this post was submitted on 29 Dec 2023
33 points (100.0% liked)

Arch Linux

7759 readers
2 users here now

The beloved lightweight distro

founded 4 years ago
MODERATORS
 

I have my firewall configured pretty restrictively. I am attempting to configure AppArmor but it seems to complicated.

How do you secure your desktop?

you are viewing a single comment's thread
view the rest of the comments
[–] throwawayish@lemmy.ml 6 points 10 months ago* (last edited 10 months ago)

But that's the nature of the beast. Unless one defines their threat model^[1]^, there's an ever-expanding list of improvements one might apply to enhance security; with -at some point- (mostly) diminishing returns and we've yet to talk about the amount of comfort that's sacrificed along the way. Therefore, before you do anything else, define your threat model. Afterwards, try to apply step-by-step whatever is required to protect your assets to a degree you're comfortable with^[2]^. If, however, this seems like too much work for you, then consider either one of the following:

  • Just go on with your life as if you hadn't become security-conscious. If you're just a random person that doesn't store anything valuable on their device in the first place and isn't a possible target to more sophisticated groups for whatever reason, then even in the worst-case scenario you can just reinstall your system and be done with it (assuming your home network hasn't been affected by malicious actors).
  • Reconsider how you want to consume Arch and if Arch Linux is even the right distro for you. Distros like Fedora and openSUSE are better known for maintaining good security defaults and try to ever improve themselves in this regard. Sure, sometimes some of these changes are applied to Arch as well. However, by its very nature, Arch Linux is more akin to a blank slate.Thus, if you actually know what you're doing, then it's easier to get Arch Linux to wherever you want^[3]^. But, becoming that knowledgeable is easier said than done.
  • If you really like Arch, but also really care about your security, then it's probably best to look into the most impactful changes (security-wise) with the least amount of work associated to it. Simply not using packages from the AUR is one such change for example, if you can afford it...

  1. Digital security and/or cybersecurity is actually just one part of it.
  2. In terms of initial setup, (possible) maintenance and lost comfort.
  3. This even applies to hardening your system.