>Linux is not secure, but is securable.
How do I make it secure? Assume I just installed Vanilla Arch.
>>51630683iptables -t filter -F INPUT
iptables -t filter -P INPUT DROP
>>51630683
https://wiki.archlinux.org/index.php/Simple_stateful_firewall
>>51630711
Is this the only thing required?
>>51630780
You probably don't even need to do that, as long as you aren't running any web services and keep all your software up to date.
>>51630814
"web services" as in hosting a website?
Also, is dwm worth using?
>>51630829
iptables is redundant if you're connected through a router you trust that's already running it
grsecurity
>>51630859
ok
>>51630883
nice meme
>>51630683
Full disk encryption with signed bootloader and two factor authentication.
>>51630683
Secure from what? Browsing and getting malware or secure from NSA sniffing? Secure from DDOS or brute force attacks? Secure from hardware failure or power outage? Who is the enemy?
1. use a secure by default distro (fedora, alpine, hardened gentoo)
2. run lynis
>>51630829
Not sure what dwm has to do with firewalls, but it's a great window manager
you should just install it from source rather than deal with the Arch binary or AUR nonsense
>>51632490
malware and nsa botnet
I'm a little paranoid about that so I am switching.
I just watched Citizenfour.
>>51632832
Is it outdated in the arch repo?
>>51633035
you have to recompile it to edit the configuration so binary packages can't be customized, and the AUR method makes it way more complicated than it actually is
>>51633633
okay thanks
>>51630944
Thats the single best thing you can do to secure your kernel. Second one is SELinux
>>51630683
Install Gentoo
Use hardened-sources or rsbac-sources instead of gentoo-sources
Enable grsecurity or rsbac
Use firejail or rsbac jails to isolate every internet-facing application
Use full-disk encryption
Run a clean install in global learning mode for a while
Reboot with learning disabled
Additionally, see https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sophisticated_Attacks
>>51630683
I'm curious, say I AES my entire disk with a secure password and I use something like Arch and I always turn off my computer (as oppose to sleeping it) to protect from cold boot attacks. How else can I get fucked?
The main thing I can spot is I've not protected my internet in that scenario. What else is there to do?
>>51632526
>fedora
>ever secure
>in anywhere near the same league as alpine or gentoo
>alpine
>anywhere close to hardened gentoo
Memepost/10
>>51630683
>How do I make it secure? Assume I just installed Vanilla Arch.
1. step: use a stable distribution
fail2ban
>>51634622
isn't that what TrueCrypt does?
I know you can do it on Macs with FileVault but they have some supporting software in the UEFI to deal with decrypting the drive
install gentoo
>>51635046
install hardened gentoo
>>51634820
>implying arch isn't stable
>>51636855
>implying arch isn't the definition of unstable
>>51636908
no actually. all packages are thoroughly tested before going to the non-testing repos
>>51637055
HHHHHHHHHHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAHAHAHHAHAHAHAHAHAHAHAHAHHAAHAHAHAHAHAHAHAHA!
>>51637086
>>51637055
ayy
-Get a firewall up
$ sudo pacman -S ufw; sudo systemctl enable ufw
-Only use the AUR packages you can trust
-Use commonsense
>>51630683
Install Qubes and create different VMs for your different activities.
You can choose which get network access, and you're able to copy/paste between them securely.
It's just like using a regular desktop, but the windows are color coded so you know which VM they belong to.
That way if you fuck up on one, whatever you did can't mess with the rest of your system.
>>51630683
>install gentoo
>read the source code
>secure!
