What can a new Linux user do to his installation to make it more secure?
>>60480223
wipe the drive and disassemble the pc
>>60480223
Install GENTOO
>>60480223
Install CommonSense Professional 2017, don't bother with the Home Edition.
Or, you know, install Gentoo
>>60480223
I'd just like to interject for a moment. What you're referring to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called "Linux", and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called "Linux" distributions are really distributions of GNU/Linux.
>>60480254
>Not using CommonSense 2012 with community-made updates
>>60480223
filter access to /dev/mem and various options like that
enable security features like aslr
enable strict selinux
you can still use grsec for 4.9 though the future looks messy
block javascript and use ublock in browser
do not use adobe flash or acrobat reader
judicious firewall rules
compile sources yourself, to avoid somebody replacing binaries with something shady (though they can still replace the sources, this sounds less likely for an attacker to do)
>>60480323
Thanks, I'll look into all this
>>60480369
some of that is probably a bit effort though.
Turn off password access for ssh and only allow key access. There are webpages on making sshd more secure that include other things too.
>>60480242
HARDENED Gentoo
>>60480223
Is this image from bible black?