Post 9mYmbXItEykDimnFVA by Martex@linuxrocks.online
 (DIR) More posts by Martex@linuxrocks.online
 (DIR) Post #9mYmbXItEykDimnFVA by Martex@linuxrocks.online
       2019-09-03T21:41:03Z
       
       0 likes, 0 repeats
       
       What is normal to do for security on your workstation machine? I probably go way too far xD I have BIOS and GRUB locked down, use full disk encryption, apparmor, firejail, nftables, tripwire, clamav and rkhunter. I also disabled all unused services and removed unused software. I hardened SSH and added known domains used for malicious stuff to /etc/hosts  My firefox is also hardened. What else could I do? I enjoy doing stuff like this. Most of the information is for servers though.
       
 (DIR) Post #9mYmbXd61quKjSFNzs by malin@linuxrocks.online
       2019-09-03T22:58:07Z
       
       0 likes, 0 repeats
       
       @Martex I mostly just try not to ruin the default security.  The only reason I have fail2ban is for the one exposed machine.
       
 (DIR) Post #9mYwwOzwJapjaJWAQS by Martex@linuxrocks.online
       2019-09-04T00:53:40Z
       
       0 likes, 0 repeats
       
       @malin I don't have fail2ban on my workstation bc I tend to mistype my passwords alot. I do have it enabled on my PiHole for SSH though.
       
 (DIR) Post #9mYx0E2czenylHbA1I by malin@linuxrocks.online
       2019-09-04T00:54:39Z
       
       0 likes, 0 repeats
       
       @Martex You can set it to any failure rate, though it's probably not important if it's safely inside a network.