Linux Hardening Guide

A reader sent me a link to what appears to be a very comprehensive Linux Hardening Guide by 'madaidan'.

I'm not exactly sure what to think about the author as far as their technical knowledge since they promote some stuff i do not necessarily agree with, such as using Tor instead of a VPN. The author is completely correct in that there are risks to be assumed with any VPN, however i believe, and i think the evidence dictates, that the same is true with the Tor network (see here and here for instance). Also the author complains about Firefox's security, yet the Tor browser is a fork of Firefox.

The author also makes some potentially sketchy claims regarding Android, stating that "The best option for privacy and security on Android is to get a Pixel 3 or greater and flash GrapheneOS".

From everything i understand, exactly none of the mainstream phones can be considered privacy or security friendly as long as the baseband firmware shares the same memory as the user-facing OS, nor can they be made to be so. Contrary to the authors advice, i would recommend, a) ditching your mobile if at all possible or, b) considering devices from PinePhone and Purism where the proprietary baseband firmware is isolated from the OS and which have hardware switches to actually (really) power off certain components. The author recommends to avoid these devices, but i'm not sure how strong of an argument they make and the arguments miss many other advantages of such devices.

Commenting in an area i know a bit more about, the author states, "You cannot configure your browser to prevent tracking either. Everyone will configure their browser differently so when you change a bunch of about:config settings such as privacy.resistFingerprinting and pile on browser extensions like Privacy Badger, you're making yourself stand out and are effectively reducing privacy."

That's a very crude statement in my opinion. First of all i personally don't recommend Privacy Badger. Secondly, standing out (appearing unique to a web server) is not a bad thing as long as the browser fingerprint isn't static. Firefox has many preferences other than privacy.resistFingerprinting which can be leveraged to make it more privacy and security complaint. I maintain two guides if interested.

All that said, the Linux Hardening Guide may indeed be a great guide and i think it's certainly worth a read.

2 thoughts on “Linux Hardening Guide”

  1. Thank you, I am a Linux user (Manjaro), so this guide will be helpful.
    You say: “as long as the browser fingerprint isn’t static”, I follow your guide, but I don’t see how I can have a less static fingerprint…

Leave a Reply

Your email address will not be published. Required fields are marked *