-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 21/03/14 17:44, Ján Zahornadský wrote:
Indeed, the smaller the surface area, the smaller the target (the fewer things running, the fewer things can be exploited). For an average desktop environment, doing what you're already doing, I think, would be reasonably sufficient - provided it's mixed with a little common sense (don't grant root privileges to things that don't need them; don't use passwords like 'MyPassword'; that sort of thing). Having a personal firewall is already probably more than many (albeit non-linux) users do (at least of their own accord). If you wanted to go a little further, you could have a look at `qcheck` (app-portage/portage-utils) or even app-admin/tripwire; maybe set up a few cron jobs that mail root with warnings or something. Otherwise, making sure you don't enable unnecessary services and keeping on top of your firewall, log checks and chkrootkit'ing should be sufficient. If you *do* want to go the whole hog, while I'm no expert on it, using a desktop environment under the hardened profile can provide some challenges, but is indeed doable. Personally I'm currently running thunderbird-bin in a kde environment on a custom hardened/kde profile that I kludged together (this is Gentoo, after all)! Ultimately, it's up to you what you feel is appropriate for what you expected usage and risk level is. For reference: https://wiki.gentoo.org/wiki/Project:Hardened Cheers; - -- wraeth -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlMsDZAACgkQGYlqHeQRhkwwaQD/fInm5p4rbnoKH3sDIklJvK2e /Bud0z1N9QvWXRbDvRUA/i+XYipiYjcMHd+NCduj0AHF/slcb9IJxsfgMon3Tf7h =LJ4m -----END PGP SIGNATURE-----
