this post was submitted on 29 Dec 2023
33 points (100.0% liked)

Arch Linux

7579 readers
1 users here now

The beloved lightweight distro

founded 4 years ago
MODERATORS
[email protected]
33
How do you secure Arch? (self.archlinux)
submitted 8 months ago by driveway to c/[email protected]
25 comments fedilink hide all child comments
 

I have my firewall configured pretty restrictively. I am attempting to configure AppArmor but it seems to complicated.

How do you secure your desktop?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 8 months ago* (last edited 8 months ago) (1 children)

I know that almost nobody treats it this way but the number one rule of AUR is that it's pretty much all untrusted, by definition.

[–] driveway 1 points 8 months ago (1 children)

Same goes for any unofficial flatpak, right? And that is most of them.

[–] [email protected] 1 points 8 months ago

In order from the most to the least secure:

  • distro repos: there is a process that is supposed to ensure no malicious changes make it through. Usually far enough behind recent code changes for new issues/code being compromised to be spotted
  • official package outside distro repos if packaging org has secure release workflow
  • building from source / official package on external repo if you know little about packaging org: malicious contributor or a compromised account is enough
  • unofficial package: like building from source, but you have to worry about package maintainer too