Anonymous
Linux workstation security 2017-03-09 09:34:41 Post No. 59322953
[Report] Image search: [Google]
Linux workstation security 2017-03-09 09:34:41 Post No. 59322953
[Report] Image search: [Google]
I've been thinking about how to make an usable yet reasonably secure Linux desktop.
As base system, I'd choose Fedora, because it comes with Wayland (X is shit security-wise), SELinux and good defaults. If I had more advanced knowledge and time to learn so that I'd trust myself more than Red Hat to properly configure a Linux system, I'd use Hardened Gentoo because it comes with Grsecurity, which is arguably a better protection than SELinux or Apparmor alone.
I'd disable internet access for my regular user with iptables, and would instead use a separate user with internet access for browsing in another virtual terminal. I'd use Chromium because security-wise it's simply unmatched (it can be argued architectural/theory wise, but the best proof for people who don't believe it are CVE stats about remote code execution for both Firefox and Chrome), and I'd always run it sandboxed using firejail or something else. Usual ad and JS blocking add-ons are a must too.
This way, regular applications that might pose a security risk, like media parsers, don't have internet access so they are rendered more or less useless. The only part that is exposed to the internet is a sandboxed browser running as another user, so even if that gets exploited, your files are safe. The only way to defeat this is with a zero-day elevation of privilege, which I don't think is something 99.999% of people have to worry about.
>>
File: 1465472517298.png (3MB, 2000x2000px) Image search:
[Google]
3MB, 2000x2000px
>>59322953
I'd just like to interject for a moment. What you're referring to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called "Linux", and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called "Linux" distributions are really distributions of GNU/Linux.
>>
Install Slackware.
>>
>>59322953
>linux
>fedora
>systemd
>x86 cpu
>capable of packet switching
>cia
>nsa
>fbi
>secure
>>
File: a6f2dd5ef1f3af53d83707c0798cefbc.jpg (1MB, 1191x1684px) Image search:
[Google]
1MB, 1191x1684px
>>59322953
I want to creampie Youmu.
>>
>>59322953
Why are you trying to re-invent Qubes poorly when it already exists?
>>
>>59323079
Should I pick something?
>>
>>59323111
that's gross, anon
>>
>>59323111
fucking pedo
>>
>>59323171
Qubes has a clunky UI and doesn't support graphic acceleration.
>>
>>59323806
She's over 60.
>>
>>59323259
>picking things
>2011
pick one
Thread posts: 12
Thread images: 3
Thread images: 3