Can you do a secure Linux guide, in multiple tiers. Home user basic, home user advanced, crazy person that implements enterprise security at home.

It seems corporate backed distros like Fedora are more concerned about security. They have SELinux and firewalld configured by default and I think they also have a decent score on audit tools like lynis. Also they were one of the first to set Wayland as default on GNOME and KDE.

At least with Linux you don`t need to fight like with Windows, that have bulit in malware from Mocrosoft.

Greatly appreciated Chris Titus on information about Linux understanding

No root password on the Steam Deck means that you can't use a password to access the root account remotely. It's not the same as having a blank password. While that one setting isn't a golden ticket to security, it's wrong to say that particular decision is insecure. Any machine is hackable if you have unmonitored physical access to the box. While it would be nice to ask users to set their user name and password on first login, they don't enable ssh out of the box and expect most users to leave it default. This combination means that physical security is the only thing the user has to worry about.

I'll argue that most Linux distros are more still more secure by default from the start, lacking a registry that can be attacked and malwared to do big harm (yes, Linux HAS a registry, but it works much differently than in Windows and never posed as a security feature, unlike Windows Registry which was supposed to be a security feature, and STILL is insecure), the root/user logins being active by default to limit users in ways Windows UAC can't (if users can't install software, change the software settings, or delete it you won 90% of the battle already regardless of OS); the relative lack of malware that attacks Linux compared to Windows malware still being created, and the Linux file structure itself that limits damage because user applications install differently than in Windows so if they get corrupted or attacked the OS itself doesn't go down with it. (I never went that deep on my old Mac, so I'm leaving them out of the discussion). AND YES, the other steps Chris said are important: firewalling, passwords/biometric log-ins, and root vs. user accounts. Any hardware/gaming box maker or user that doesn't do them should be sternly lectured until they repent and sin no more. I have root and user accounts as the the sole user, and I have to use a password to log in. My laptop firewall is always on regardless of where I am (by the way try testing your firewall at the Shields Up! website; you might be surprised what you find out). And if you're at home, is your modem/router's firewall set for high security? How about your Wi-Fi devices?? With Internet providers allowing people to use your modem for mobile access without your express permission, you might want to check those firewall and security settings as well because we all know your cable/ISP provider would NEVER place YOUR privacy at risk by setting everything at the lowest-possible security level...🙄

linux is about freedom, and if you care about security you have the freedom to secure it but most users dont really care about computer security enough to act on it.

This is why for those who do not want to config everything, distros like Fedora come pretty hardened out the box.

I put my Downloads folder on an extra partition, mounted it w/ "noexec, nodev, nosuid" flags and run internet-facing applications within flatpak/firejail.

Could you make a tutorial on "how to stay safe on Linux for dummies"? I would love to switch to Linux but I don't know what I'm doing and I bet there are decent "out of the box" solutions that would not require to dig deep on the ecosystem to just use it as a normal daily OS.

What how about making a video on how to protect to the maximum in linux?

I'm not a linux newbie. I have been using it for many years. I've learn many security measures to use in linux. Sure nothing is guaranteed, but i feel my linux system is quite secure.

when people talk about security on Linux, its generally concerning malware, not sudo rm -rf /*

First thing to do on Arch is change the umask. I use 027 as a compromise between convenience and security. I really wanted to set up AppArmor, but I couldn't figure out how to properly do it, especially as I have an unconventional filesystem layout with additional highly vulnerable locations. SELinux seems even worse. As it is, I use half-broken firejail configs for some stuff, and the rest I just use Flatpak for, minimizing the perms with Flatseal and hoping that's sufficient. Also I only use Wayland, and I use doas instead of sudo. I really should fix this... Regarding the steam deck, it should just have a console-unique password printed inside the box or in the manual or whatever

Question: is it necessary to encrypt my Linux upon install if it's a desktop, or is it just superfluous?

I didn't hear anything about why linux isn't secure by default, or why arch is less secure than windows, just because a distro doesn't use apparmor doesn't mean its not secure by default, that's like saying if you don't wear a seat belt in a truck you're just as likely to injure yourself in a crash as you would be if you didn't wear a seat belt in a car.

Did someone tell the guy in chat talking about grub2 being used only by RHEL that in most distro "grub" is grub2 by default and that the old grub is now referred as grub legacy? Jeez, there's already enough misinformation around

just dropped into say your hyprland videos were the best and are missed

Most distros do these things like default

There is a linux firewall that controlls everything? Similar to simplewall?

I'm not aware of any major Linux distro stock install that will pass lynis on initial install.

This person's attempt to sound knowledgeable about Arch has backfired somewhat. "I would take Mac or Windows over a stock Arch implementation any day of the week. Arch is extremely insecure by default. Most times they don't even have App Armor installed." "Most times they don't even have App Armor installed"?! While this is technically true, the stock Arch installation includes almost nothing by default. Not even a basic text editor is installed by default. Not even a bootloader is installed by default! Out of the box, it is not a ready-to-use system like MacOS or Windows. Arch is meant to be built up by the user with whatever applications and configurations are needed or desired. In the case of Arch, the absence of software installed by default is representative of user choice. If someone wants to use a firewall then they can install it along with the other packages they will need. Being critical of the applications that are not installed by default is missing the point somewhat. Ultimately it is up to user choice how secure or insecure an Arch installation will be.

portmaster is important too .

Very True...

install linux and then secure it before connecting to the internet which is impossible if you don't have the software already downloaded--huh ?

thanks

Wait a minute... From a technical point of view, arch linux might be more insecure than windows or mac, if you don't adjust anything, but in real life it's just not like that, right? How often are Windows and Mac patched, how often Arch? How many viruses are there for linux globally, and how many for the other two systems? I would always choose Arch, which my grandmother set up, rather than Windows or mac... Thank you! :)

Linux is always secure compared to WINDOWS. The security holes are the browsers and any other software that connects to the internet.

Idk.. I'd rather just use windows and not deal with all of this

I got a question man. I was hacked bout a week ago. I changed all passwords and reset my p c is there anything else I need to do😊

The problem is that if a Linux system is infected by a Windows virus, it can infect Windows systems WITHOUT its user knows. I wish there could be an open source REAL TIME AV software for Linux. Not clamAv... I mean real time security.

which AV software do you recommend for a W11 user?

If it is not a secret, what are some few simple steps to make Linux more secure ? To call/pay a Linux server administrator ?