A complete yet beginner friendly guide on how to secure Linux

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/linux

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
  • SaaSHub - Software Alternatives and Reviews
  • goprotobuf

    Go support for Google's protocol buffers (by golang)

    go get github.com/golang/protobuf/protoc-gen-go

  • dep

    go get -u github.com/golang/dep/cmd/dep

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • vaultwarden

    Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

    Use bitwarden for a free hosted option, keepassxc for an offline/local option, or vaultwarden for a seldhosted option.

  • lynis

    Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

  • keepassxc

    KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.

    Use bitwarden for a free hosted option, keepassxc for an offline/local option, or vaultwarden for a seldhosted option.

  • Cryptomator

    Multi-platform transparent client-side encryption of your files in the cloud

    Use cryptomator to auto encrypt files when uploading files to cloud. Use veracrypt for a more secure, but manual option, or just GnuPg which is included by default in most distros, however gnupg doesn’t support folder encryption.

  • pass-import

    A pass extension for importing data from most of the existing password manager.

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • Pi-hole

    A black hole for Internet advertisements

    I personally use a PiHole for a DNS server, which is configured to use Cloudflare using DoH (DNS over HTTPS). I also block all DNS outbound on my network firewall. The PiHole DNS server is configured for my network devices over DHCP, which is also the PiHole server. This allows me to connect to other devices on my network by name, track IP assignments, track DNS queries, and block data collection and unauthorized DNS queries by various devices like my Amazon Echo or PlayStation.

  • linux-hardened

    Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening

    linux-hardened is maintained by the Arch Linux project lead, the latest commit is from 9 days ago (you have to switch to the 5.4 branch) https://github.com/anthraxx/linux-hardened

  • opensnitch

    OpenSnitch is a GNU/Linux port of the Little Snitch application firewall

  • focus-android

    Firefox Focus: The privacy browser - Browse like no one’s watching.

    He ignores the majority’s opinion for his own, again contradicting the “options” and “anti-censorship” the browser offered amongst Firefox users.

  • openbsd-wip

    OpenBSD work in progress ports

    Some other points to bare in mind: .this, this (bloat), and this

  • steam-for-linux

    Issue tracking for the Steam for Linux beta client

    Look, there was an issue with Steam, where one could lose all their data, because some Steam developer wasn't experienced enough with shell scripting. So, people happily installed the native Steam package from their distribution's repository, and run it without any means of sandboxing, and ultimately, some of them lost their data, as you can read.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts