Linux Mint 20 [Essential Security Guide: Tools & Tweaks]
If you are an average home user, browsing the web, doing online banking, emailing, video calling, etc., with your computer behind a router, your Linux Mint experience will be as secure as any other, or likely more secure.
Your router and your browser are much more vulnerable than your OS and that is where your security efforts need to focus.
Is Linux Mint Secure, As-Is?
Even though Linux Mint is considered one of the safest operating systems, some people still believe that they need additional security software to keep them safe. Must be a hangover from the constant messaging by Windows to install anti-virus and malware removal programs. However, for average users, installing redundant third-party security tools on Linux may waste memory and inadvertently cause other security holes.
Using additional third-party security software may not be required. Linux has its built-in tools and features to keep users and the system safe from threats. There are specific situations where antivirus software is recommended, but this shouldn’t bother the average user. Keeping your OS up-to-date and assigning proper permissions is the most effective way to mitigate threats.
- Is Linux Mint Secure, As-Is?
- Linux Mint Threats
- Security Measures to Consider
- Essential Security Tools and Tweaks for Linux Mint
- Disable Secure Boot
- Built-in Protections
- Keep it Updated
- Switch the Pre-Installed Firewall On
- Install Firejail
- Use a VPN When on Public Wifi
- Install a VirtualBox to Run Windows, If Need Be
- Install VirtualBox On Linux Mint 20
- Secure Your Browsers
- Install Software From Trusted Repositories/Use Common Sense
- Remove Java if You Don’t Use Programs like LibreOffice Base
- Parting Thoughts
Skip the Anti-Virus
Don’t install any anti-virus application on your Linux machine. It seems counter-intuitive, but hear me out: Anti-virus software has, by definition, high permissions (it can do whatever it wants) in your system, and ironically, this type of software itself is inadequately safeguarded against hacking. So, with those two characteristics — the software is not usually great at protecting itself, and it boasts super user level permissions — anti-virus software is a worthwhile target for hackers.
Choose Linux Over Windows for Security
No matter what platform you’re using, there’s always a chance of getting infected by malicious viruses. When it comes to Linux operating systems, the odds are far better that your system will remain impenetrable, unless you do something stupid. This is partly thanks to:
- the system design itself,
- the various customized versions installed, and
- thanks to the low number of viruses on Linux Operating Systems compared to other closed source, easily targeted platforms.
Linux covers only around three percent of the total desktop market. For this reason, hackers don’t focus on Linux OS when planning an attack. Instead, they go for the easier and more obvious option of attacking Windows and Mac users.
Whether you’re an experienced Linux user or a beginner, in this article, we will provide some necessary information when it comes to security on Linux OS and cover some significant threats that have occurred throughout the years.
Linux Mint Threats
Linux Mint, just like other Operating Systems, has specific vulnerabilities every user should know about. However, they are extremely rare, and Linux developers patch major vulnerabilities before hackers can take advantage.
These threats are usually a product of poor software development. In this case, a small mistake in your program’s syntax can be the difference between making your software safe and allowing hackers to mess with it.
Sometimes weak default software configurations can have an impact on your security. This is because they are usually set for functionality and not safety. However, if set rightly, they can improve your software security and your whole system in certain circumstances.
There have been cases of vulnerabilities found on Linux in the past, some of the most notable ones being:
Ghost is a vulnerability found in the Glibc library (a crucial part of the Linux OS). An attacker can use this vulnerability to his advantage by transferring a malicious code remotely, which will allow him to obtain total control over the victim’s system. This vulnerability was quickly patched in January 2015.
The poodle is a vulnerability found in the SSLv3 protocol. This is an old security protocol that is very crackable by hackers. Once in, the hacker can oversee the data transferred between your browser and the website.
Today, most secure web connections use the TLS protocol (which is much more secure). However, the hacker can trick the browser and website into using the old SSLv3 protocol instead of the TLS protocol.
Shellshock is considered a specific security flaw that would allow a malicious user to execute a command on your system. All they need is access to a particular bash shell or even a specific account that can run a CGI script. This would allow them to perform all sorts of malicious work on your system, such as deleting folders, downloading documents, formatting your hard drive, etc.
Security flaws such as the ones above are discovered regularly for all operating systems on any platform. However, they are much rarer on Linux. For you as a regular user, it’s essential to be aware that such vulnerabilities exist, but there is no need for panic.
After going through some of the flaws you may encounter with your Linux Mint OS, now let’s find out the ways of protecting your system from falling victim to such exploits.
Security Measures to Consider
The main reason why Linux is so safe is because of the regular security patches being released by your Linux distributor. While using antivirus software is unnecessary, users should follow some security practices to keep them safe.
Servers are Maybe the Exception
Using third-party antivirus tools may not be necessary for average users, but they are recommended in specific cases. For example, when running a public Linux file server or mail server, infected Windows computers can easily upload malicious documents to your machine, infecting other Windows systems. In this case, you could consider using antivirus software to prevent such matters.
But, Windows viruses don’t work in Linux, so as a Linux Mint user, you don’t have to worry about them.
The Beauty of Limited User Privilege
Being extra careful with storage mediums is essential. Some users infect their USB drives by plugging them into various untrusted computers, without using caution. This is one of the most common ways systems get infected by malicious viruses. Linux is perfect for preventing such infections because of its user levels.
Only the root user has access to install new programs on Linux. This prevents malicious programs from running on your Linux system. For this reason, standard users can’t access system-related files without entering the root password beforehand.
Essential Security Tools and Tweaks for Linux Mint
Linux is based on open source programs, which means that anyone can review the software code and inform developers about potential vulnerabilities. And usually, such problems get fixed quickly. This is one of the main advantages of Linux in general.
Disable Secure Boot
If it isn’t already, disable Secure Boot in the computer BIOS. Disabling Secure Boot removes Microsoft’s vendor lock-in on your computer, and does no harm to your computer.
Open a Terminal and type:mokutil ‐‐sb-state
If the result reads that Secure Boot is enabled, then reboot and disable Secure Boot in the settings of the BIOS. During the restart, press F2 or whichever key your computer uses that triggers access to the BIOS menu.
Built-in security features such as AppArmor and SELinux, or the git project Firejail, are significant when it comes to providing security for users.
AppArmor restricts the capability certain software may have by using program profiles. SELinux allows system administrators to have more control over who is allowed to access the system. Firejail is a sandbox for untrusted programs.
In the following section, we will provide you with some simple, yet important advice to keep you safe while using Linux Mint.
Keep it Updated
One of the most important security measures is to keep your system updated. This is important because developers are continually working on fixing bugs and pushing security patches and new functionalities. Apart from this, updates that are always improving and stabilizing features will provide you with a more pleasing experience overall.
It’s well known that hackers are always finding new ways of disturbing users. For your system to keep up with the latest methods of protecting itself, it’s important to update regularly.
Switch the Pre-Installed Firewall On
Some users overlook the importance of firewalls when using Linux Mint. The reason is simple. Linux Mint doesn’t have any open ports. This means your system isn’t accessible for unwanted intruders.
However, it’s always better to activate a firewall. Specific programs will open ports which would leave your system unprotected. This is where the firewall provides an extra layer of protection.
All Linux distributors have a built-in firewall. However, it’s inactive, and in order to use it, you will have to activate it. Developers leave it inactive, but after you install Linux Mint, you might as well enable it if you use the internet or when you’ve activated some services on your computer.
To enable the firewall, in a Terminal window type:
sudo ufw enable
And the default profile is good enough. All done with the firewall!
Install and initiate firejail, a sandbox program to restrict the running environment of untrusted applications. This program aims to control all your internet-connected programs, web browsers, email clients, torrent programs, and other software that exchanges information over a network.
To install firejail, search for “firejail” in Synaptic, or open a Terminal window and type the following (includes a fix for the ‘sound bug’):
sudo apt-get install firejail
mkdir -p ~/.config/pulse
cp -v /etc/pulse/client.conf ~/.config/pulse
echo "enable-shm = no" >> client.conf
Then if you want to use firefox brower, type:
If you would rather have a desktop shortcut (instead of typing the above each time) that launches Firefox in a sandbox by default, then simply create the quick-launch desktop icon like so in Linux Mint Cinnamon:
- Right-click with your mouse on the icon of Firefox in the menu -> Add to desktop.
- Right-click on the newly created desktop shortcut. Select “Properties -> Command” and input:
firejail firefox %u
Next time you double-click the Firefox desktop shortcut, Firefox will launch in a protective sandbox.
Use a VPN When on Public Wifi
Connecting to public wifi is always a risk. Using a VPN is especially crucial if you are often relied on working on a laptop in restaurants, airports, and other public places. These are the most common places targeted by cybercriminals that want to abuse your personal information.
Most average Linux users may not need a VPN if they use their secured home network internet. If you work at a library or coffee shop with your laptop, definitely connect via a VPN (affiliate link to PIA, it is what I use).
Is Linux Mint Secure for Online Banking?
Linux Mint is one of the most secure operating systems available. Like every OS, Linux is as secure as its settings and software integrity can make it. The benefit of Linux is its system design features are Unix-like, limiting admin powers to certain users and explicit commands; these built-in design features tend to make Mint easier to secure out-of-the-box than Windows.
Open source systems tend to offer competent or home users more options to keep systems updated with the latest security patches than closed source systems (Windows and Macs).
So do you actually need a VPN? It mostly comes down to the type of work you do online and how much you trust the wifi service you’re using. Or if you want to watch streams that are specific to certain country IP addresses.
Install a VirtualBox to Run Windows, If Need Be
Sometimes you need to use a Windows program, or maybe play a game that doesn’t run on Linux. A virtual machine represents a fully working computer within your current computer. It is usually used by developers to test specific programs without messing up their own system.
In case you require running specific Windows programs, consider installing a VirtualBox instead of using WINE. The VirtualBox may consume a fair amount of your RAM when used; however, it will allow you to run specific Windows-related software inside Linux, and is fairly user friendly to set up.
Virtual machines will provide you an isolated environment in which you can test if individual files are infected. Also, you will be able to do whatever you want to that isolated operating system without worrying about the consequences.
Install VirtualBox via Synaptic Package Manager.
Or for the latest version, download from the Linux VirtualBox site directly. Here’s how:
Install VirtualBox On Linux Mint 20
1. Add the VirtualBox Repository
Open up a Terminal window. Import the public key of the Oracle VirtualBox repository to your system. (One line):
$ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
Add the VirtualBox repository (one line):
echo "deb [arch=amd64] http://download.virtualbox.org/virtualbox/debian focal contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
2. Install VirtualBox
Update the repository index:
$ sudo apt update
Next, install the VirtualBox using the apt command:
$ sudo apt install -y virtualbox-6.1
After the installation, check the VirtualBox Linux kernel module service status to ensure the VirtualBox installation is successful:
$ sudo systemctl status vboxdrv
Secure Your Browsers
Using a secure browser is pretty self-explanatory. This is something everyone should consider, no matter what platform they’re using, since your browser is the interface between your local computer and remote servers. When it comes to Linux Mint, there are a couple of great options for secure browsing.
Most privacy proponents and Linux users recommend using Firefox. The browser provides users with adequate privacy and security, and Firefox releases regular security and privacy updates.
Other choices are Chromium (the open source browser before Google infected it with spyware and renamed it Chrome), Brave, Palemoon, Opera, etc.
Launching your browser in Firejail (see above) or using separate browsers or containers for work and casual use is smart. In theory, this will prevent attackers from having access to your whole cookie jar. The only downside is that having two open browsers consumes a fair amount of memory. Doesn’t stop me from having two dozen tabs open 24/7…
Check out privacytools.io for their secure browser recommendations, browser tweaks, and privacy-protecting plug-ins like uBlock Origin, Decentraleyes, Privacy Badger, and HTTPS Everywhere.
Linux is unique in the way the distros provide users with software. Almost every Linux distribution has a packet manager and a software repository. With the package manager, users can install, update, and remove software easily. Repositories are storage locations for specific software that package managers may retrieve and install.
Install Software From Trusted Repositories/Use Common Sense
Using repositories allows Linux users to acquire software safely and not worry about programs containing malicious content. This is a massive advantage compared to other platforms where users sometimes rely on downloading content from unsafe online links.
Usually, the most trustworthy repositories are the official ones provided by your distribution within Linux. When installing a well-known software, always search for the maintainer of the repository. For example, for Java, it should be Oracle or openJDK, and if it’s not, you may be dealing with a malicious repository.
If you plan on using other third-party repositories, be careful and research them before you install programs from them.
Remove Java if You Don’t Use Programs like LibreOffice Base
Speaking of Java, it is often a target on all platforms, so if you don’t need it, you might as well remove it from your system. OpenJDK is the default Java source on Linux Mint, so to remove it, simply open up your Terminal window again and type:
sudo apt-get remove "openjdk*"
You can always re-install openJDK and its support for LibreOffice Base by typing this gibberish:
sudo apt-get install default-jre libreoffice-sdbc-hsqldb
- Most security problems result from actions taken by ignorant users. 🙂
- Don’t download and install random applications from sketchy sites or sources.
- Don’t open links from unknown or suspicious-looking email senders.
- Don’t give programs higher user privileges than they need to function. (Hint: never give them root privileges.)
Even better: 10 Things to Do First in Linux Mint 20 Ulyana