Adventures in Securing Linux

Well world,

As modern operating systems become even more invasive in terms of monitoring and tracking user habits, I have decided to switch full time to Linux as my primary OS. I say primary OS because I still need to be able to boot into Windows on the rare occasion for work. However I should be able to accomplish 95% or more of what I need to get done in Linux.

So as the title say's:  Adventures in Securing Linux, you're probably wondering a few things. First and foremost, why I don't I just one one of the pre-built Linux distributions to handle this and get on with my life? There are a few answers to that question and they are listed below:

1. That's too easy
2. I won't learn as much
3. Because I think it will be fun / painful to do

OK then, define securing linux. My response: Define the color orange. Standard things apply here such as:

1. Security through obsucirty (make your web presence as small as possible)
2. Defense in depth, multiple layers of shields
3. Common sense

Awesome! So what base distro are you going to build this on? Well kids, hold on to your hats. I am basing this on Bunsen Labs which is currently in Alpha 2. Alpha????????? Close tab, next page.

Relax. It's based on Debian Jessie and is quite stable actually. Check it out:

http://crunchbang.org/forums/viewtopic.php?id=39994

You moron, you linked to Crunchbang linux.

Yes I did. Because the developer of #! is hanging up his hat. So the community got together to carry on. The successor is named Bunsen Labs.

At this point you might be thinking "Ok, but what are your goals exactly and how do you plan to accomplish them"?

Excellent question. Here you go:

So, I've been toying with the idea of seeing how much of BL I can harden. Because well:
1. I'm paranoid. Yes, they are watching you
2. It'll be fun experiment
3. I get to learn a lot in the process
4. Reasons

So while researching how to configure all my outbound internet traffic to use TOR, I came across this:
https://trac.torproject.org/projects/to … arentProxy

Which on top of me wanting to add in things like XEN, SeLinux and Apparmor should make things pretty secure. I also use the following addons to iceweasel:
1. Ghostery
2. NoScript
3. AdBlock plus
4. Flashblock
5. AdBlock for YouTube (I hate ads in my video's)
What i'd also like to do is configure a few other things:
1. Flush RAM and SWAP contents on reboot or system shutdown
2. Encrypt my /home partition
3. Configure and use GPG with Thunderbird
4. Figure out to add a keyboard command to lock the screen
5. Move grub to my sdcard, so the system won't boot if it's not installed

Which is my post in this thread:

http://crunchbang.org/forums/viewtopic.php?pid=437006#p437006

Now we're getting somewhere. So what's the plan?

The plan young one is to install BL in a Virtual Machine and go from there with a lot of snapshotting. Not because things MIGHT break, but because they WILL break. 

What's your host OS?

OS/2

I kid. The host OS is also Bunsen Labs. So there's some linux inception action going on. Neat.

I plan on keeping detailed notes in a CherryTree DB for reference. I will also post what I find and learn both here and on the #! / BL forums.

Fun times!

Now, if I had to recommend a distro where someone already did this, it would hands down be Tails. No question asked. My hat is off to them, nice work guys.