From the start, Linux is already quite secure, especially when compared to other operating systems such as macOS or Windows. Even so, it’s good to build on that, starting with these tools.
1. Firewall Management: Gufw
By default, Linux comes with a firewall tool called iptables. However, since it’s quite hard to use, people mostly use front-ends to it, Gufw firewall being a popular choice. It’s actually a front-end to the Uncomplicated Firewall, which itself is based on iptables.
A firewall (there are many reasons to use one) is responsible for watching what comes and goes through your computer’s network. The ideal is that only the network activity you want passes through, aiding in security. While this is far less of an issue on Linux than on Windows, it’s still important to take these sorts of precautions just in case.
Gufw makes it easy for you to restrict the network activity of any program of your choice. By default, it comes with a set of different rules to help manage them. Compare this to iptables, which requires a much more involved sort of effort. You’d need to know how an application connected to the internet, and restrict them based on that.
In many Linux operating systems, this firewall is disabled. This is because by default, your network is generally secured somewhat. Even so, good security comes in multiple layers, so this is a good practice either way. And Gufw makes this even easier to do than before.
2. Application Sandbox: Firejail
Sandboxes help to protect your system by restricting what your programs can do in them. Programs inside of them aren’t able to affect anything outside of it, such as important system files. This can act as a second layer of security for apps that might have potential exploits in them, such as your web browser.
Sometimes, sandboxes are also used for testing dangerous programs. Since they’re inside an isolated environment, any damage that they might do is very limited. Of course, end users will probably not try to actively hurt their own computer. It’s the security that isolation provides that’s more important.
Firejail makes this process easy. Running programs in a sandbox is just a matter of an extra terminal command. If using the command line is not for you, it also provides a simple graphical tool to manage them instead.
A cool thing about Firejail is that you can choose how restricted you want your programs to be. There’s a lot of flexibility to it. For example, there’s a completely private mode, where the program inside the sandbox can’t affect anything on your computer. Alternatively, you can choose which folders they can access, for something a bit less strict.
3. Password Manager: Keepass and KeepassXC
Long passwords help keep your accounts safe from people other than you. Sadly, creating a random, secure password for each of your login websites can get hard to remember without help. Writing them down on text document could work, but what if someone got a hold of it? This is where password managers come in.
Password managers cut away the hassle of remembering complex passwords by creating and storing them in a password protected database for you. This file of passwords is usually heavily secured, so even if a person managed to get a hold of it, it’d be impossible to access.
Keepass is an excellent piece of software that works across all major systems, including Windows and macOS if you’re so inclined. There are even ports for Android smartphones. It supports a number of extra features through plugins as well, such as browser integration.
If you’d prefer something a bit better looking, take a look at KeepassXC. It’s a fork (find out what a fork is) of KeepassX with some extra features in tow. KeepassX is based off Keepass, but was written with Linux users in mind. As such, it blends in with the rest of your applications. It doesn’t really support plugins like Keepass does though.
4. Malware Scanner: ClamAV
In general, Linux does not really need an anti-virus program, at least in the modern definition of the term. Malware is rare in the world of open source, and even harder to catch. Most programs are installed through your package manager, and these are maintained by your current Linux distribution. As such, they’re guaranteed to be safe.
Even so, it’s good practice to scan any dubious looking files for potential threats. While it probably won’t affect your computer, you might be saving a Windows user from a nasty headache. This is where Clam AntiVirus (ClamAV) comes in.
ClamAV is an open source command-line tool that lets you scan for viruses on Linux. As of early 2016, it also supports scanning files automatically if you enable it. There is also a graphical front-end to it in the form of ClamTk.
Another thing which ClamAV supports is scanning emails. This is quite useful for dealing with dubious attachments and the like. Even if you don’t ever encounter a virus while using Linux, having things like an anti-virus scanner helps.
5. Backup Programs: Rsync, Duplicity, and More
Even with lots of security software, you never quite know what might go wrong. As such, it’s important to back up your hard drive regularly. After all, even if you repel threats at the software level, you can still fall foul to a computer failure.
Linux has plenty of tools in this regard. Many of them are front-ends to common command line programs, such as Rsync and Duplicity. There are plenty others as well, all slightly different to each other.
One example of such a front-end to Rsync is called Grsync. It’s fairly simple to use, but also quite full featured. You might still have to work your way around the controls though.
Of course, at the end of the day, it doesn’t matter as long as your important files are safe!
It takes just a few installation commands, but it’s worth it. Keeping your system secure should always be something to remember. Yes, Linux is quite secure, but it’s still important to be aware of the risks as well, and to prepare appropriately.
Which Linux security tools do you use?