Security of Arch Linux: a newbie question

I’ve heard (from more experienced users) that Arch is a do-it-yourself system, where almost everything about your system is up to your own efforts, including security. So my question is kinda broad. What exact actions, methods and steps are people talking about, when they say “you are responsible for the security of your Arch system”? What are the known ways and methods to enhance security of an Arch system? Does EndeavourOS provide anything more than regular Arch in this regard, apart from firewalld? (I’m not saying that those defaults are “bad” - I don’t really know)

speaking of… I just checked the status of my firewalld, and for some reason, it says “inactive”, even though “loaded.” Is something wrong here?

https://wiki.archlinux.org/title/Security

Hardening is broad topic, most concepts are laid here nicely…

honka_animated-128px-46

2 Likes

Potentially. Can we see the output of:

systemctl status firewalld
sudo firewall-cmd --state
○ firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:firewalld(1)

not running

That firewall is definitely not running.

What happens if you do sudo systemctl start firewalld

after running that command there was no output, so I retried the previous ones

● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: disabled)
     Active: active (running) since Sat 2024-02-10 19:01:43 EET; 12s ago
       Docs: man:firewalld(1)
   Main PID: 8177 (firewalld)
      Tasks: 2 (limit: 8240)
     Memory: 36.0M (peak: 36.5M)
        CPU: 619ms
     CGroup: /system.slice/firewalld.service
             └─8177 /usr/bin/python /usr/bin/firewalld --nofork --nopid

feb 10 19:01:42 blind-computer systemd[1]: Starting firewalld - dynamic firewall daemon...
feb 10 19:01:43 blind-computer systemd[1]: Started firewalld - dynamic firewall daemon.

and
running
however… will it be running after the next restart? :thinking:

It is enabled so it should be. You might want to go through the logs an see what caused it to stop.

oh I think I know.
I just looked over at the system tray, and my third party firewall app disappeared from there, so I guess only one can be running at a time? I thought they both can…

also, clicking on the firewalld tray icon, for some reason I had to manually press “Enable protection” (it wasn’t ticked until I did it)

If it is a network firewall, should only have one of those.

I don’t think the firewalld tray icon has a box labeled “Enable protection”. Are you sure that isn’t your other firewall?

well it sure looks different from that app. I clicked on the “info” option and it said “Firewall applet”, and has a link leading to http://www.firewalld.org

I have a checkbox named “Shields Up”, but that is something different. Can you take a picture of it?

that might be it. I just use a non-English language for my system, so I translated manually.
just switched language to English and yeah that was it.

also, after having to restart the session, the third party firewall applet is back, though with a red status (it’s inactive)
btw, I never saw the firewalld applet tray icon before, so I guess it was never active since I reinstalled the system months ago. Maybe something went wrong all the way at my first install.
or perhaps it was this third party app all along. I installed it right after the system reinstall, and it’s programmed to run right after each startup. It also kinda works by being a kernel extension, if that’s relevant.

upon clicking the firewalld applet, I’m also having an annoying “Connections; Interfaces; Sources” pop-up menu in the middle of my screen which I cannot get rid of :"D

is it normal though, that “Shields Up” is inactive by default?

Yes. Shields up switches to the zone to “block” which drops all incoming connections. It basically ignores your firewall rules. Generally, it should be unchecked.

oh okay, good to know. I thought it means that the firewall is disabled completely.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.