Arch Linux

xyasharx

Member

Registered: 2023-12-03

Posts: 2

Security Concern as daily user

Just installed Arch and reading security page in arch wiki and I think arch doesn't have basic security features like lack of MAC etc. I usually use banking and financial related services in my system. Is it possible that my system can be hacked by using default standard Arch distros like EOS? and also I only use trusted 3 or 4 AUR packages. tnx

Head_on_a_Stick

Member

From: The Wirral

Registered: 2014-02-20

Posts: 9,003

Website

Re: Security Concern as daily user

I think arch doesn't have basic security features like lack of MAC

Why do you think you would benefit from MAC? Even professional sysadmins have a tendency to switch that into "nag" mode rather than configure it correctly, such is it's complexity.

Is it possible that my system can be hacked by using default standard Arch distros like EOS?

Which specific threat vector(s) are you worried about? What do you mean by "hacked", exactly?

and also I only use trusted 3 or 4 AUR packages. tnx

What does "trusted" mean?

Also:

Security is a state of mind

---

Jin, Jîyan, Azadî

xyasharx

Member

Registered: 2023-12-03

Posts: 2

Re: Security Concern as daily user

Why do you think you would benefit from MAC? Even professional sysadmins have a tendency to switch that into "nag" mode rather than configure it correctly, such is it's complexity.

because I used to work with Ubuntu and I read about apparmor and it seems to me that this prevents applications from going beyond the access limit or It is an additional layer of security

Which specific threat vector(s) are you worried about? What do you mean by "hacked", exactly?

remote access to my whole system like hacker can watch my passwords or my screen

What does "trusted" mean?

I watch their PKGBUILD to make sure there is nothing suspicious

I'm interested to make sure I'm safe with a default install without add additional hardening steps. tnx

Zod

Member

From: Hoosiertucky

Registered: 2019-03-10

Posts: 636

Re: Security Concern as daily user

Arch Linux defines simplicity as without unnecessary additions or modifications. It ships software as released by the original developers (upstream) with minimal distribution-specific (downstream) changes: patches not accepted by upstream are avoided, and Arch's downstream patches consist almost entirely of backported bug fixes that are obsoleted by the project's next release.

In a similar fashion, Arch ships the configuration files provided by upstream with changes limited to distribution-specific issues like adjusting the system file paths. It does not add automation features such as enabling a service simply because the package was installed. Packages are only split when compelling advantages exist, such as to save disk space in particularly bad cases of waste. GUI configuration utilities are not officially provided, encouraging users to perform most system configuration from the shell and a text editor.

Look man, if you like app-armour learn how to use it, install and configure it.

Barring that you can always install a distro that does all that yucky stuff like learning and reading and whatnot for you.

Edit: Specific questions, I forgot to add that part. If you choose to use Arch Linux and implement various aspects that are available and run into a problem ask a specific question.

I imagine that there will be someone along that can help.

Last edited by Zod (2023-12-03 15:45:35)

adventurer

Member

Registered: 2014-05-04

Posts: 128

Re: Security Concern as daily user

Just installed Arch and reading security page in arch wiki and I think arch doesn't have basic security features like lack of MAC etc.

That's not correct. Arch doesn't come with a MAC installed by default but it officially supports AppArmor, SELinux support is enabled in the kernel (the userspace tools and libraries are another story), and Tomoyo is available, too. Besides, Firejail and Bubblewrap are also available in the official repos. It's up to you what you prefer to use.

I'm interested to make sure I'm safe with a default install without add additional hardening steps.

Then you shouldn't probably use Arch Linux as it is a do-it-yourself distro. Besides, setting up AppArmor isn't difficult at all.