Linux

This post lists things I do after installing Arch Linux. Secure Boot setup # pacman -S sbctl # sbctl create-keys # sbctl enroll-keys -m # sbctl verify # sbctl sign [file listed on "sbctl verify"] Reboot to BIOS and enable Secure Boot Install TLP # pacman -S tlp tlp-rdw # systemctl enable tlp # systemctl mask systemd-rfkill.service systemd-rfkill.socket Setup Firewall # pacman -S ufw # systemctl enable --now ufw # ufw default deny incoming # ufw default allow outgoing # ufw allow ssh ZRAM setup # pacman -S zram-generator Example config of /etc/systemd/zram-generator.conf: ...

This post lists the changes I make to a vanilla Arch Linux installation for privacy and security hardening. Most of the changes will work on any Linux distro that’s reasonably up-to-date. Choosing distro I use Arch Linux as my main Linux distro because: Minimal: Arch base is relatively small and minimal compared to “prebuilt” or “OOTB” distros like Ubuntu or Linux Mint. This means I add only what I need instead of debloating or disabling what I don’t. Latest software: Arch ships with latest kernel, latest software, upstream security patches. I don’t have to wait 6-12 months to be updated like Ubuntu or Mint. Full control: When using Arch, I can use what software, services, kernel, … I want, instead of using what shipped by default. Otherwise, you can use any Linux distros you want. Fedora is also a good option, it has Firewall, SELinux and AppArmor by default. ...