ADDICTIVE TIPS: How To Set Up Firejail On Linux

Linux has a reputation of being fairly secure, and out of the big three operating systems it runs into far less issues when it comes to privacy. Still, as secure as Linux can be, there’s always room for improvement. Introducing Firejail. It’s an application that allows users to take any running app, and “jail it”, or “sandbox it”. Firejail lets you isolate an app and prevent it from accessing anything else on the system. The app is the most popular program sandboxing tool on Linux. It is because of this, many Linux distributions have decided to ship this software. Here’s how to get the Firejail on Linux.

more

Advertisements

SCIP: Firejail – A Human Tool to Control Software

Securing a computer does not end at the Ethernet port. Once installed and trusted, a piece of code is basically free to access a lot of resources not really necessary (think of X).

This overexposure has become critical with container technology, where the border between the resources and virtual resources may be very confusing.

Using Firejail is a quick-win for each application, especially for browsers without sandboxing. It is easy to use and configure, and the impact on the system is very small.

more

raspberrypi.org: How to install Firejail and sandbox any app

Originally designed to sandbox Firefox, Firejail can sandbox any app, or service (including Google Chrome, Chromium-Browser)

If Firejail is not in your repo, download:

wget http://mirrordirector.raspbian.org/raspbian/pool/main/f/firejail/firejail_0.9.44.8-1_armhf.deb
sudo apt-get install libapparmor1
sudo dpkg -i firejail_0.9.44.8-1_armhf.deb

This version of Firejail (on the repo servers, but not in my Jessie repo “apt-cache search firejail”) must have been compiled with –enable-apparmor as it requires libapparmor1 (which is in the repo).

more

LinuxAndUbuntu: Firejail – A Namespace Separation Security Sandbox

Linux distro is mostly loved for its security features. When we people want more security we use TOR and VPN. Today I am going to tell you about an application called Firejail that helps to protect your personal files via sandbox technique.

Firejail is a sandbox application built for Linux distros which uses the capabilities of Linux kernel to use namespace separation. In the simplest sense, apps launched through Firejail cannot access your personal files on your hard drive. Isn’t that cool? Cool and safe!

Firejail is easy to setup and also very easy to use. You can go either by command line version or UI version. I have got both of them covered. Try anyone you like.

Firejail GUI interface on Linux Mint

Firejail GUI interface on Linux Mint

more

Make Tech Easier: 5 Must-Have Security Tools for Your Linux PC

Some people are, rather falsely, under the impression that just because they use Linux they don’t need to worry about security. Sure, Linux doesn’t suffer from the same types of security issues and prevalent malware that Windows does, but that doesn’t mean that Linux users can neglect their systems and expect to be secure.

These five tools are absolutely essential for Linux desktop users. If you’re running a server, there are more. This guide doesn’t present them in any particular order because they all serve different and arguably equally important functions. Plus, they are all free and open-source software. So if you aren’t using any of these on your Linux desktop, start now.

more

Ars Technica: How to build your own VPN if you’re (rightfully) wary of commercial options

In the wake of this spring’s Senate ruling nixing FCC privacy regulations imposed on ISPs, you may be (even more) worried about how your data is used, misused, and abused. There have been a lot of opinions on this topic since, ranging from “the sky is falling” to “move along, citizen, nothing to see here.” The fact is, ISPs tend to be pretty unscrupulous, sometimes even ruthless, about how they gather and use their customers’ data. You may not be sure how it’s a problem if your ISP gives advertisers more info to serve ads you’d like to see—but what about when your ISP literally edits your HTTP traffic, inserting more ads and possibly breaking webpages?

With a Congress that has demonstrated its lack of interest in protecting you from your ISP, and ISPs that have repeatedly demonstrated a “whatever-we-can-get-away-with” attitude toward customers’ data privacy and integrity, it may be time to look into how to get your data out from under your ISP’s prying eyes and grubby fingers intact. To do that, you’ll need a VPN. more

TechRepublic: Linux’s X.org server is vulnerable. Here’s how to stay safe.

The Linux operating system is known for security. From the bottom up, Linux was designed to be a platform to be trusted. There is, however, one weak link in the chain. This weakness didn’t just appear, nor is it considered a security bug on any given radar. What I’m talking about is the antiquated X11 Window server still found in use on most Linux distributions.

For those that don’t know, X was originally designed and released in 1985 and X11 in 1987. X.org replaced X11 and was originally released April 6, 2004. When X was originally conceived, the computing world was in a completely different state. Both X and X.org lack a few very important security features that are critical for modern era usage and hardware:

  • All X applications have access to everything on your screen
  • All X applications can register to receive every keystroke, regardless of which window said keystrokes are typed within
  • Applications such as browsers can be remotely controlled such that keystrokes can be forged as if the user were typing them
  • The xhost + option can completely disable any security on the display

more