How to protect your privacy on GNU / Linux
If you are reading this article, it means either that you are already a penguin user or that you are thinking of becoming a penguin in the near future.
And probably one of the things that pushed you to use a GNU / Linux distribution and the freedom to have your digital life under your control.
If so, just the fact that you have made this choice puts you in a position of better to many other users who use proprietary systems.
But apart from everything, in this article we will go to see what are the behaviors (which should be basic regardless of the operating system that you use NdA), which help to protect our privacy even more.
1 Do not be too sure just because you use GNU / Linux!
It is easy to have a false sense of security, and to think that the other popular operating systems are a more desirable target of Linux, but there are also risks and vulnerabilities for devices with on board GNU / Linux systems.
It is also true that GNU / Linux systems are more difficult to conquer, but this does not mean that this is not possible.
It is therefore necessary to maintain a certain level of protection regardless of the operating system being used.
2 Be sure to use a password to protect your user account.
This should be one of the essential requirements but one that is often done without for a simple matter of practicality.
It is instead essential to always use a strong and long password to protect your account.
3 Do not use the administrator account (root) for everyday activities.
For the activities we do every day on our PC and always better to use a user account without "administrative powers" and use sudo or the root account only when strictly necessary.
This problem, normally nowadays, does not arise too much, as all distributions use this default behavior, but it is always worthwhile to take a look that things really work this way.
4 Encrypt the data.
The total encryption of the disk would be ideal, but it is also possible to encrypt only the home directory, if for example we are using a machine shared with other people.
The encryption process is normally done during the installation process, and it is much more difficult to do it at a later stage.
In case we have not encrypted the entire disk during installation, the easiest way to do it and make a backup of the data and reinstall the operating system by selecting the option to encrypt the entire disk.
If instead you want to try to encrypt an existing system, the solutions and procedures vary depending on the distribution we are using and the way the disk is partitioned, a specific search in this case can help.
5 Activate the screensaver and screen lock.
Always set a short period of time after which if the PC remains inactive, the screensaver and screen lock by password are activated.
6 Check the installed applications.
It would be a good practice to keep the applications installed to a minimum.
Not only does this allow the machine to be lighter and more responsive, but it also reduces the risk of being exposed to vulnerability.
7 Keep the system up to date.
It is usually very easy to maintain both the operating system and the updated applications on GNU / Linux systems.
But it is always good to check and be sure that at least security updates are installed automatically.
8 Check the settings for remote connections.
For example, if we use SSH to remotely access our machine, there are some simple techniques to reduce the risk of being attacked.
One of these is for example that of using a port other than 22 which is set by default by SSH.
If we do a short search on the internet there are many other tricks that can come in handy in these cases.
9 Disable services that are not needed.
On GNU / Linux systems, some demons are waiting on external ports.
It is good to turn off these services, such as sendmail or bind, if they are not needed.
This operation also improves the system boot time.
To check which services are "listening" on the system, use the command netstat -lt.
10 We use a firewall.
Our operating system is certainly already equipped with a firewall, probably iptables.
Firewalls are difficult to configure from the command line for the less experienced, but there are still graphical interfaces that can help and greatly simplify the control, such as Gufw.
11 Limit "privileged access" with SELinux or AppArmor.
One of these systems is probably installed on our machine.
Both of these systems enable users to define rules that limit the way applications can be executed or how they can interact with various processes and files.
The benefit of systems like SELinux or AppArmor and that in the event of an attack, the damage that can be done to the system is very limited.