Potential topic: Desktop security
Bernie Hoefer
LUG-Member at TheMoreIKnow.info
Mon Dec 2 11:05:06 EST 2024
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2024-10-05 15:56 UTC-05:00, David Spoelstra wrote:
===
> I've been seeing more and more warnings about linux desktop
> vulnerabilities. I've turned on my firewall (ufw) and any other
> suggestions I've read.
===
David, I deeply apologize for not chiming in sooner. I saw your message come into the list but was still catching up from a business trip and then preparing for my next one! After that, your message just got lost in the shuffle. :-(
Making sure that you keep up-to-date on any errata published for your desktop GNU/Linux distribution is my 1st suggestion. Although a firewall will protect from outsiders accessing network ports, that doesn't protect you if you want a port to be accessible but the daemon is vulnerable. (For example, my laptop has SSH open, even when I'm not on my home network. I feel safe doing that because I've configured it to disallow logins via password; I have to be using my SSH key if I am to get in.)
In additional to configuring your firewall, I'd suggest also enabling SELinux. Unless you are using 3rd-party applications from 20 years ago, SELinux configurations are no longer an after-thought and it (mostly) "just works" on my personal machines. (Yes, every once-in-awhile I'll get a denial after updating a package because the developer made a mistake -- but those are easily overcome.)
Erik Montemer's suggestion for using OpenSCAP to evaluate your desktop according to the DISA STIG is a good one, though I more generally think of it for servers... But upon reflection, I don't see why it couldn't be used on a desktop or laptop.
===
> Is there anyone that can give a comprehensive presentation on linux
> desktop security?
===
You may want to ask both this month's (i.e. December's) and January's presenters about that at those respective meetings. While the December topic focuses on RHEL, I'm sure speaker Joshua Loscar has opinions on desktop security. And January's Greg Scott will be speaking on security, in general, and I *know* he has opinions there! :-)
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQQepgJdnfsiTmnUzg5yQaapRGpvkwUCZ03apwAKCRByQaapRGpv
kyE1AJwN4shrPUVuJ6lkpdF4Om2YcXNW5gCgmrnoeWwTN/OiY4WcRJVCN3VVtOQ=
=f/ts
-----END PGP SIGNATURE-----
More information about the cinlug
mailing list