When talking about security many terms come to mind. Hacking, viruses, malware, data loss, etc. Here is our list of the 15 security tools you should be using on your Linux system.
Firejail is a c-based community SUID project that minimizes security breaches by managing the access that applications using Linux namespaces and seccomp-bpf run.
Firejail can easily sandbox server, GUI apps, and login session processes and because it ships with several security profiles for different Linux programs including Mozilla Firefox, VLC, and transmission, it is simple to set up.
Video by Null Byte, Youtube
Video by Joe McEntire, Youtube.
How to set up the most ridiculously secure browser I’ve ever seen! Uses Debian 9, Firefox 58.0.2, and Firejail
Sometimes you may want to use applications that have not been well tested in different environments, yet you must use them. In such cases, it is normal to be concerned about the security of your system. One thing that can be done in Linux is to use applications in a sandbox.
“Sandboxing” is the ability to run application in a limited environment. That way the application is provided a tighten amount of resources, needed to run. Thanks to application called Firejail, you can safely run untrusted applications in Linux.
Firejail is a SUID (Set Owner User ID) application that decrease the exposure of security breaches by limiting the running environment of untrusted programs using Linux namespaces and seccomp-bpf.
It makes a process and all its descendants to have their own secret view of the globally shared kernel resources, such as the network stack, process table, mount table.
This document is aimed at teams of systems administrators who use Linux workstations to access and manage your project’s IT infrastructure.
If your systems administrators are remote workers, you may use this set of guidelines to help ensure that their workstations pass core security requirements in order to reduce the risk that they become attack vectors against the rest of your IT infrastructure.
Even if your systems administrators are not remote workers, chances are that they perform a lot of their work either from a portable laptop in a work environment, or set up their home systems to access the work infrastructure for after-hours/emergency support. In either case, you can adapt this set of recommendations to suit your environment.
Firejail Download page
This guide will be a beginner-friendly walthrough of hardening your Linux system. This does not have to be done all at once. Feel free to ease into it–or take it even further as I’ll also be providing recommendations for more advanced users throughout. Just go at your own pace, crank up some music, and makeit your own.
My goals for this guide:
Demonstrate how to achieve excellent security without impeding usability
Introduce newbies to Linux security basics
Provide plenty of information for more seasoned Linux users
Make the hardening process smooth and streamlined
Once you’ve installed Ubuntu with security in mind and reduced the possibility of network attacks on your system, you can start thinking about security on an application level. In the event that a malicious file is opened on your system, will an attacker be able to access every file on the computer? The chances are much slimmer if you put the proper defenses in place.
In this third part to our mini-series on strengthening your primary Ubuntu installation, you’ll learn how Ubuntu package repositories work, which repos you should avoid, and how to update. Also, you’ll see how to import additional AppArmor profiles to limit resources that apps can use, as well as create sandboxes to completely isolate unsafe applications from the operating system.