I'm running Mint 18.3. I have the firewall enabled. Running Chromium wit UBO, and most of all safe browsing habits. Is there much more security that I need?
Keep your system is up to date. I mean install security updates. I don't know Mint. I know some distributions are faster while others are slower in providing security updates. If security is your primarily concern, make sure distro of your choice is the one that would have history of quick delivery of security updates.
It depends on the vulnerability and whether your are using additional mechanisms to achieve security in depth. I am talking about desktop use-cases. The worst kind of vulnerabilities to defend are RCE (remote code execution). The good news is that they are rarely found in kernel. They are often found in internet facing user-space programs, so often the most important task is to update user-space programs. On the other hand if you use apparmor, SELinux or other MAC mechanism, it is good to update kernel too, but it is not so important. There are rare exceptions to that.
Honestly, I have never used anything special in Linux since a long time and never got infected. Sole thing I added to the FW is blocking TCP ports 139 and 445 outbound. Depends on your surfing habits maybe.
IIRC most desktop Gnu/Linux distributions don't have anything listening on these ports by default. It would be better to block TCP 22 (OpenSSH).
I'll be adding this one too. Nothing to loose letting the others in the list. (related to Windows SMB, right?)
Is this how to block outbound ports? Code: # /sbin/iptables -A OUTPUT -p tcp --dport 22 -j DROP # /sbin/service iptables save
Primarily you want block input TCP 22 port, so nobody can login to your OpenSSH daemon. Then reboot and check: Code: iptables -L -n
Yes, it improves its security. See also this follow-up post, and this post which shows how the default profile for Chromium can be considerably tightened.
I know Firejail is Linux, but does it Sandbox similar to Sandboxie? I've used Sanboxie in the past, but I've just started using FJ a couple of weeks ago, with Firetools.
I'm not familiar with Sandboxie. Firejail uses features available in the Linux kernel (chroot, seccomp-bpf, namespaces, capabilities) in order to sandbox applications. I normally don't use Firetools at all. The best way how to use Firejail is by following the steps outlined here. This makes sure that all applications for which Firejail profiles are available will be started sandboxed.
Ok thanks. I'll check that website out. I already did the sound fix, i lost sound after installing FJ.
