What to use for system hardening
What to use for system hardening
Im using linux for +-3 yrs and im pretty used to it. Im currently running nixos on my laptop. My question is what kind of hardening do i need firejail, apparmor, selinux, .. all 3 of them ? none of them ? Thanks for the advice and have a nice day
You're viewing a single thread.
I am not sure. I personally don’t trust selinux because it was developed my the nsa, though that is just me being tinfoil-hat-ish about it. I am a fan of clamav / clamtk for files you think are sketchy (“alternatively obtained” games and things.) I also use ufw but that is more of a thing for servers if I’m not mistaken. If you use ssh server on your laptop, you should get fail2ban or sshguard. While the whole “Linux can’t get hacked” thing is wrong, as long as you stay updated and don’t be stupid you should be protected from automated scripts which is all desktop users really need to worry about.
I put fail2ban on everything, and I manage to lock my self out of systems at least once a month, so I guess it's working as intended.
I like sshguard simply because I couldn’t get the fail2ban daemon running and sshguard started right up. I don’t know how the functionality compares but it is simple and never messes stuff up.
Thanks for the time to anwser. What is the diffrents between ufw and systemds firewall ?
I’m not familiar with systemd’s but as long as you use a firewall and configure it properly you are fine.
Which systemd firewall are you talking about?
I meant firewalld im sorry
Use UFW - uncomplicated firewall. Some distros install it by default. Its very easy to use whereas other firewalls are super complicated
I currently use firewalld is their a diffrents in terms of security ?
I dont think so. Both UFW and firewalld are just frontends - they don't actually do any work themselves. That is all handled by the iptables or the newer nftables kernel modules inside the kernel itself, the major difference will be in what rules they create but both should be able to create the same rules for either of these kernel APIs. UFW is what ubuntu uses by default I believe and firewalld what a lot of other distros use by default.
Thanks this was a very usefull anwser!!!
No, only the configuration syntax is different. If you know what you're doing in configuring them both are fine.
They're pretty similar but firewalld allows more complex rules without resorting to plain iptables syntax. Try both and see what you like better.