Hardening Linux (Mint 16 Especially)

Discussion in 'all things UNIX' started by PaulyDefran, Jan 19, 2014.

Thread Status:
Not open for further replies.
  1. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    So I did the search and read most of the posts. Some things I had questions about seem to be answered (like chkrootkit, rkhunter, Bastille, etc... not being needed). But I still have some questions. When I ran Ubuntu 11.04 I did all of these in the below video, and didn't have a problem, but I wanted to see if these apply to Mint 16...and if you guys think any are worth doing?

    It's a 40 minute video, but the stuff I'm unsure of starts at 11:00 - 26:00

    -https://www.youtube.com/watch?v=pant4n9OzRQ-

    This is on a laptop that connects to WiFi at coffee shops. It also needs to connect to Windows shares on the home LAN. I have ufw configured to only allow local LAN and VPN.

    Thanks!
     
  2. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    I skipped through the video for the duration you specified, that guy isn't easy to follow but it is outdated.

    /dev/shm now is a link to /run/shm and is split into several tmpfs mounts by default. Room for improvement there would be for mounting it as noexec. Debian based distros do this by default, Ubuntu & cousins do not. For more on up to date fstab improvements, you may want to glance through here:
    http://thesimplecomputer.info/oh-devsda-how-have-i-displeased-thee/

    The sysctl stuff he does wouldn't be a bad idea if using public access points and won't cause problems with network access. I think also some distro ship with those enabled by default (Arch?) but not 'buntus & Mints. An also up to date sysctl config page can be found here:
    http://thesimplecomputer.info/adventures-in-linux-tcp-tuning-page2/

    (Full disclosure: that's my site.)


    Hope that helps.
     
    Last edited: Jan 20, 2014
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    There is no reason to harden Linux Mint.
    Mrk
     
  4. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    LOL
    Different ppl have different needs for the same Linux distro. How could you speak for others while you know absolutely nothing about their real need for Mint?



     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    It's what he does.... :)
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That sums it up, yes.
     
  7. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Yes I saw his title in Linux expert, so what? His claim is against basic logic.
    I don't know what he does, it does not matter to me.

     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Just differing opinions from the usual seen in these forums. Some people take a calm, reflective approach towards computer security.

    As for the topic question, one could enable the firewall (sudo ufw enable) keep mint updated, and harden the browser with a scripting control extension. There's more that could be done but it can get pretty involved so it's not everyone's cup of tea.
     
  9. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Yes Mrk share a great deal of useful information in this forum, he certainly is entitled to his opinion, however as always, there are different ppl out there who has different needs for Mint or other distros, therefore their requirement towards security is different. They might need to harden Linux Mint to get better experience.


     
  10. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
  11. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Thanks people, didn't want to start nuthin' :D I'll check out the links!
     
Loading...
Thread Status:
Not open for further replies.