Security of Arch Linux: a newbie question

blind_confused · February 10, 2024, 9:45am

I’ve heard (from more experienced users) that Arch is a do-it-yourself system, where almost everything about your system is up to your own efforts, including security. So my question is kinda broad. What exact actions, methods and steps are people talking about, when they say “you are responsible for the security of your Arch system”? What are the known ways and methods to enhance security of an Arch system? Does EndeavourOS provide anything more than regular Arch in this regard, apart from firewalld? (I’m not saying that those defaults are “bad” - I don’t really know)

speaking of… I just checked the status of my firewalld, and for some reason, it says “inactive”, even though “loaded.” Is something wrong here?

keybreak · February 10, 2024, 9:49am

https://wiki.archlinux.org/title/Security

Hardening is broad topic, most concepts are laid here nicely…

honka_animated-128px-46

dalto · February 10, 2024, 4:41pm

Potentially. Can we see the output of:

systemctl status firewalld
sudo firewall-cmd --state

blind_confused · February 10, 2024, 5:00pm

○ firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:firewalld(1)

not running

dalto · February 10, 2024, 5:01pm

That firewall is definitely not running.

What happens if you do sudo systemctl start firewalld

blind_confused · February 10, 2024, 5:04pm

after running that command there was no output, so I retried the previous ones

● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: disabled)
     Active: active (running) since Sat 2024-02-10 19:01:43 EET; 12s ago
       Docs: man:firewalld(1)
   Main PID: 8177 (firewalld)
      Tasks: 2 (limit: 8240)
     Memory: 36.0M (peak: 36.5M)
        CPU: 619ms
     CGroup: /system.slice/firewalld.service
             └─8177 /usr/bin/python /usr/bin/firewalld --nofork --nopid

feb 10 19:01:42 blind-computer systemd[1]: Starting firewalld - dynamic firewall daemon...
feb 10 19:01:43 blind-computer systemd[1]: Started firewalld - dynamic firewall daemon.

and
running
however… will it be running after the next restart?

dalto · February 10, 2024, 5:05pm

It is enabled so it should be. You might want to go through the logs an see what caused it to stop.

blind_confused · February 10, 2024, 5:06pm

oh I think I know.
I just looked over at the system tray, and my third party firewall app disappeared from there, so I guess only one can be running at a time? I thought they both can…

blind_confused · February 10, 2024, 5:08pm

also, clicking on the firewalld tray icon, for some reason I had to manually press “Enable protection” (it wasn’t ticked until I did it)

dalto · February 10, 2024, 5:08pm

If it is a network firewall, should only have one of those.

dalto · February 10, 2024, 5:09pm

I don’t think the firewalld tray icon has a box labeled “Enable protection”. Are you sure that isn’t your other firewall?

blind_confused · February 10, 2024, 5:10pm

well it sure looks different from that app. I clicked on the “info” option and it said “Firewall applet”, and has a link leading to http://www.firewalld.org

dalto · February 10, 2024, 5:12pm

I have a checkbox named “Shields Up”, but that is something different. Can you take a picture of it?

blind_confused · February 10, 2024, 5:19pm

that might be it. I just use a non-English language for my system, so I translated manually.
just switched language to English and yeah that was it.

also, after having to restart the session, the third party firewall applet is back, though with a red status (it’s inactive)
btw, I never saw the firewalld applet tray icon before, so I guess it was never active since I reinstalled the system months ago. Maybe something went wrong all the way at my first install.
or perhaps it was this third party app all along. I installed it right after the system reinstall, and it’s programmed to run right after each startup. It also kinda works by being a kernel extension, if that’s relevant.

upon clicking the firewalld applet, I’m also having an annoying “Connections; Interfaces; Sources” pop-up menu in the middle of my screen which I cannot get rid of :"D

is it normal though, that “Shields Up” is inactive by default?

dalto · February 10, 2024, 5:24pm

Yes. Shields up switches to the zone to “block” which drops all incoming connections. It basically ignores your firewall rules. Generally, it should be unchecked.

blind_confused · February 10, 2024, 5:25pm

oh okay, good to know. I thought it means that the firewall is disabled completely.

system · February 12, 2024, 5:26pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.