This is not what I mean actually. Windows simplifies some procedures, which can be beneficial for most users. I'm a big Linux fan boy, but it's easy to mess up your config and get a false impression of security, especially with some distros.
To add examples: i have seen bad posture from otherwise good systems, e.g.:
- not having MAC (apparmor or, preferably, SELinux) implemented
- not managing user permissions per least permissions principle
- not restricting access to bashrc
- not using Wayland opportunistically for a key app, e.g. emacs
- not LVM encrypting during the initial install
- not enabling memory and CPU protections in kernel (Ubuntu, Fedora, etc get most of this right ootb)
There are more examples, and I'm not a security professional, but it's enough to give the flavour of the kinds of problems in defensive Linux security.
It also really fails to provide practical solutions to the recommendations. Like the recommendation "monitor registry editing". There is nothing describing a tool or method to do anything like this. And I feel like the entire article follows that pattern.
From my experience, this is literally par for the course - describe a mitigation without actually providing any useful advice whatsoever.
jmau111|3 years ago
plaguepilled|3 years ago
- not managing user permissions per least permissions principle
- not restricting access to bashrc
- not using Wayland opportunistically for a key app, e.g. emacs
- not LVM encrypting during the initial install
- not enabling memory and CPU protections in kernel (Ubuntu, Fedora, etc get most of this right ootb)
There are more examples, and I'm not a security professional, but it's enough to give the flavour of the kinds of problems in defensive Linux security.
sixothree|3 years ago
From my experience, this is literally par for the course - describe a mitigation without actually providing any useful advice whatsoever.
jmau111|3 years ago
[deleted]