Hardening Linux (Mint 16 Especially)

So I did the search and read most of the posts. Some things I had questions about seem to be answered (like chkrootkit, rkhunter, Bastille, etc... not being needed). But I still have some questions. When I ran Ubuntu 11.04 I did all of these in the below video, and didn't have a problem, but I wanted to see if these apply to Mint 16...and if you guys think any are worth doing?

It's a 40 minute video, but the stuff I'm unsure of starts at 11:00 - 26:00

-https://www.youtube.com/watch?v=pant4n9OzRQ-

This is on a laptop that connects to WiFi at coffee shops. It also needs to connect to Windows shares on the home LAN. I have ufw configured to only allow local LAN and VPN.

Thanks!

 

I skipped through the video for the duration you specified, that guy isn't easy to follow but it is outdated.

/dev/shm now is a link to /run/shm and is split into several tmpfs mounts by default. Room for improvement there would be for mounting it as noexec. Debian based distros do this by default, Ubuntu & cousins do not. For more on up to date fstab improvements, you may want to glance through here:
http://thesimplecomputer.info/oh-devsda-how-have-i-displeased-thee/

The sysctl stuff he does wouldn't be a bad idea if using public access points and won't cause problems with network access. I think also some distro ship with those enabled by default (Arch?) but not 'buntus & Mints. An also up to date sysctl config page can be found here:
http://thesimplecomputer.info/adventures-in-linux-tcp-tuning-page2/

(Full disclosure: that's my site.)


Hope that helps.

 

There is no reason to harden Linux Mint.
Mrk

 

LOL
Different ppl have different needs for the same Linux distro. How could you speak for others while you know absolutely nothing about their real need for Mint?

 

It's what he does....

 

That sums it up, yes.

 

Yes I saw his title in Linux expert, so what? His claim is against basic logic.
I don't know what he does, it does not matter to me.

 

Just differing opinions from the usual seen in these forums. Some people take a calm, reflective approach towards computer security.

As for the topic question, one could enable the firewall (sudo ufw enable) keep mint updated, and harden the browser with a scripting control extension. There's more that could be done but it can get pretty involved so it's not everyone's cup of tea.

 

Yes Mrk share a great deal of useful information in this forum, he certainly is entitled to his opinion, however as always, there are different ppl out there who has different needs for Mint or other distros, therefore their requirement towards security is different. They might need to harden Linux Mint to get better experience.

 

Hi PaulyDefran,

Perhaps this link will help: hardening mint for security.

-- Tom

 

Thanks people, didn't want to start nuthin' I'll check out the links!