Security - How much is necessary?

TySpicer · 2025-09-04 18:10:14

I'm running through the General recommendations on the wiki. In section 1.2, it links to the Security article. I wonder, how much of this is absolutely necessary? I'm kind of excited to get started with Arch, and this article seems really big, so it's a little intimidating. I'm leaning towards skipping most of it.

On the other hand, I want to be responsible and safe. I don't want to sacrifice safety just because I'm impatient.

I'm sure it depends on what I use my computer for. This is for my laptop, which I use for all my general needs (I have a separate computer for gaming and music). I'm a math professor, so I use TeXworks and LibreOffice Calc quite a lot. That also involves accessing Blackboard courses: uploading files, plugging in grades, etc. Other than that, I use my laptop for fairly general internet usage, and other things locally on the laptop.

What are the most important security points I should go over? Do you think there are any points I can skip?

seth · 2025-09-04 19:12:49

Random comments, not a conclusive list:

https://wiki.archlinux.org/title/Security#Microcode is borderline mandatory (even more for stability than security), a lot of people deactivate https://wiki.archlinux.org/title/Securi … rabilities for better performance because it's hard-ish to exploit and requires a somewhat directed attack w/ local malware execution.

https://wiki.archlinux.org/title/Security#Passwords is completely OS agnostic
Likewise is https://wiki.archlinux.org/title/Security#Backups

https://wiki.archlinux.org/title/Securi … using_sudo is a common beginner mistake ("sudo sqriptor foo.txt" is the WRONG approach)

https://wiki.archlinux.org/title/Securi … encryption restricts hardware access against thieves (so if you're concerned that the notebook might get stolen and
a) either secrectly compromised
b) it holds sensitive data that allows to impersonate you etc (you then also need to look at https://wiki.archlinux.org/title/Securi … l_security )
you might want to look into that - the anticipated thread dictates the necessary measure.

https://wiki.archlinux.org/title/Securi … _daily_use should™ be a complete no-brainer

https://wiki.archlinux.org/title/Securi … _firewalls is important if you're running services that listen on network sockets and you move into a potentially hostile environment (most consumer grade home routermodemswitch combos you get from your ISP and likely your campus will have sufficient degrees of protection against cold inbound traffic, but you can trust starbucks only so much…)
If you consider to run a ssh server for remote access in a hostile environment, https://wiki.archlinux.org/title/OpenSSH#Protection is an ABSOLUTE MUST READ!
nb. that an open ssh server is not part of most user setups, though and most desktop systems will not listen on any network sockets - CUPS on port 631 being an unpleasant surprise. cupsd.conf allows you to restrict the access to specific network ranges, but you're likely not requiring printer support at a starbucks anyway?

https://wiki.archlinux.org/title/Security#Packages is largely about "how to maintain your system", you'll hopefully get the upper paragraphs anyway.

https://wiki.archlinux.org/title/Securi … rozen_mode could be real for some student pranking you

MAC, hardening the kernel and malloc is kinda special-scenario and typically not necessary for Joe User

TySpicer · 2025-09-04 19:55:46

This is useful, thanks for the help!

Succulent of your garden · 2025-09-04 23:22:32

I'm going to post here just to have in my account this post so I can search it quick in the future. Seth just compile everything very well.

If your a new, maybe going to Linux LTS kernel should be considered, sometimes the newer kernels have some bugs and can in someway make your system unbootable in some times. That's not the case with LTS. You can have many as a kernel also if you want in case something failed, but that's is something not so newbie friendly.

If you know some vim, you can in someway setup vim plugins and make a comfy neovim [or just donwload something like lunar vim or lazy vim]editor for your latex documents. You can use zathura https://archlinux.org/packages/extra/x86_64/zathura/ to saw your pdf being edited in real time. So you can edit your latex files using vim and zathura in a split window, probably using some kind of window manager. If you like that kind of approach to make your documents, then probably you are going to love more editing your documents.

TySpicer · 2025-09-06 01:31:35

seth wrote:

https://wiki.archlinux.org/title/Securi … rozen_mode could be real for some student pranking you

Seems unlikely to me, but it seems easy enough, so I might as well try it. The article says to write a file:

/usr/lib/systemd/system-sleep/ssd-freeze.sh

#!/bin/sh
if [ "$1" = 'post' ]; then
	sleep 1
	if hdparm --security-freeze /dev/disk/by-id/ata-name-of-disk; then
		logger "$0: SSD freeze command executed successfully"
	else
		logger "$0: SSD freeze command failed"
	fi	
fi

It looks like I need to replace a couple things with info from my system. Am I correct that "/dev/disk" should be replaced with "/dev/sda" since "sda" is my disk? My Arch partition is sda8, should it be sda8 instead?

"ata-name-of-disk" is in italics, so I assume this needs replaced, as well. What do I replace this with?

seth · 2025-09-06 07:54:34

Am I correct that "/dev/disk" should be replaced with "/dev/sda"

The sdX enumeration isn't deterministic, this works if there's only ever a single ATA device (sda) but if you've multiple disks or maybe even just a usb key attached at boot, this is no longer a reliable access pattern.
Use the "by-id" approach, the latter being a stable reference.

Arch Linux

#1 2025-09-04 18:10:14

Security - How much is necessary?

#2 2025-09-04 19:12:49

Re: Security - How much is necessary?

#3 2025-09-04 19:55:46

Re: Security - How much is necessary?

#4 2025-09-04 23:22:32

Re: Security - How much is necessary?

#5 2025-09-06 01:31:35

Re: Security - How much is necessary?

#6 2025-09-06 07:54:34

Re: Security - How much is necessary?

Board footer