What application have you recently discovered?

Lynis performs a scan of your system to check for common vulnerabilities or opportunities for hardening, then generates a report based on the findings. It’s pretty quick and there is a lot of interesting information in the report.

Only two commands required to check it out. Install the package:

sudo pacman -S lynis

Then run the scan.

sudo lynis audit system

That’s it!

By the way, most terminals support Shift+PgUp/PgDn for paging up and down through the output, if you are like me and get tired of whipping the scroll wheel (the output is fairly lengthy).

My initial scan scored 64 out of (I assume) 100:

  Lynis security scan details:

  Hardening index : 64 [############        ]
  Tests performed : 246
  Plugins enabled : 0

Admittedly, this computer is less hardened than my laptop, but still I would have guessed it would do better!

I am not going to implement all of the 33 suggestions they put in my report, but I will definitely read through them and at least address whatever seems critical or easy to fix, to try and batten down the hatches a bit.

I appreciate that the report is easy to read through and understand. Each suggestion in the report has a URL or two that links to an article on the CISOfy website, or a post in the blog they sponsor. It’s a nice touch in my opinion, because it makes it easy to get more information (for example if you have no idea what they are talking about ).

PS: I do see Lynis was already mentioned in this topic¹, but it was almost five years ago so I figured no harm in mentioning it again.

The low score might be partially related to systemd services?
This is what systemd says about its own services on Arch

$ systemd-analyze security
UNIT                                 EXPOSURE PREDICATE HAPPY
NetworkManager.service                    7.8 EXPOSED   🙁
accounts-daemon.service                   5.5 MEDIUM    😐
alsa-state.service                        9.6 UNSAFE    😨
archlinux-keyring-wkd-sync.service        2.0 OK        🙂
auditd.service                            9.4 UNSAFE    😨
bluetooth.service                         6.0 MEDIUM    😐
colord.service                            8.8 EXPOSED   🙁
dbus-broker.service                       8.7 EXPOSED   🙁
dirmngr@etc-pacman.d-gnupg.service        9.6 UNSAFE    😨
dm-event.service                          9.5 UNSAFE    😨
dnscrypt-proxy.service                    1.9 OK        🙂
emergency.service                         9.5 UNSAFE    😨
gdm.service                               9.8 UNSAFE    😨
getty@tty1.service                        9.6 UNSAFE    😨
gpg-agent@etc-pacman.d-gnupg.service      9.6 UNSAFE    😨
irqbalance.service                        1.4 OK        🙂
iwd.service                               6.0 MEDIUM    😐
keyboxd@etc-pacman.d-gnupg.service        9.6 UNSAFE    😨
opensnitchd.service                       9.6 UNSAFE    😨
polkit.service                            1.2 OK        🙂
power-profiles-daemon.service             1.0 OK        🙂
rescue.service                            9.5 UNSAFE    😨
rtkit-daemon.service                      7.2 MEDIUM    😐
shadow.service                            1.2 OK        🙂
systemd-ask-password-console.service      9.4 UNSAFE    😨
systemd-ask-password-wall.service         9.4 UNSAFE    😨
systemd-bsod.service                      9.5 UNSAFE    😨
systemd-hostnamed.service                 1.7 OK        🙂
systemd-importd.service                   5.0 MEDIUM    😐
systemd-journald.service                  4.9 OK        🙂
systemd-logind.service                    2.8 OK        🙂
systemd-oomd.service                      1.8 OK        🙂
systemd-rfkill.service                    9.4 UNSAFE    😨
systemd-timesyncd.service                 2.1 OK        🙂
systemd-udevd.service                     7.0 MEDIUM    😐
udisks2.service                           9.6 UNSAFE    😨
upower.service                            2.4 OK        🙂
user@1000.service                         9.4 UNSAFE    😨

It is possible to see the detailed report for each individual service as well, for example:
systemd-analyze security bluetooth

I think Fedora had some plans to tweak some systemd services for better security/safety to be shipped by default.

This one comes close to microsoft paint in my eyes. My wife used to do this alot to only resize images. With pinta she can do the same thing.

No, not a KDE app

Not sure you’d call this an application (depends on your definitions), but while needing to observe ‘quiet time’ while everyone else is asleep, I installed a host monitoring tool, ‘beszel’ and am quite impressed with the implementation so far, very light footprint it seems.
Beszel HomePage

Now, with only one server do I really need monitoring, no, probably not..but it’s cool

One thing I found funny is that on reddit (where I found it), someone referenced how hard it was to install/configure. I found it quite a snap, though I did have to manualize (is that a word I just made up) some of the steps for some reason during installation and had to edit exactly one file with three or four characters added to it. lol

rmpc https://mierak.github.io/rmpc/

This thing is awesome! It’s almost like ncmpcpp with sane defaults and human-readable configuration <3

It looks like this out of box:

image1920×1080 193 KB

I use it.
Most of the time I don’t know what to do with the output; but has enabled me to correct some issues.

good choice

Interesting, I’ve hit the very same score. Seems like that score does apply to most installs of EndeavourOS ?
But based on the suggestions which I’ve got… that would require some research if it’s really required for my use cases.

At least for the warnings it’s clear what I’ve got to do.

Nice little app. I was able to batch rotate several images at once. And its in Arch repository.

Within his video Video demonstration of EoS with KDE Plasma @Beiruty showed of the plasma widget Apdatifier which seems to be not only a simple notification widget, but also includes some additional features to keep your system up to date.

In comparison to the octopi-notifier which I’ve used until now, it also includes a list of the package updates available and in addition to that, you could keep the installed KDE widgets you’re using up to date.

Quite nice, thanks for that find @Beiruty ! And check his video linked in the topic above for further details.

Edit: Sorry @sempterobit I once again used the wrong reply button, didn’t meant to compose a direct reply to your post. Maybe sometime I’ll learn it to use the other buttom down below for general replies…

@1093i3511 You are most welcome. I hope to share more apps that I find useful or interesting.
A good one is the modified (fork) of the system monitor that can produce system usage charts as a widget in the main KDE panel.

Check it out: https://github.com/orblazer/plasma-applet-resources-monitor

OpenTV
A simple and free IPTV stream player that works very well.

Thanks, but I prefer it lightweight within the terminal and currently use bottom (btm) for that purpose.

In short, I’m using KDE Plasma, yes. But I’ll eventually switch to SWAY or Openbox in the future. Sadly SWAY didn’t worked in a VM the last time I’ve tried and therefore my plans towards that came to a halt.

In short, there are many KDE widgets which are purely decorative. Apdatifier on the other hand has practical uses. Too bad it’s only widget which isn’t listed in the AUR and only can be installed via the KDE store or github.

No harm no foul

I guess you could call it a CLI application. Anyways, new discovery for me.

slabtop

   slabtop  displays  detailed  kernel slab cache information in real time.  It displays a listing of
   the top caches sorted by one of the listed sort criteria.  It also displays  a  statistics  header
   filled with slab layer information.

Run it as root and enjoy the wild ride!

I know what I am going to do rest of the weekend

I tend to say that there is no use for that information being shown. At least to me.

kde /plasma users will find this interesting, i bet?

Not tried it out yet, but am going to:

An excellent tool to send very large files between Linux devices on the same or separate networks.

@bitterhalt, hmmm… How’s the sound? I’m back on DeaDBeeF after a long absence. But I love trying new music players. That looks damn nice.