Last updated: 26/1/2021

Harden Linux System

make your system more secure

reclaimer: this guide will teach you how to make your system a lot more secure, but bare in mind that you will sacrifice usability of your system, I don't recommend doing it in your day to day work machine, but rather to your remote server that is remote and publicly available. but there is some options you can use them in your desktop also.

Encrypt Disk

install cryptsetup

doas pacman -S cryptsetup

format the hard drive

doas cryptsetup luksFormat /dev/sda1

open and put a file system on the partition.

doas cryptsetup luksOpen /dev/sda1 sda1
doas mkfs.btrfs /dev/mapper/sda1

mount the partition

doas mount /dev/mapper/sda1 /mnt

SELinux

enable se linux and confine all suspicious apps.

Firewall

block all incoming connections

# Set default chain policies
doas iptables -P INPUT DROP
doas iptables -P FORWARD DROP
doas iptables -P OUTPUT ACCEPT

# Accept on localhost
doas iptables -A INPUT -i lo -j ACCEPT
doas iptables -A OUTPUT -o lo -j ACCEPT

Firmware

before your system booted, you need enter your bios menu, it depends on the manufacturer, and it defers from machine to machine, and you should find a config option there that let's you set the password

Bootloader

you should also set a bootloader password.

Permissions

some files on the system has broad permissions, you need to make files accessible only by the owner

umask 077