Linux is secure, right? It’s certainly more secure than Windows in a lot of ways, but it’s not impervious to attack. There is always a trade-off between security and usability, but how far can you really go to secure your operating system without seriously compromising its usability?
If you get compromised the damage is already done, it really doesn’t matter which operating system you run. Firejail allows you to mitigate this risk, but will it keep you secure without making your system unusable?
What Is Firejail?
Firejail is a sandboxing utility that allows you to run un-trusted applications within Linux in an environment that has restricted privileges.
Firejail prevents applications from accessing parts of the system that they shouldn’t be able to. So it allows you to load unfamiliar applications safe in the knowledge that even if they are malicious or compromised, you’re still safe.
If an application does become compromised whilst running in a Firejail sandbox, only that application is affected, not the rest of the system.
So you can then take steps to contain and clean the virus without worrying about your important data.
To install Firejail in Ubuntu, all you need to do is run the command
sudo apt-get install firejail. You will need to download the appropriate package from Firejail’s Souceforge page if you are running a different flavor of Linux.
We will also be installing a GUI utility for Firejail, called Firejail Tools, which makes Firejail much more simple to use.
You can use Firejail via the terminal or by using the GUI we just installed. I’ll show you how to do both.
Using the Terminal
Using the terminal to run a Firejail application is really simple. All you have to do is run the command
firejail [application-name]. So if you want to run Firefox in a sandboxed environment, you would run
Typing Ctrl + C will then cancel the process and close Firefox.
(It’s worth noting here that many people are under the misapprehension that Firejail is only intended for use with Mozilla Firefox. In fact, it can work with many other applications.)
Using the GUI (Firetools)
Using the terminal is extremely simple, but many people prefer to use a GUI instead. We have already installed Firetools, so all you need do is run it from your application menu.
Once loaded you simply click on the application you want to run from the red Firetools box. You can add additional applications by right clicking on Firetools and selecting Edit.
You will then need to give the new application a name, description and enter the terminal command you would run for Firejail. In this example, I’m adding the file browser:
Uses for Firejail
At this point you may be thinking, “So what?” I mean, what’s the point in having all this sandboxing mumbo-jumbo, right?
Firejail is not just for those of us who don a tinfoil hat every time we boot up our machine. It does have a number of real world uses:
- Email is one of the most common ways to get a virus. Email addresses can be easily spoofed, making it a common attack vector. Running your email client from inside a Firejail sandbox means you wouldn’t need to worry about getting infected.
- Downloading a torrent isn’t always safe. Are you sure you know where it has come from? Running Transmission in a sandbox environment could mitigate that risk.
- Adding a malicious payload to a PDF is very simple and quite common. Using Firejail to sandbox your PDF viewer could be really useful.
As you can see, sandboxing your apps with Firejail could prove very useful.
How Do I Know It’s Working?
Whether or not Firejail is working is something you really don’t need to worry about. That’s the beauty of the product, it just works.
However, Firejail does prove that it’s working correctly from time to time. For example, if you try to upload a picture to Instagram via Firefox within Firejail, you probably won’t be able to.
Firejail restricts access to folders such as pictures, documents etc. However, it can access the Downloads folder, so moving your cat pictures there first will work.
Security vs. Usability
We can provide you with lists that contain tips to prevent you being hacked, but at some point there’s always a trade off for usability. With more security comes more complexity. It’s inevitable.
Firejail really does bridge the gap between usability and security. It’s easy to install, simple to use, and increases security significantly.
Firejail has found a regular spot on my hard drive from now on. But what about you guys, do you use Firejail? Or are you using a different method to stay secure?
Image Credits: Brian A Jackson/Shutterstock