Since under Arch/EndeavourOS I get many kernel updates I thought I should learn how do system maintenance. I mean uninstall old kernels to save disk space. I didn’t find any useful info about that but I found this Wiki which is about kernels. The wiki says this
Hardened — A security-focused Linux kernel applying a set of hardening patches to mitigate kernel and userspace exploits. It also enables more upstream kernel hardening features than linux.
Q1)Nftables is already enabled on my system. There are no services listening on any port so all ports are closed. Will installing this kernel make my system even more secure ?
Q2) When I installed the LTS kernel I used the command
sudo pacman -S linux-lts linux-lts-headers
So there was this “linux-lts-headers” after linux-lts. When I visit the hardened kernel page I see only “linux-hardened”. No mention of headers. So in case of the hardened kernel its only this ?
Repository : extra
Name : linux-hardened-headers
Version : 5.12.14.hardened1-1
Description : Headers and scripts for building modules for the Security-Hardened Linux kernel
Architecture : x86_64
URL : https://github.com/anthraxx/linux-hardened
Licenses : GPL2
Groups : None
Provides : None
Depends On : None
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 22.28 MiB
Installed Size : 125.14 MiB
Packager : Levente Polyak <anthraxx@archlinux.org>
Build Date : Thu 01 Jul 2021 12:41:06 PM CDT
Validated By : MD5 Sum SHA-256 Sum Signature
I will start using it as soon as I reboot. Never used this kernel so don’t know what to expect and even if this kernel makes my system more secure there is no way for an average home user like me to know that coz whatever happens will be happening in the background.
Wow this kernel has lots of security features most of which I have never heard before. I will just Google and try to learn. I don’t use Samba or any of the following so I don’t think I will face any issues.
However, it should be noted that several packages will not work when using this kernel. For example:
Also, at least as late as Gnome 3.36, Arch Hardened was not compatible with all features in Gnome. Most notable you could not change user account setting (portrait etc) with a hardened kernel due permission issues.
telegram-desktop also complains a little bit about this kernel, but it works
First two times I launched it closed… but now it’s working, not sure what happened during the 1st two attempts…
I guess applications that needs to access real-time priority for thread will get into problems, but this is only a speculation
Edit: Launched using the non hardened kernel and got the same error regarding the real-time priority, so I guess the above speculation is not accurate…
I just tried that but frankly a knowledgeable user needs to translate that into English so that a novice can understand but I must say that after reading what others have said so far I am able to understand that this kernel is pretty restrictive in nature which is very nice. Its exactly what I want. If using the hardened kernel provides me the security which equivalent to OpenBSD or HardenedBSD its a really good thing. I have used OpenBSD in the past but problem is its designed for servers & to use it as a desktop os one needs to do a ridiculous amount of tweaking.
