>firewall on asap as it's installed
>very few programs installed, only steam port is open, and afaik it's hard to find an exploit through that
>bios updated
>only vertified drivers are loaded
How else could you protect your Linux from being remotely hacked?
Linux is a kernel.
You don't have a router or something else acting as a remote gateway? You're connecting your desktop system straight to the internet?
There's several billion computers in the world, the chances of you being a target of a direct attack are like winning the lottery.
SELinux/AppArmor/other MAC of your choice
Firejail or other X sandbox
Run network-facing shit in containers/VMs
I think that's about the extent of what can be done on the OS level.
Both, one pc is on WiFi and used at school, other is ethernet-connected.
I really don't want this thread to be about this, I know it happens from some specific people who do it. No tinfoil hat shit here.
AppArmor came default on my Ubuntu, but I didn't configure it, so should I reformat and set it up right away?
>used at school
As well as other places, sometimes home.
>Both, one pc is on WiFi and used at school, other is ethernet-connected.
Then you should disable UPnP on your router and make sure it's set to have closed ports (most routers are configured like this by default). There won't be any way for something originating on the internet to open a connection to your PC unless you create a port forwarding/virtual server rule to allow it.
>AppArmor came default on my Ubuntu, but I didn't configure it, so should I reformat and set it up right away?
I don't think you need to be that drastic. It already ships with some default profiles for popular programs. But of course you should tighten the security by writing your own profiles for everything else.
>There won't be any way for something originating on the internet to open a connection to your PC unless you create a port forwarding/virtual server rule to allow it.
Should be noted how much of an idiot I am with pc's, but I think they hacked me either through geoscanning (live in a country where it says online where you live) or through my email (which I doubt since it seems hard to crack that, but again IDK). Can't find UPnP, so I assume it's not on by default, and I think my ports are closed (on the virtual servers tab where games are listed, everything is blank).
Got it. I've read what it does.
Thank you both.
You can't because systemd is an unaudited mess and alphabet agencies had their hands in it. Also Ubuntu is as botnetted as windows
BTW I may have talked a bit off-topic regarding the hackers' way of hacking. I don't plan on learning hacking, but I'm just not sure how I can avoid being hacked, so how plausible are those ways if anyone knows?
>I've never won the lottery so nobody ever has or will
How do you update the bios? Is it done through the normal Ubuntu updates or do you have to download some vendor specific bullshit for each OS?
And are firmware updates the same thing? I see some linux-firmware packages when I update Ubuntu.
unplug ethernet cable fucko
Why is ethernet less safe than wifi? is it because there is no firewall on it?
Yes, but you can get around that vulnerability by installing gentoo
maybe it's the only way
no
k
put the fw on your router at home. Don't open any ports except state-aware input that you initiate when not at home. I mean
iptables -P INPUT DROP
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
bümp
final bump