Linux Hardening Guide | Madaidan's Insecurities
madaidans-insecurities.github.io

Writeup from 2022 that I assume is mostly still valid. TLDR:

  1. Mainstream Linux is less secure than macOS, Windows, and ChromeOS. (Elsewhere: “[iOS/Android] were designed with security as a foundational component. They were built with sandboxing, verified boot, modern exploit mitigations and more from the start. As such, they are far more locked down than other platforms and significantly more resistant to attacks.”)
  2. Move as much activity outside the core maximum privilege OS as possible.
  3. OP doesn’t mention immutable OS, but I assume they help a lot.
  4. Create a threat model and use it to guide your time and money investments in secure computing.

Once you have hardened the system as much as you can, you should follow good privacy and security practices:

  1. Disable or remove things you don’t need to minimise attack surface.
  2. Stay updated. Configure a cron job or init script to update your system daily.
  3. Don’t leak any information about you or your system, no matter how minor it may seem.
  4. Follow general security and privacy advice.
  • verdare@piefed.blahaj.zoneEnglish
    7·
    4 hours ago

    I’ve had a hot take for a while now that Linux isn’t “more secure” than other operating systems like a lot of evangelists will claim. I think people get this impression because the user base for desktop Linux has been small enough that no one was writing malware targeted at us.

    Unix’s security model was developed in a world where the primary concern was protecting the system from users and protecting users from each other. It wasn’t really designed for single-user systems where the main concern is protecting the user from their own applications.

  • Jumuta@sh.itjust.works
    8·
    5 hours ago

    security you don’t understand is security you don’t have. windows’ exploit mitigations don’t work because the average user doesn’t understand them and can easily be guided into disabling them.

    the weakest attack surface is the stupidity of the user and that’s not gonna change however much you try to make your os secure

    • verdare@piefed.blahaj.zoneEnglish
      4·
      4 hours ago

      A secure OS should account for dumb/malicious users and mitigate the damage they can do. If a user can be convinced to disable protections on Windows or Android, that same user could easily be convinced to download a script and run it with sudo.

  • monovergent@lemmy.ml
    5·
    4 hours ago

    As someone who did use this guide as an exercise in making my setup as secure as it could be without changing distros or hampering productivity, a few words of advice:

    • Make a threat model for yourself before diving in and apply the mitigations judiciously. It’s not exactly a checklist, just use something secureblue or Qubes if you are really paranoid about your computer.
    • The majority of the mitigations ‘just work’ and have no noticeable impact on performance, battery life, or compatibility.
    • If your CPU/Memory performance widget breaks, dial back on the ptrace options
    • If Flatpaks fail to launch, dial back on the namespace options
    • Check back every so often because some of the options end up having unwanted side-effects with updates. See the preamble in boot parameters, where a change in Linux made in 2021 (which finally made it into Debian Stable this year) made the slub_debug mitigation actually worsen security.
  • Soot [any]@hexbear.netEnglish
    16·
    7 hours ago

    These are very subjective arguments, and even the objective points are completely subjective depending on your distro.

    I mean one of his arguments is that C++ is just inherently insecure. He just takes Microsoft’s claims at face-value that all their pointless shit is the magical security wall that it claims to be. He buys into the same lie that ACE on a Windows, Mac or Android is somehow much much safer than on Linux. Most of his claims that other OSes are more secure are rooted in “well yeah they do exactly the same but at least they knooow they do”.

    I’m not even acknowledging ChromeOS - it is Linux, except it only runs a browser.

    99% of this stuff also applies to Windows/MacOS/Android/iOS, except moreso and far more universally. And 90% of this stuff is only relevant if you’re being targeted by some state-funded intelligence like the CIA (cold reading your RAM?? minimum 16-character password?? Keystroke fingerprinting???)

    So whatever, I think the hardening guide looks fairly accurate, but unless you’re being spied on by world powers, I wouldn’t consider it worth peoples’ time to read, never mind implement. 90% of people are still going to be more secure by cluelessly using Linux instead of cluelessly using the others.

  • non_burglar@lemmy.world
    6·
    6 hours ago

    This is a Qubes ad.

    And that’s fine, but why Qubes insists it’s not Linux while booting the Linux kernel, running xen, using xfce as the primary desktop, and being listed on disteowatch seems like a weird marketing choice to me. Your primary audience knows what Linux is, so what is the motivation behind claiming “Qubes is not Linux”?

    • N.E.P.T.R@lemmy.blahaj.zoneEnglish
      1·
      2 hours ago

      Freebsd is also on distrowatch. Qubes is not desktop Linux because it doesnt function like normal linux. It uses the Linux kernel, but in a similar way to how Android isn’t Linux, neither is Qubes.

      • non_burglar@lemmy.world
        1·
        2 hours ago

        Fair enough. I guess I didn’t distill my comment before writing it down.

        The problem I see with op’s “Linux isn’t secure” comment (without getting all territorial about it) is that the solution touted by Qubes is already a solution in wide use in several Linux distros, meaning the compartmentalization of apps in constrained environments is already a mechanic used in flatpack, snap, even docker.

        The fact that Qubes is a secure approach should be the focus, not the “our potassium is superior to all other countries” vibe from this post.

        • BigHeadMode@lemmy.frozeninferno.xyzOP
          1·
          20 minutes ago

          a solution in wide use in several Linux distros, meaning the compartmentalization of apps in constrained environments is already a mechanic used in flatpack, snap, even docker

          Not a good argument. Several distros use it, but most mainstream distros are not focused on sandboxed apps. If you look up “should I use Snap on Ubuntu” the responses are around 80% no.

        • N.E.P.T.R@lemmy.blahaj.zoneEnglish
          1·
          2 hours ago

          Understandable. Though the security difference between Flatpak and Xen VMs, or even between Flatpak and Snap, is pretty big. Flatpak is mostly sandboxed to provide a consistent run environment to apps across distros, and id say 50% or more of the Flathub apps seem to have weak default sandbox security settings. Snap does a better job security-wise of reducing sandbox escape potential, but is still a far cry away from the containerization of Qubes.

  • bad_news@lemmy.billiam.net
    201·
    8 hours ago

    Mainstream Linux is NOT less secure than MacOS, and if you’ve ever seen how buggy non-Graphene Android is, tell me this OS is doing secure memory management with a straight face…

  • HaraVier@discuss.online
    5·
    6 hours ago

    I highly value Madaidan’s input on the matter and also their work on projects such as Kicksecure and Whonix. Furthermore, it’s clear that Desktop Linux hasn’t been able to combat all the pain points that were mentioned in the article. However, we’ve definitely come a long way since and there’s lot to be optimistic about; secureblue to name a thriving project.

    But, while I appreciate how the article continues to draw awareness to the fact that Desktop Linux isn’t as secure as some like to think, the write-up is ultimately bound to be (severely) outdated at some point. And, perhaps, we might already be past the point in which it does more harm than good…

    Anyhow, I’d like to take this opportunity to promote a platform that actually continues to deliver up-to-date articles about security on Linux: https://privsec.dev/posts/linux/

    • FoundFootFootage78@lemmy.mlEnglish
      1·
      4 hours ago

      Time to distrohop again. Kubuntu’s been irking me for a while and that guide says it’s insecure and CachyOS (though I don’t like the default software suite) has been nice. Though I need to find an alternative distro (don’t trust Red Hat, had a bad experience with OpenSUSE, don’t have the patience to learn Arch).

  • flatbield@beehaw.orgEnglish
    2·
    6 hours ago

    The thing about most default configs of any OS is that user storage is largely accessable to all apps. True of Linux, Android. Windows, …

    Graphene has options to restrict that but you have to set it up that way. Android also has App sandboxing for app data.

    Thinking through the threat model of course is always good as is hardening. All security is porous. Linux is fine generally. If one is exposing services on the public net it is not clear that any OS or software is sufficiently secure, that takes constant effort in terms of monitoring and management.

    • BigHeadMode@lemmy.frozeninferno.xyzOP
      1·
      34 minutes ago

      Graphene has options to restrict that [user storage availability] but you have to set it up that way.

      It’s also a bit of a pain to manage as an end user. I wish it shipped with a toggle that was a step up from stock Android but also not in the way constantly. Like “we went through the top 50 apps on Play Store and FDroid, we classified them as media player, social media, etc., and we made rules for each category that reasonably isolates it while still allowing core functionality.”

  • ISolox@lemmy.world
    43·
    6 hours ago

    Sorry man, your going to get down voted like crazy just because you posted something bad about Linux.

    Good info thoughm