Linux MINT Practical steps to securing

What are some steps to keeping Linux Mint secure? In terms of priority. I already lock down my browser and I use a VPN. But I mean the base OS.

I've heard of Snort, is it worth using?

I've considered Gentoo but I've decided to stay on Mint. All the compiling would be too much of a hassle.

Other urls found in this thread:

protectli.com/products/
pfsense.org/download/
sourceforge.net/p/peerguardian/wiki/pgl-Install-DebianUbuntu/
twitter.com/SFWRedditGifs

I know install gentoo is a meme but it's really one of the best options for a secure linux. If you cant deal with compiling to use hardened gentoo alpine would work but it has so few packages that you might as well use OpenBSD. My reccomendation would be to switch to a distro like debian or devuan. Both are a lot lighter than Ubuntu derivatives and I believe they both have options for graphical package management. Most of the newbie distro maintainers aren't really all that interested in security

Have you considered gentoo?

Linux Mint makes bad packaging decisions, some of them related to security. Ubuntu (including official variants like Xubuntu) would be better.

Why is ubuntu better?

Next time you ask this board, ask a more specific question, and don't mention the distro. Security can come in many forms, and depends on your use case. If you're running web services or programs connected to the net, or a lot of binaries you don't trust, some kind of restriction as to what they can touch would be a good idea. If you run on a laptop, full disk encryption would be a good idea. And so on and so forth. I believe the Arch or Gentoo wiki has an article on security, otherwise look on the net.
Enjoy your distro war thread.

I dont want distro war, I want a plan for making linux mint fairly more secure

Use the latest kernel.

Read up on kernel hardening. There are some options you can set (like disabling strace) that will be helpful.

Use an IDS like aide or tripwire.

Use dm-crypt/LUKS.

Use a firewall. Whatever iptables-based solution seems easiest on Mint.

Ubuntu uses AppArmor. Mint probably does, too. Make sure it's activated at boot time and review your AppArmor policies.

Use firejail to jail browsers and similarly bloated, network-connected software. Firejail can be configured to be used in conjunction with AppArmor.

Uninstall software you don't use. Check for running daemons/services that you don't need and disable them. Make sure you're not loading unnecessary kernel modules at boot.

Keep your software you obtain through Mint's repos up to date. Don't install other software unless you can verify that it came from who you think it came from (check the PGP signature or at least a SHA hash). Never run one of those obnoxious hipster install scripts that want you to pipe curl into your shell as root.

Don't plug random USB drives into your computer.

Use a wired Ethernet connection instead of wireless whenever possible.

Make sure your browser is actually locked down. You should be running js on very few sites. Uninstall Flash if it's installed.

I might think of more later.

Don't listen to memesters, Mint can be secured reasonably enough for common use.
1) Run netstat constantly for a few days to detect all services that connect to the network. Disable anything that you don't absolutely need. My Mint system only has tor, dnsmasq, and dhclient connecting to the network.
5) Use a packet sniffer (e.g. Wireshark) to monitor what is going on in detail.
2) Block incoming connection using gufw firewall, it comes pre-installed on Mint.
3) Install apparmor with extra profiles and enable all profiles.
4) Install grsecurity patches if you want extra security.

You already got pwned if you installed it off their website without checking iso signatures.

learn about setting up firewalls, most of your security should be on a network level regardless of OS.

also

here these are good:
protectli.com/products/

And start learning about pfsense
pfsense.org/download/

Start setting up rules and only allow ports you use to be open, and limit them to TCP or UDP where possible. Set up a local proxy with cache and have an antivirus scan inbound file transfers. Snort is available as a package too for monitoring intrusion attempts. You can also use these to set up a VPN so you have don't have anything running client side that malicious software might fuck with. It's not that difficult after watching a few youtube tutorials.
I downloaded and watched all of them during my breaks

Thank YOU!

... was the iso replacement hack much deeper than previously reported?

or are you thinking that the iso was mitm'd from their site? generally using the torrent is the preferred downloading route. also always check the hashes and signatures.... and dont rely only on the single site for the hashes

Mint is based on Ubuntu, but makes bad packaging decisions. Therefor, using raw Ubuntu would be like using Mint, but without the bad packaging decisions.

Install Peerguardian Linux OP. Use the Ubuntu instructions.

sourceforge.net/p/peerguardian/wiki/pgl-Install-DebianUbuntu/

You'll always be considering Gentoo until you install Gentoo.

This.
Gentoo is love, gentoo is life.

Gentoo is a hard drug.

Whatever distro you use, install a simple firewall like ufw, and gufw for a gui interface. Keep all ports closed. Don't run servers, like ssh, ftp, samba, etc. Don't install software from any other place but the distro repos. Don't let anyone use your computer, especially don't let anyone plug in a usbstick, cd, usb hard drive, or any other media. Use a strong wifi passphrase and encryption key. Don't use wep! Better yet, just use an ethernet cable and turn off wifi completely. Tor browser, check. VPN, check. You can install Tor daemon and configure it to provide DNS (just tell it what port to offer). Then set your system DNS to 127.0.0.1: and all your DNS requests go through Tor to Tor DNS servers. You can use intrusion detection systems like Snort or whatever, but there's a learning curve involved. Tiger is probably simpler if you really want all that. And of course, close all ports in your router/modem firewall, too. For file encryption I would recommend installing cryptsetup and using it to create an encrypted partition. And of course don't go around on the internet clicking every link in sight, or in emails. That's how most people get infected. For further info, check out:
ssd.eff.org
prism-break.org
privacytools.io
guardianproject.info
torproject.org
tails.boum.org

You can't make Mint secure, it's only for x86 hardware, which by design is insecure. See Intel ME.

also consider removing systemd.
if you are lazy look into lmde

Nothing will ever be completely secure, but you can always make things more secure.

what about arch, is arch more secure than mint or ubuntu?


i was thinking or trying out some mesh network, and for that i think i need to allow connections to my laptop so i full on firewall wouldnt be possible


ive seen this argument many times, how much can the botnet know about you only by some intel chip?

Literally nothing if you don't install the driver for it.

This is a meaningless question. "Secure" against what? A meteorite? If a meteorite crashes through your roof and destroys your computer, it will make little difference whether you had Arch or Mint or Ubuntu installed on it.

It's worth pointing out that, if Mint and Ubuntu follow Debian policies, they are set up to use AppArmor out of the box (though you have to turn it on), and they compile many programs with a number of hardening flags (-pie, -z relro -z now). Arch does not.

Double check, though. Sometimes downstream distros do stupid shit.

honestly just use ubuntu, debian, or devuan. if ubuntu, remove spyware.
ubuntuforums. org/showthread.php?t=2000108

minimize your presence online.

use vpn.

know your threat level and you're likely already assraped by state level actors if they desire.

use encryption.

avoid proprietary software as much as possible.

at least learn python so you can write scripts and simple tools for some level of tech self-reliance.

disconnect webcam and microphone, if any.

noscript + https everywhere + ublock / umatrix. or go go full text mode.

host your own webmail to avoid corporate spying.

install gentoo

Mint is insecure. Windows 10 is the only way to stay up to date, citizen.

Mint may not be the most secure linux out of the box, but it's far more secure than windows 10. Stop spreading misinformation.

CUCKED

...

Shills get paid per post.