- This topic has 6 replies, 7 voices, and was last updated Nov 11-11:50 pm by wildstar84.
-
Posts
-
zortenusta
Hi, using antiX 22-full here.
I’d like to know which settings you’d suggest to harden antiX against potential attacks of any kind (a bit paranoid with home banking etc. hence full disk encryption, ufw enabled, but wondering if a full install could be reasonably secured as much as a liveUSB mastered with no persistence, without the inconvenience of having to remaster ater each work session).
Also wondering if boot (quite fast) can be speeded up further by cutting on timers (bootup options blue screen/memtest) etc.
Thanks in advance
- This topic was modified 5 months, 4 weeks ago by zortenusta.
sybok
Hi, I’ve never done any hardening.
antiX is based on Debian, thus it is possible that some of the hardening steps may be transferable from antiX to Debian (unless they explicitly involve the init ‘systemd’).
– Close unused ports.
– Disable ping response of your antiX.
– Some people change default SSH port to reduce risk of successful attacks.
– Consider using ‘fail2ban’.
– Consider using ‘firejail’.I would advice against reducing time in boot-up options (significantly); use-case: if you install a new kernel and it does not work, then you may wish to select an older one to boot into instead of the last installed that does not work; a timer too short may make that hard to achieve.
oops
… The first hardening to have is to have a recent kernel, and the recent security updates.
… And good practices for the user. (firejail , bubblewrap, etc, can help too)
… a lot of things are related with this process (too much, even the material, CPU microcodes/patches, etc…)- This reply was modified 5 months, 4 weeks ago by oops.
- This reply was modified 5 months, 4 weeks ago by oops.
olsztyn
I’d like to know which settings you’d suggest to harden antiX against potential attacks of any kind (a bit paranoid with home banking etc. hence full disk encryption, ufw enabled, but wondering if a full install could be reasonably secured as much as a liveUSB mastered with no persistence, without the inconvenience of having to remaster ater each work session).
Precisely for this purpose as you mentioned (banking, etx.) I used to use another distro with hardened kernels in addition to maximized browser precautions, ufw, etc…
However later I found that just nothing beats antiX Live with no persistence plus ufw. Any possible breach can only last until reboot. Want online banking session then just reboot fresh to pristine state.
No persistence is no inconvenience to me. It is an advantage. If I need to make changes then just remaster after thorough testing of changes. If I am not happy with changes then just reboot to return to pristine state.- This reply was modified 5 months, 4 weeks ago by olsztyn.
- This reply was modified 5 months, 4 weeks ago by olsztyn.
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersRantanplan
Hi @zortenusta,
if your PC has enough RAM you can run antiX “toram” (boot options) without mounting any storage device.
AT shutdown, the RAM is cleaned.
And, it could be possible to unplug the usb-key after booting operation : must be confirmed.
Otherwise use a live-CD/DVD and doesn’t mount any storage device.There is a secure-delete package that offers to securely delete not only files and directories but also free space, swap and RAM.
Friendships.
- This reply was modified 5 months, 4 weeks ago by Rantanplan.
Vive antiX !
Vive le Groland !
rokytnji
Unless P3 gear, My antiX boxes with a full iso boot up pretty fast
. My gear aint the most modern here on this forum either. Turn off cups is all I can think of. searching for /dev on boot can’t be tweaked as far as I know. Everyone else covered things nicely.
Sometimes I drive a crooked road to get my mind straight.
Not all who Wander are Lost.
I'm not outa place. I'm from outer space.Linux Registered User # 475019
How to Search for AntiX solutions to your problems
wildstar84
You can also better secure your online-banking by 1) running your browser as a separate (and low-privileged) user (that can’t see your home directory, access your microphone, etc.) and always shut down and restart your browser both just prior to, and immediately following your online-banking session (prevents any cross-site data-leakage). I also recommend installing NoScript and allow cookies for session only. Even better is to also have a separate browser profile for doing security-critical browsing stuff like online-banking.
Regards,
Jim
- You must be logged in to reply to this topic.
