Quick tips to improve Linux Security on your desktop, laptop, or server (hardening for beginners)

Windows, Mac, Android, are essentially a virus.

Linux is not. It is open source and safe.

I've been using Linux on the desktop for over 15 years with '0' problems

The virus code will target vulnerability "holes" that are in Windows OS,. Virus binaries are ported for Windows PC's because there are simply so much more Windows computers connected/online. Linux being a totally OS running a different kernel, the vulnerabilities are totally different (and much less numerous as well. Virus code binaries will simply not run on Linux, just like a legitimate Windows program will not run on Linux (unless you install Wine, etc etc)...........

I was using iinux on a Mac and wound up getting my wifi hacked by neighbors constantly. i wound up going back to the original MAC OS after this.

I'M DYING FOR THIS ''Inspector Clouseau'' ACCENT...

You won't mind if I skip your bullshit.

Sorry but the command "systemctl" It's not pronounced or named system C T L, it should be referred as "System Control" the command "systemctl" is just an abbreviation of "System Control"

I would be down for a firewall video

This guy be like: "Linux is not that secure". 5 seconds later: "Proton Mail is secure, bla, bla, bla.". Like no dude, e-mail is not a secure protocol. Doesn't matter if you use Proton Mail, TutaNota, whatever. It's all insecure.

I have been using Linux since 2007, I have been hacked really bad more times than I can Count, because I study a little Cyber Security I had to try to figure out how they were doing it each time.
1st time I think was a Download Script in the Browser, 2nd time before I learned how to make my Own Flash Drive of Linux I bought one off Ebay, (Don't do that) 😁 3rd time was from a Wallpaper from a Free Wallpaper site that I Downloaded and used as my Desktop, it had a Script Embedded in it. 4th time was an App that I Installed that had a Back Door in it. I was Hacked Straight through my Network Router once, I was hacked 3 times by something that Specifically Trashed the Linux Installation, I actually think that was the Feds (cause I am a Republican Trump Supporter. ) Another time was an "Update Hook" in the Browser.

Things that I found work really good to Secure my System, Unplugging it from the Network when I am just doing stuff Locally on my System, if you Download Pics off FB or anywhere else CLEAN THEM using XN Convert (also called XN View) this will strip the Meta Data and clean any Scripts embedded inside.
USE THE FIREWALL!
Using TOR as much as Possible Online, in COMBINATION with a VPN, and Most Browsers now allow you to Change the Location inside the Browser as well. That Helps.

When you Download a Program CHECK the NOTES in the Software Center, sometimes it will Clearly tell you "This Program has not been Verified or is Untrusted" I got one through the Software Center that was Bad, just because I didn't READ before I downloaded it. Other Software has a Back Door but as long as you Donate they won't trash your System. 😁
Oh yeah I bought a Keyboard once that had a Rubber Ducky inside it. And I Connected to a Wifi once with my Linux Laptop and the Network Admin had it set up where he Automatically had total Control of your Computer if you Connect to his Wifi. He could see everything you do, and do anything he wanted about it.
Once I had to Ghost my System off the Network because I think some Chinese guy was Hacking me Direct Through my Network. But that makes it hard to Diagnose if you have any Network Issues. Another time Someone was Using FB Instant Messenger to tell WHEN I was Online, because (at that time) Every time I logged into FB I was getting Hacked. I think that was a Pic I Downloaded off FB then they used FB to tell when I was Online so they could Remote Access me. I Think the Pic was actually a RAT.


So from all the stuff I experienced, I feel like if you are going to USE your Computer to Do anything at all, Eventually YOU WILL GET HACKED. It's only a Matter of Time. I feel like part of the Problem is there are Thousands of people out there TEACHING people how to Hack Computers, and No one is spending any time TEACHING people how to Secure their System. Even THIS Video you're going on an on about "SERVERS" Businesses are using Servers and Most Businesses have SOMEBODY on Staff that Went to School to Secure Servers, so,... more than Likely THEY AREN'T WATCHING YOU! I think you need to focus your attention on the USERS. Not SERVERS. (Just My opinion)

Linux has been my o/s since 2003 when I started with Slackware (Dragon Linux, an EXT4 on a FAT-32 system), when I had to learn to turn stuff on to use it. Every time. But I could write DOS batch files that would give me an easier startup... now it's whatever Debian works. And yeah, I like the command line for a server. And a few BSD text games. I'm old. I know what a punch card machine is and how to do a thing or two with ancient 8-bit COBOL... yuck. It is safe to hate COBOL.

Hi Nick, great video as always! I'd definitely love to see a more in-depth video on SELinux, AppArmor and Firewall!

Great stuff and do a video on security settings and all the little in and outs. Just like your normal videos and if need maybe beginner/advanced videos.

Years ago, I used a separate user account for e-mail and a different account for web surfing.

These days, I use QEMU/KVM to separate out based on thread-profile: a VM for banking, VM for interacting with work, VM for e-mail, VM for software development, VM for Amazon, et cetera. The main login has the minimal install. To make the windowing seem more seamless, I use "ssh -Y papasmurf@workvm brave-browser" or "ssh -Y papasmurf@development konsole".

No reason to keep sshd running on your laptop, epecially if you connect it to public wifi

Selinux tutorial YES please 😅

As long as Microsoft and Google can't get their hands on the content of a Linux system, it's secure enough to do its job.

Linux is more secure "out of the box" than Windows. But, security of any system is always primarily dependent on system administration. End-users are typically terrible at system administration, particularly security, which is a much larger issue than you describe.

Linux Distri really needs to put more effort into offering configuration routines that tighten security by asking a series of questions, rather than knowing how to edit an ini file.

Linux more secure than windows or mac OS? hmm i'd say yes and no. Yes is because there aren't many viruses for linux and no is due to how people use it and whta kind of habits they have. How you browse internet,which sites you visit and so on. Human element is key to make your OS as secure possible it is also your OS's well in this case linux's greatest weakness. Since there is not yet trully opensource full featured pdf editor for linux and it's damn shame because it should be there's one way of editing pdf for free. There should be software that can convert pdf to odf or docx so you can dit it in word or writer.

Ask any security engineer how to quantify "Which OS is more secure, X or Y?" Hell, ask anybody. If they attempt to answer the question then they don't understand the question or security.

Great content, You might mention boot hardware keys if their is a part 2

Yes! I’d love to see another video on this please

Proton is not secure....... anyone knows it

Stupid click bait.
The goal is selling software nodoby needs.

GREAT INFO - THANK YOU ! ! ! 👍👍👍

WE need apparmor

Well DUH.

The ignorant, dumb, groupies of either side. cannot deal with the fact that I dump on them:

"If a human made it, another human can break it!!!".

ANY system can be made more secure, but convenience suffers when you need security!

(Deal with it!).

He speaks the truth

Protonmail = honeypot

There are no secure email providers. Period

I need a graphic design app for linux that isnt gimp or inkscape

proton is great

I am using an thinkpad p52. I am planning to install latest version of Linux mint cinnamon. Their are 2 options cinnamon and cinnamon edge, cinnamon edge for latest hardware which one I should choose. I have heard that thinkpad p52 has bios issues. I need to use Nvidia graphics in hybrid like in windows 11. Could any P52 user provide me some info. I am stuck in windows 11 which is tacking lots of unnecessary internet data. I tried to install pop os but from installer lots of bug's.

Great news, Nick. As for Proton Mail and the associated company, they are in no way protecting your privacy and are happy to comply to government or Europol requests. Even their onion site redirects to clearweb. Not the best choice for sponsor, as they clearly lie about their business.

A word of warning from a long time Proton Mail user: make sure you have your password written down somewhere in a secure spot. If you change your password and cannot enter the old password, all your old emails are securely locked away and inaccessible to all, including you, forever.

I mentioned earlier that a "passwordless" key ssh login protects one from a camera recording password entries. I neglected to mention another reason why it's a good idea to use: if routing to your server should ever get compromised, on login you could be talking to a password harvester. With key exchange, your ssh client will say: BS!

That compromise of routing could occur at your ISP, your home LAN, or even over the Internet! There have been cases where large swathes of the Internet got rerouted through rogue countries by means of a compromise of the BGP routing protocol (it had been set up sloppy...)

Regarding the use of keys over STRONG, LONG, AND RANDOM passwords; it's not better. BUT if you are doing logins in a public place, the advantage of passwordless login is a camera can't record your password entry.

selinux: I have a couple of problems with it, even though I stumped hard for Red Hat (before they got taken over by IBM...) One, even though it is open source, it's a standard primarily managed by one company. Because of a lack of linux community participation, I am suspicious about a weakness being in it (either accidental or intentional on some agent's part...) Second, it breaks a hell of a lot of apps; I MEAN A LOT. Even adding rules, you might not cover all future cases. Using selinux for logging, and not have it bar actions? That's better -but then you have a performance hit.

You need to do a video on clevis/tang; it's a fascinating bit of functionality one can add to their server...

Yes, YES - we DO want you to make a video on AppArmor 😜

The problem with Linux security is that it's relative to your skill level. I appreciate you simplifying it with "more servics, more attack surface", that's decent for beginners. But the truth is that beginners should not look towards Linux for security. You can elevate your security a lot on Linux if you learn about things like immutable distros, SElinux/AppArmor, user roles, flatpaks, containers and cgroups in general, and of course good old firewall.

for updates just put it in root's crontab apt-get update && apt-get -y dist-upgrade

I would like to see a video on firewalld, backup software, and logging software/logging analysis software. Thanks.

I was researching a system call restriction of an installed service. I eventually figured it out in the service config permissions, but I had app armor installed it seems like they had some overlap. I would love a video to teach more about both and if they do overlap.

id like the dedicated video im having a hard time with firewall. point is THERE AINT ONE not that i setup!!!!!

A video on Firewall configuration would be nice.

Pass phrase, the key to having a great password. Use 2 or 3 word combos. Thanks thr video covers a lot. Great video.