Welcome!

The kernel problem with recent updates has been solved. Find the solution here

Important information
-- Required MX 15/16 Repository Changes
-- Information on torrent hosting changes
-- Information on MX15/16 GPG Keys
-- Spectre and Meltdown vulnerabilities

News
-- Introducing our new Website
-- MX Linux on social media: here

Current releases
-- MX-18.3 Point Release release info here
-- Migration Information to MX-18 here
-- antiX-17.4.1 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

Looking for Advice to Secure MX Linux Installation

skidoo
Forum Guide
Forum Guide
Posts: 1446
Joined: Tue Sep 22, 2015 6:56 pm

Re: Looking for Advice to Secure MX Linux Installation

#11

Post by skidoo » Fri May 17, 2019 11:10 pm

AK-47 wrote:
Fri May 17, 2019 5:41 am
remove tumbler/tumblerd
I hear ya (purging tumbler-common will rid all the dependants) but I regard gvfs as a more significant "soft spot". Last I checked, any data/metadata written into the gvfs datastore by an app running as your user, can be read by any other gvfs-aware app launched by your user. Example: user installs "Gnome Maps" ~~ upon each launch, without gaining informed consent (and, in fact, performed entirely out-of-band) it retrieves gvfs-resident geoclue data and transmits your gelolocation to a "partner" remote server. The plausible deniability (er, rationalized justification) for this default behavior:
"user might want to view a 'YouAreHere' local map so, forYourConvenience we preload and cache a 'here' map"

____________
related:
GECOS
accountsservice
^----- known, predicatable, location ripe for exfiltration of personal details via accountsservice -enabled apps (or their plugins//addons)

User avatar
pedaltothemetal
Forum Novice
Forum  Novice
Posts: 2
Joined: Fri May 17, 2019 3:43 am

Re: Looking for Advice to Secure MX Linux Installation

#12

Post by pedaltothemetal » Sun May 19, 2019 1:13 pm

Thank you for the amazing suggestions everybody. You guys are amazing for sharing these great tips. I just had a few more questions:

1. I'm curious what everyone out there is using for antivirus/antimalware protection?

2. On a similar note, I read that Linux Mint was hacked a few years ago and that malware was uploaded to their servers. What kind of measures does MX Linux have in place to prevent this kind of problem? Does MX Linux receive all its updates from Debian's servers?

3. I see that the install CD gives me two install options: the GUI and Customize Boot (Text Menus). I'm thinking of using the GUI install and wondering if GUI install will minimize unnecessary packages? I just want to make sure that I don't accidentally turn on an unnecessary Linux services.

I'm mainly using my machine for documents/spreadsheets (Libreoffice) and web browsing, and no file shares so I know I don't need to install Samba. Thanks again for all the great advice.

skidoo
Forum Guide
Forum Guide
Posts: 1446
Joined: Tue Sep 22, 2015 6:56 pm

Re: Looking for Advice to Secure MX Linux Installation

#13

Post by skidoo » Sun May 19, 2019 7:51 pm

1) No "antivirus" in use here (nor any anti-deer whistles glued to my truck fenders).

2) What measures are in place? All of them. Thank you, please drive thru.
The packages are cryptographically signed by the packagers, and are delivered via https transport...
Any deeper explanation of under-the-hood details, or any handwringing regarding potential "repo getting hacked", is unwarranted here.

3) regardless which installer you use... post-install yer gonna launch the terminal command "sysv-rc-conf" and VERIFY which services have been configured to autostart, right? So, "which installer" is moot.

Regarding samba, it probably needs to remain "installed" (UNinstalling it would also cause removal of quite a few of its dependant) but its associated services can be set disabled.

Post Reply

Return to “Software / Configuration”