| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA256 |
| 3 |
|
| 4 |
On 21/03/14 17:44, Ján Zahornadský wrote: |
| 5 |
|
| 6 |
|
| 7 |
Indeed, the smaller the surface area, the smaller the target (the |
| 8 |
fewer things running, the fewer things can be exploited). |
| 9 |
|
| 10 |
For an average desktop environment, doing what you're already doing, I |
| 11 |
think, would be reasonably sufficient - provided it's mixed with a |
| 12 |
little common sense (don't grant root privileges to things that don't |
| 13 |
need them; don't use passwords like 'MyPassword'; that sort of thing). |
| 14 |
Having a personal firewall is already probably more than many (albeit |
| 15 |
non-linux) users do (at least of their own accord). |
| 16 |
|
| 17 |
If you wanted to go a little further, you could have a look at |
| 18 |
`qcheck` (app-portage/portage-utils) or even app-admin/tripwire; maybe |
| 19 |
set up a few cron jobs that mail root with warnings or something. |
| 20 |
Otherwise, making sure you don't enable unnecessary services and |
| 21 |
keeping on top of your firewall, log checks and chkrootkit'ing should |
| 22 |
be sufficient. |
| 23 |
|
| 24 |
If you *do* want to go the whole hog, while I'm no expert on it, using |
| 25 |
a desktop environment under the hardened profile can provide some |
| 26 |
challenges, but is indeed doable. Personally I'm currently running |
| 27 |
thunderbird-bin in a kde environment on a custom hardened/kde profile |
| 28 |
that I kludged together (this is Gentoo, after all)! |
| 29 |
|
| 30 |
Ultimately, it's up to you what you feel is appropriate for what you |
| 31 |
expected usage and risk level is. |
| 32 |
|
| 33 |
For reference: |
| 34 |
https://wiki.gentoo.org/wiki/Project:Hardened |
| 35 |
|
| 36 |
Cheers; |
| 37 |
- -- |
| 38 |
wraeth |
| 39 |
-----BEGIN PGP SIGNATURE----- |
| 40 |
Version: GnuPG v2.0.22 (GNU/Linux) |
| 41 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
| 42 |
|
| 43 |
iF4EAREIAAYFAlMsDZAACgkQGYlqHeQRhkwwaQD/fInm5p4rbnoKH3sDIklJvK2e |
| 44 |
/Bud0z1N9QvWXRbDvRUA/i+XYipiYjcMHd+NCduj0AHF/slcb9IJxsfgMon3Tf7h |
| 45 |
=LJ4m |
| 46 |
-----END PGP SIGNATURE----- |
Archives