Mageia forum

[nwtmg]

Hi,
Using mageia 5 on a toshiba laptop with 2 gig of ram and openbox. Looking for information on hardening my version of linux. i have checked on google and they all mention various other versions but nothing particular to mageia. Thanks for your support.

[JoesCat]

Mageia has software called "msec" (you have GUI access and setup through the Mageia Control Center).

For most users, the default settings are recommended and fine for least fuss.
If you know what you want to do, you can set the permissions harder, and also customize as you like.

In terms of some customization, I've twiddled a little with it and explain it on installing a self-start boinc here:
http://www.joescat.com/boinc/
FYI - This howto needs updating (from 2009), and msec had a big upgrade (improvements and files moved) but the basic info here is ok for what you're interested in doing.

If you're interested in customizations, you can edit settings like:
For example setting permissions for /home from 755 to 750 and other setting customizations with reduced group and other accesses. One item of note is that newer software (today) appears to have the concepts of users less understood, so if you had older programs like (example cups) running as user=printer, now it seems the defaults are user root, where more programs seem to default to root....this goes against your attempts to harden by running daemons as non-root with less privledges.

You mention mageia5... If you're going for a new install, you may want to think of mageia6 since it's a long term release version. Mageia5 support ended fairly recently. Additionally, if you are installing fresh from a live distro, I would recommend start with creating a new user (for your install), and removing "live" after install (live is user 1000. new user starting at 1001).

[doktor5000]

As mentioned, if you think about hardening, first thing would be to upgrade to Mageia 6, as 5 is basically already end of life: https://www.mageia.org/en-gb/support/#lifecycle

Regarding hardening itself, take a look at http://doc.mageia.org/mcc/6/en/content/msecgui.html and https://wiki.mageia.org/en/Msec for some more information.

[wintpe]

you may also want to look at the CIS standards for some background to many of the settings.

we use this on rhel, where we dont have msec.

im sure msec covers some of this already, but its interesting that theres a standard for hardening, and this is also what security scanners such as qualys use.

its not the be all and end all, understand these settings and their impact before going forward with them, but its a good check list.

the doc is free to download, you just have to register.

https://www.cisecurity.org/

regards peter

[nwtmg]

Thanks to all for the assistance. Will take a look at all the recommended solutions. Marked as solved.

[doktor5000]

On a related note, I can also recommend Lynis: https://cisofy.com/lynis/
It's good to take an audit scan of your system which might highlight things that you should take a look at.