overpass
mythodical
some easy security tips:
Use Flatpak, on non-KDE use Flatseal to control the permissions and restrict them as much as possible.
If you dont mind some apps missing, use the verified flatpak apps only
flatpak remote-add --subset=verified flathub-verified https://dl.flathub.org/repo/flathub.flatpakrepo
But you can also just install the apps via terminal and using flathub.org to find them, there security level and the blue "verified check" are displayed.
Use automatic updates / update very often. Know that stable Distros hold back nearly all updates, which means things will stay broken and not all security updates are backported. Exception is Firefox ESR (used in Torbrowser and Thunderbird) which seems to get all security patches, of various levels.
Use a user account not in the wheel/sudo group. Apps are either installed via flatpak or the system, so in both cases they appear on all user accounts by default.
Some things may not be possible, but I will upload some polkit rules with a guide on how to fix those. (the repo is still empty for now)
Using an account with no sudo permissions is important, as apps and scripts on Linux can pretty much do whatever they want, Malware is incredibly easy.
Dont use Desktops using X11, use Wayland. GNOME, KDE are long done, but LXQt and more are also working on it. If you use Mint, dont. It relies on old buggy software (Xorg) and their Wayland transition will take forever. (Also they theme apps, which is very controversial).
There are many Distros with modern packages
- Fedora (including the immutable variants and ublue.it)
- Opensuse Tumbleweed
- Arch, EndeavorOS
- Debian Sid
And also Distros with pretty updated packages
- Opensuse Slowroll
- Ubuntu Spins
Give Software least permissions via Flatseal, use as little as possible, and checkout (and contribute to!) my list of recommended Software!
Use a Firewall. Block all ports by default, you likely dont need them.
Disable CUPS if you dont print
sudo systemctl disable cups
sudo systemctl mask cups