Hello. I’d like to use Lubuntu for safe shopping on my PC instead of Win7 (and keep Win7 for gaming) Win10 was too slow, and Lubuntu is running as fast as optimised Win7
Unfortunately I have no knowledge about securing Linux (I think it is secure but I’d like it to be more secure:-)
Could you write me basic tasks I can do to improve security?
What I know:
Install system offline with disconnected cable. Before first connect:
Enable firewall with sudo ufw enable
Set strong root password, write it with pen on paper, hide it well, and not never login as root sudo passwd root
Install Timeshift and make system snapshot.
Install Opensnitch (for example to blocking WINE programs) https://github.com/evilsocket/opensnitch
How to install on Lubuntu / Ubuntu /Mint https://github.com/evilsocket/opensnitch/issues/647#issuecomment-1125132251
Any other things I should do?
For example there is program called Stacer which have service disabler.
What unnecessary services can I disable?
This is an interesting question and will get you varied answers with varied contexts/perspectives.
In my opinion, you don’t really need to do much else after enabling ufw.
If you want to go beyond the default rules ufw comes with, you can, but I don’t think you’ll get much out of that.
The only real thing I would consider for my own system is enabling MAC for my system via apparmor.
That, however, is not necessarily as easy as flipping the switch for ufw and will need reading.
For me, I’m good enough with a home pc running unattended updates, manually updating regularly myself, and running ufw with default rules.
As controversial as they have come to be, snaps and flatpaks are supposed to be well contained (isolated?) apps that would otherwise run with default permissions on the system. It is still the case however, that they provide security benefits over just using apparmor. Depends on who you ask.
Since there isn’t really a unified or universal Unix/Linux kind of home PC targeted Anti-malware software (although Google says there are), I cannot really recommend anything. The main thing with keeping bad stuff off your Linux boxes come down to only installing things from trusted places and to verify what you download.
I wouldn’t go overkill on trying to protect a Linux box compared to a Windows box but I do think certain hygine practice when using any kind of system is mostly a good thing to do—even if peope really believe anything Unix is bullet proof.
Hello again. I’m not starting new topic because it’s also about security:
I have problem with set up DNS over HTTPS in Firefox.
On Windows FF under “Maximal protection” show me list of DNS providers (for example Cloudflare)
On Linux it show me only custom DNS option.
When I write 1.1.1.1 in text-box it’s not working. (all sites shows security error)
i tried Firefox versions: Snap, Flatpak & zipped version from Mozilla site.
Also about security recommendation do you think it’s good to change system DNS (in Lubuntu Advanced network configuration window?)
I ask because I read somewhere that sometimes routers (which often uses very outdated Linux version) can be infected with viruses that change router DNS to malicious.
