Windows refugee here. I’m planning to move to Linux Mint but want to make sure I don’t do something stupid, as I’m unfamiliar with the Linux operating system.
I found this link with 10 tips to secure Mint.
Is this a good list? Anything else I should do to secure a Mint install?
Thanks for helping a noob!
GNU-Linux hardening is useless
https://madaidans-insecurities.github.io/linux.html#hardening
GNU-Linux hardening is useless
This opinion isn’t shared by the author in their actions, as they are known for their contributions to Whonix; both as a security researcher (by their own admission) and (are to this day accredited) as a developer.
Not that the author is necessarily off-base, but that blog post is almost three years old. Tech and software evolve fast, and I would hazard a guess that at least a few of their gripes have been addressed by now. Additionally, due partly to the success of the Steam Deck, Valve has officially partnered with Arch and it’s throwing some of their considerable resources into Linux development.
I also noticed that they barely mentioned SELinux or AppArmor, and they probably didn’t know about immutable distros (which didn’t really exist, yet). It’s fair to say that Linux isn’t the gold standard of good security, but the post reads like someone with a beef and not someone trying to inform by presenting a skeptic’s take (indeed, they seem to gush over Windows and MacOS).
They finish by name-dropping a few people with a vested interest in security, and they’re practically begging the question in doing so. If the facts don’t stand on their own as the author has presented, why should I listen to strangers who allegedly share the same opinion? That’s not how consensus is formed.
I guess what I’m trying to say is, an old article about the state of Linux Security should be assessed within a modern context if we’re to apply it to current software.
Hardening is not useless, but it doesnt fix the architectural issues with Linux and its outdated threat model. That article says the same thing. It isnt an all-or-nothing situation, hardening still improves Linux security. Projects exist like SELinux, Bubblewrap, Crablock, Sydbox, and Landlock. Efforts to harden GNU/Linux have been made, like Kicksecure (Debian) and Secureblue (Fedora Silverblue), which protect against many threat vectors, but not perfect obviously.
Escaping Bubblewrap sandbox
I watched the video. Yes, if your sandbox config is weak then it will allow sandbox escapes. I agree the should default should be a secure sandbox. Bubblewrap offers the opportunity to shoot yourself in the foot. Look into the others tools I mentioned if you want to see different implementations. Sydbox is the one I think is the most interesting.
