1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA256 |
3 |
|
4 |
On 21/03/14 17:44, Ján Zahornadský wrote: |
5 |
|
6 |
|
7 |
Indeed, the smaller the surface area, the smaller the target (the |
8 |
fewer things running, the fewer things can be exploited). |
9 |
|
10 |
For an average desktop environment, doing what you're already doing, I |
11 |
think, would be reasonably sufficient - provided it's mixed with a |
12 |
little common sense (don't grant root privileges to things that don't |
13 |
need them; don't use passwords like 'MyPassword'; that sort of thing). |
14 |
Having a personal firewall is already probably more than many (albeit |
15 |
non-linux) users do (at least of their own accord). |
16 |
|
17 |
If you wanted to go a little further, you could have a look at |
18 |
`qcheck` (app-portage/portage-utils) or even app-admin/tripwire; maybe |
19 |
set up a few cron jobs that mail root with warnings or something. |
20 |
Otherwise, making sure you don't enable unnecessary services and |
21 |
keeping on top of your firewall, log checks and chkrootkit'ing should |
22 |
be sufficient. |
23 |
|
24 |
If you *do* want to go the whole hog, while I'm no expert on it, using |
25 |
a desktop environment under the hardened profile can provide some |
26 |
challenges, but is indeed doable. Personally I'm currently running |
27 |
thunderbird-bin in a kde environment on a custom hardened/kde profile |
28 |
that I kludged together (this is Gentoo, after all)! |
29 |
|
30 |
Ultimately, it's up to you what you feel is appropriate for what you |
31 |
expected usage and risk level is. |
32 |
|
33 |
For reference: |
34 |
https://wiki.gentoo.org/wiki/Project:Hardened |
35 |
|
36 |
Cheers; |
37 |
- -- |
38 |
wraeth |
39 |
-----BEGIN PGP SIGNATURE----- |
40 |
Version: GnuPG v2.0.22 (GNU/Linux) |
41 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
42 |
|
43 |
iF4EAREIAAYFAlMsDZAACgkQGYlqHeQRhkwwaQD/fInm5p4rbnoKH3sDIklJvK2e |
44 |
/Bud0z1N9QvWXRbDvRUA/i+XYipiYjcMHd+NCduj0AHF/slcb9IJxsfgMon3Tf7h |
45 |
=LJ4m |
46 |
-----END PGP SIGNATURE----- |