How should GNU/Linux noobs harden their dekstop OS?



  • I'm interested in using GNU/Linux for different reasons. Partly for freedom, privacy, and security. But also to force myself to learn Linux. One issue I’ve found is that desktop Linux seems to have fairly poor security by default which is a little odd considering GNU/Linux is often recommended by security experts in certain circumstances. I looked into hardening Linux but that guide is clearly for very advanced users who have a lot of time on their hands. My threat model is sort of mixed. I'm not a highly targeted individual, but I also plan to do sensitive work with investigations and activism so security is still very important to me. I'm hoping to do everything on one laptop for monetary and practical reasons, so I want to avoid using a burner for my more sensitive work if possible. I've also looked into Qubes, but much like the previously mentioned hardened Linux guide, it looks like it is more for advanced users and it comes with a lot of usability issues.

    Are there any simpler Linux hardening guides that still address many of the presented Linux security concerns? Or better yet a way to automate the "hardening" process? If it matters, I think I'm most comfortable using Linux Mint Cinnamon since that's what I've used for some time, but I'm open to using anything that's easy and just works out of the box with little to no configuration necessary.



  • There is no easy guide or hard guide as such for Linux hardening. You at least need basic Linux understanding to harden the Linux systems.

    Also, you should know what you are doing before following any online tutorial regarding the hardening steps. Blindly following the hardening steps will only give you false sense of security.

    If you understand basic Linux, you should go with Linux security guides, books or online tutorial and try to implement on test environment and check what it does. Its time consuming although.

    As of now since your work requires at least some level of security I recommend going with Windows OS if you do not have any constraints with respect to tools or command line until you are confident enough with Linux.

    Configuring Windows OS with basic security settings is easy and Windows is also secure. Enabling hard disk encryption, TPM, using Virtual Smart Card (VSC) is easy and will help you to keep your Laptop and data secure.

    Configuring Linux for security by blindly following online tutorial is not a good idea if your work requires some level of security.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2