The Biggest Linux Security Mistakes

Chris Titus Tech
Chris Titus Tech
160,716
0
Published 2022-08-03
Security is a journey, not a destination

So after making a couple videos showing how to increase performance in desktop computers running Linux, I was overwhelmed by the sheer scale of comments worried about mitigations. If you are worried about that, you should be even more worried about the things below.

Website Guide: christitus.com/linux-security-mistakes/ .

►► Digital Downloads ➜ www.cttstore.com
►► Reddit ➜ www.reddit.com/r/ChrisTitusTech/
►► Titus Tech Talk ➜ youtube.com/c/TitusTechTalk
►► Twitch ➜ www.twitch.tv/christitustech
All Comments (21)
  • @ChrisTitusTech
    Now, I should say most desktop linux don't have these things configured because it WILL block things and applications good or bad. However, if you are security concise, it will be worth configuring these things in your system to open up any application that wants to use the internet. Article from Video: christitus.com/linux-security-mistakes/
  • @winstonsuny
    Mr. Titus, I watch all of your videos. I am battling stage 4 cancer, and I keep my mind off it with your fantastic computer insight! Thank you!
  • @andrzejsoporowski4549
    Chris, thanks for the info, but before we can talk about individual computers on local network and their security we need to have a conversation about the most important device on your intranet: the router. This is a first line of defense and if it is not secure then your entire intranet is not secured. Please make a video about that.
  • @BlissfulCounterstroke
    Great video, thank you! I'm currently a Junior Penetration Tester, and I think this touches on something we don't generally get taught. Load up Kali, fire off nmap, poke a few ports and send off a fairly standard report full of accepted mitigations. More videos on general hardening for Mac, Linux and Windows (I know, Windows will take years off your life) would help to give something different back to clients on top of the usual advice. I don't know anyone at work who's ever mentioned it.
  • @ryanhere7693
    Selinux is enabled by default in Fedora workstation it's not in permissive mode and the rules these days are generally pretty decent so you typically don't get spammed with alerts anymore. In terms of firewall, as a lot of people have already mentioned, Fedora comes with firewalld enabled and configured, you just need to set the profile (in KDE you can do it directly from the NIC configuration) and you can configure additional rules if needed using the firewall-cmd command
  • @AdenMocca
    On the firewall - Fedora should come with firewalld / firewall-cmd running with FedoraWorkstation zone as the active zone. Using UFW on top of that wouldn't cause a conflict? I like UFW, but have been using / learning firewalld - usually I set a workstation to the 'public' zone which only has limited services.
  • @nemonada3501
    Thank you. It's awesome to see someone make a basic "hardening" video for Linux. There's not many creators I've found do a "for dummies" video yet. Legend.
  • @mk72v2oq
    I don't think regular users need to open any ports at all. They don't run web servers (80, 443) on their desktop computers and probably don't run ssh server (22) too. So its better to just deny all incoming ports without exceptions by default. And the techy people who does run servers, certainly already smart enough to open required ports.
  • @OcteractSG
    Chris, Fedora comes with a firewall already—firewalld. Could you show us how to use what the operating ships with instead?
  • @arnoudrattink1572
    Before installing a firewall check if it is usefull. Do a portscan like this: 'lsof -i -P -n | grep -i listen'. This shows a list of all listening (ie open) tcp ports on your system. On my standard Ubuntu system this list is empty. So there are no open ports and installing a firewall is rather pointless.
  • @MouseHunteR77n
    I learned a lot from you keep doing everything you're doing YouTube Chris
  • @Esteban7GT
    Thank you! I was looking for something like this!
  • @ArniesTech
    SELinux and AppArmor are standard in OpenSUSE and Fedora. Two very enterprise focussed distros 💪😌
  • @MarceloCamargobr
    I'll take a look at that apparmor docs right away. Thanks for the heads up Chris! ✌😎
  • @radumamy2000
    Hi Chris. Thanks for the video, excellent work. Perhaps Safing Portmaster is a better firewall option for desktop users as it's got an excellent gui and can easily block individual apps.
  • @code8986
    Hi Chris, thank you for these great tips. Can you do a video (or two videos, one on each) about how to configure and use SELinux and AppArmor?