Desktop Linux Hardening
privsec.dev
Linux is not a secure desktop operating system. However, there are steps you can take to harden it, reduce its attack surface, and improve its privacy. Before we start… Some of the sections will include mentions of unofficial builds of packages like linux‑hardened, akmod, hardened_malloc, and so on. These are not endorsements — they are merely to show that you have options to easily obtain and update these packages. Using unofficial builds of packages means adding more parties to trust, and you have to evaluate whether it is worth doing so for the potential privacy/security benefits or not.

Linux is not a secure desktop operating system. However, there are steps you can take to harden it, reduce its attack surface, and improve its privacy.

Before we start…

Some of the sections will include mentions of unofficial builds of packages like linux‑hardened, akmod, hardened_malloc, and so on. These are not endorsements — they are merely to show that you have options to easily obtain and update these packages. Using unofficial builds of packages means adding more parties to trust, and you have to evaluate whether it is worth doing so for the potential privacy/security benefits or not.

  • NotAnArdvark@lemmy.caEnglish
    1·
    1 year ago

    I’m pretty excited to see this. A long time ago I had a macOS hardening guide, and it had lots of great ideas too.

    I would personally stay away from installing anything (for security purposes, at least) that wasn’t part of your official distribution. I think there’s more safety to be had staying with high visibility, high use packages.