Securing Fedora

I would like to hear some suggestions how to secure Fedora. Here are the topics :

  • Antivirus like ClamAv ( installed but isn’t working need help or an alternative)
  • Disk encryption (Not done )
  • Keep always the system up to date (Done)
  • Disable un-neccesasry service like ftp, etc (How ?)
  • Check Open Ports, don’t expose your box outside ( How do I check my open ports ? )
  • Don’t disable SElinux (Done )
  • Don’t execute Script that you don’t know the procedence (Done)
  • if you use ssh change the default port for something else (Zero usage )
  • Enable firewall (Done )

A few notes : I didn’t use disk encryption with Fedora because when I tried , the system didn’t recognize my password (it was a simple one just to check if the system worked).

1 Like

No antivirus is needed you need to look into what you ran and what you don’t.
Make your device always updated and never run untrusted scripts like bash
Full disk encryption is a must have for security.
Next use trusted softwares only use stuff which are opensource.
Use a secure encrypted dns provider who don’t keep logs.

3 Likes

Furthermore , I would love to use FDE is there a way to set it up after Fedora has been installed ?

Can you recommenda provider which is Fedora friendly ?

I do still need to deal with Windows based PC that’s why I am thinking of installing a antivirus.

Furthermore , I would love to use FDE is there a way to set it up after Fedora has been installed ?

1 Like

This website provides lots of good secure dns providers pick one that you think fast in your location.

1 Like

Watch windows and linux is totally different os from the kernel level so be assured. now it is extremely low chance that something harm your device until you give it a sudo access i mean root.
A windows written can’t do anything in linux.

What about Linux rootkits /malware ?

Always avoid strangers to touch the laptop.

1 Like

That’s why I want to use FDE ,is there a way to set it up after Fedora has been installed ?

Please understand linux is totally opensource now if there is a vulnerability appears it gets patches in no time now fedora is extremely secure semi rolling distro so you don’t need to worry about anything.
A malware can’t do much without root access now sophisticated malware attacks are extremely low so don’t worry.
And don’t confuse with something like windows.

1 Like

Is there a way to set up Full disk encryption after Fedora has been installed ?
P.S. A big thank you for clearing up my concerns. I know most of the facts mentioned but I just wanted to hear some other opinions , I guess.

Yes it is possible as far as i know but i have never done this after install. But you can search for in fedora magazine look at comments

But hard to do as need lots of works but it is easy when done on the first install as anaconda will do everything for you.

3 Likes

So a data back-up and a fresh install is the way to go, thank you. Any more security tips to offer ? Some software to recommend ?

Use a password manager (opensource) and create strong password
Use 2FA when ever possible
Don’t give physical access to someone you don’t know.
As per previous comments
while encrypting drive please keep in mind If you loose key, it is impossible to retrieve files a back up is important

1 Like

Everything you mentioned is a part of my safe PC practice. I just hope the encryption works this time because last time the password was a simple one , which was written on a piece of paper and it still wasn’t recognized. Furthermore, I am also implementing a VPN in the mix and a in browser download scanner.
Anyway thank you for the help.

1 Like

Welcome to ShieldsUP!

For port scanning outside your network.

2 Likes

Vpn is not usefull in general
Because most of the internet is encrypted using some type of encryption uses aes
Now vpn do nothing. Rather it creates a single point of failure which can lead to worse security if you want privacy and a good security use tor. And if you want to use some vpn for geo restricted contains still need to secure webrtc so i will recommend mullvad or ivpn or proton.

3 Likes

To check the opened ports:

sudo su -
firewall-cmd --list-ports
3 Likes

There is an easy way to setup full disk encryption. I would suggest you backup important data such as your home directory and reinstall Fedora.

1 Like

If enable ssh, make sure you allow only certificate-based authentication and no password authentication.

1 Like

Well using tor for me is great but I don’t know how to route all of my traffic through it.