What should I do after Lubuntu install to improve security?

Hello. I’d like to use Lubuntu for safe shopping on my PC instead of Win7 (and keep Win7 for gaming) Win10 was too slow, and Lubuntu is running as fast as optimised Win7 :slight_smile:

Unfortunately I have no knowledge about securing Linux (I think it is secure but I’d like it to be more secure:-)
Could you write me basic tasks I can do to improve security?

What I know:

  1. Install system offline with disconnected cable. Before first connect:
    Enable firewall with
    sudo ufw enable

  2. Set strong root password, write it with pen on paper, hide it well, and not never login as root
    sudo passwd root

  3. Install Timeshift and make system snapshot.

  4. Install Opensnitch (for example to blocking WINE programs)
    How to install on Lubuntu / Ubuntu /Mint

Any other things I should do?
For example there is program called Stacer which have service disabler.
What unnecessary services can I disable?

1 Like

This is an interesting question and will get you varied answers with varied contexts/perspectives.

In my opinion, you don’t really need to do much else after enabling ufw.

If you want to go beyond the default rules ufw comes with, you can, but I don’t think you’ll get much out of that.

The only real thing I would consider for my own system is enabling MAC for my system via apparmor.

That, however, is not necessarily as easy as flipping the switch for ufw and will need reading.

For me, I’m good enough with a home pc running unattended updates, manually updating regularly myself, and running ufw with default rules.

As controversial as they have come to be, snaps and flatpaks are supposed to be well contained (isolated?) apps that would otherwise run with default permissions on the system. It is still the case however, that they provide security benefits over just using apparmor. Depends on who you ask.

Since there isn’t really a unified or universal Unix/Linux kind of home PC targeted Anti-malware software (although Google says there are), I cannot really recommend anything. The main thing with keeping bad stuff off your Linux boxes come down to only installing things from trusted places and to verify what you download.

I wouldn’t go overkill on trying to protect a Linux box compared to a Windows box but I do think certain hygine practice when using any kind of system is mostly a good thing to do—even if peope really believe anything Unix is bullet proof.



Hello again. I’m not starting new topic because it’s also about security:

I have problem with set up DNS over HTTPS in Firefox.

On Windows FF under “Maximal protection” show me list of DNS providers (for example Cloudflare)
On Linux it show me only custom DNS option.
When I write in text-box it’s not working. (all sites shows security error)
i tried Firefox versions: Snap, Flatpak & zipped version from Mozilla site.

Since this is a specific problem you’re having and not a general security recommendation, this will likely need to get put to its own thread.

My problem is fixed:
In custom text-box user should write one of this URLs (not IP adress)

Cloudflare: https://cloudflare-dns.com/dns-query
Secure DNS EU: https://doh.securedns.eu/dns-query
Quad 9: https://dns.quad9.net/dns-query
Google: https://dns.google/dns-query

Then it can be tested with

1 Like

Also about security recommendation do you think it’s good to change system DNS (in Lubuntu Advanced network configuration window?)
I ask because I read somewhere that sometimes routers (which often uses very outdated Linux version) can be infected with viruses that change router DNS to malicious.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.