Author Archives: netblue30

GitLab: Tools and Tips: Zoom on Linux

While Zoom works on Linux, the application is not free software. As a result, some might be wary of running this directly on their computer. One way of running Zoom without worrying about what it does is to use firejail.

To use Zoom with Firejail, first install Zoom or download the archive. Zoom offers standalone binaries that you can download should your distribution not have a package for Zoom. Once installed, install firejail.

Once both firejail and Zoom are installed we need two things:

  • A firejail profile for Zoom
  • A directory we can use as the home directory for Zoom, preventing it from messing with your home directory

more

TechRepublic: How to install and use Firejail on Linux

Firejail is a Linux security SUID program that drastically reduces the risk of security breaches by sandboxing the running environment of untrusted applications. Firejail achieves this by using Linux namespaces and seccomp-bpf which allows the attaching of a system call filter to a process and all its descendants, thus reducing the attack surface of the kernel.

With Firejail installed, you can then launch applications from the command line, such that they have a private view of globally-shared kernel resources–such as the network stack. With this addition to your Linux platform, you’ll gain a heightened level of security to an already secure environment.

Firejail is not limited to graphical applications. In fact, Firejail can sandbox servers, GUI tools, and even user login sessions.

Believe it or not, Firejail is incredibly easy to use. I’m going to walk you through the process of installing and using Firejail.

more

LinuxLinks: Essential System Tools: Firejail – Excellent Security Sandboxing


What makes Firejail so special it qualifies for inclusion in our Essential System Tools feature? Above all, it puts users first.

It’s really easy to install and use. More time to spend actually using software. Most people won’t need any custom configuration. There’s a wide range of software which come with sandbox profiles.

The software helps to reduce the risk of security breaches. It’s lightweight and while it uses CPU cycles, the overhead is remarkably low. Firejail sandboxes do not each run their own copy of a full-blown operating system. Instead they operate in a resource-isolated environment created by standard facilities of your system’s existing Linux kernel. As such, despite the high level of protection offered, the overhead of running a Firejail sandbox is extremely low. So your software, including games, run at full steam, unlike a full virtualisation environment.

Firejail is an excellent tool for the security conscious. While it adds a layer of protection, you should use it with other security tools. We use it mainly for web browsing, and to lock down services.

more

FossMint: 15 Best Security Tools You Should Have on Linux

When talking about security many terms come to mind. Hacking, viruses, malware, data loss, etc. Here is our list of the 15 security tools you should be using on your Linux system.

1. Firejail

Firejail is a c-based community SUID project that minimizes security breaches by managing the access that applications using Linux namespaces and seccomp-bpf run.

Firejail can easily sandbox server, GUI apps, and login session processes and because it ships with several security profiles for different Linux programs including Mozilla Firefox, VLC, and transmission, it is simple to set up.

more

TecMint: Firejail – Securely Run Untrusted Applications in Linux

Sometimes you may want to use applications that have not been well tested in different environments, yet you must use them. In such cases, it is normal to be concerned about the security of your system. One thing that can be done in Linux is to use applications in a sandbox.

“Sandboxing” is the ability to run application in a limited environment. That way the application is provided a tighten amount of resources, needed to run. Thanks to application called Firejail, you can safely run untrusted applications in Linux.

Firejail is a SUID (Set Owner User ID) application that decrease the exposure of security breaches by limiting the running environment of untrusted programs using Linux namespaces and seccomp-bpf.

It makes a process and all its descendants to have their own secret view of the globally shared kernel resources, such as the network stack, process table, mount table.

more

Linux Foundation: Linux workstation security checklist

This document is aimed at teams of systems administrators who use Linux workstations to access and manage your project’s IT infrastructure.

If your systems administrators are remote workers, you may use this set of guidelines to help ensure that their workstations pass core security requirements in order to reduce the risk that they become attack vectors against the rest of your IT infrastructure.

Even if your systems administrators are not remote workers, chances are that they perform a lot of their work either from a portable laptop in a work environment, or set up their home systems to access the work infrastructure for after-hours/emergency support. In either case, you can adapt this set of recommendations to suit your environment.

more

Linux Security 101: Hardening Your System for The Common Geek

Firejail Download page

This guide will be a beginner-friendly walthrough of hardening your Linux system. This does not have to be done all at once. Feel free to ease into it–or take it even further as I’ll also be providing recommendations for more advanced users throughout. Just go at your own pace, crank up some music, and makeit your own.

My goals for this guide:

  • Demonstrate how to achieve excellent security without impeding usability
  • Introduce newbies to Linux security basics
  • Provide plenty of information for more seasoned Linux users
  • Make the hardening process smooth and streamlined

    more