Security Features in Fedora 20

Discussion in 'GNU/Linux' started by melbo, Jan 5, 2014.


  1. melbo

    melbo Hunter Gatherer Administrator Founding Member

    I've been running Fedora exclusively for the past year or so and have recently upgraded to F20. I take some of the security features of Linux for granted but thought I'd try to highlight a few of them here.

    I'll show a little about LUKS encryption, the btrfs filesystem and SELinux.

    When installing a new Fedora system, you have the typical options on what packages (programs/apps) you want to install and also need to select an installation destination. This destination will automatically install 'along side' any other OS that is detected allowing you to 'dual boot' or choose your OS at system start up. I never dual boot and install to the entire space. My partitions on a 1TB drive (or drives in a volume) look like this:

    /boot = 1 GB - unencrypted
    /root = 50 GB - encrypted
    /swap = 16 GB - encrypted
    /home = the rest of the drive GB - encrypted

    I always choose to encrypt my entire install using LUKS - this encrypts all drives, partitions, etc with the exception of the /boot partition (I have a trick to secure this as well ;))

    Linux Unified Key Setup - Wikipedia, the free encyclopedia

    These screenshots are taken in 'Boxes', a Virtual machine that comes packed with the Gnome Desktop Environment

    Install summary
    Screenshot from 2014-01-04 20:47:24.

    Destination Options - note that I've chosen btrfs and checked the box to 'encrypt my data' - one can also choose LVM or standard partition and use ext4 or other Linux filesystems.
    Screenshot from 2014-01-04 20:28:14.

    Setting the encryption password which I'll be prompted for to unlock my disk(s) at each system boot. Without this key, the drive is full of gibberish.
    Screenshot from 2014-01-04 20:28:45.

    The btrfs files system allows me to combine multiple (I run 3) drives into a single volume. What this means is that after the system boots and mounts the btrfs filesystem, all of the seperate drives are combined into a single drive, or volume. LVM does the same thing. btrfs has some advantages over other Linux filesystems although I use it for snapshots and the SSD performance that it's built around.

    Btrfs - Wikipedia, the free encyclopedia
    Logical volume management - Wikipedia, the free encyclopedia

    My system is fully encrypted and other than the passwd prompt at boot, this encryption is totally transparent to me.

    Security-Enhanced Linux - Wikipedia, the free encyclopedia
    The SELinux kernel module also helps secure the system from outside attacks by verifying requests that are global. It's quite often a pain in the butt but I feel comfortable with Fedora utilizing it by default.

    If you'd like to give Fedora a try, download your flavor (32 or 64bit) and give it a test drive
    Fedora Project - Get Fedora: Desktops, Other Formats, Spins, Cloud Images, ARM or Secondary Arches.

    Choose 'Fedora 20 Live Spins' for a bootable OS that doesn't change your system HDD or choose the Fedora 20 DVD if you want to go ahead and install on your system or in a VM.


    Let me know what you think.
     
    Last edited: Jan 27, 2014
    CATO, Dont, chelloveck and 1 other person like this.
  2. Dont

    Dont Just another old gray Jarhead Monkey

    I have been running Ubuntu For several years and have been satisfyed with its preformance.. It may be time for a change.. One can get stuck in a rut...
     
  3. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    @melbo do you run KDE, xfce or another flavor desktop?
     
  4. melbo

    melbo Hunter Gatherer Administrator Founding Member

    I run Gnome with a customized shell theme called Elegance Colors
     
    Brokor likes this.
  5. kckndrgn

    kckndrgn Monkey+++ Moderator Emeritus Founding Member

    funny, after my HD went out last week, I decided to try fedora 20 after using Ubuntu and Mint for the past couple of years.

    I've had a few quirks that I never had with the other distro's. Getting quicktime to work properly (had to uninstall a plug-in for firefox to get it to use the proper plug-in), yesterday after an update I could open ONE application then all other application windows that were opened were black. Turns out its a minor bug and I had to add a conf file in the xorg directory in /etc. no more issues.
    Black Windows in Gnome 3 (suddenly) - Ask Fedora: Community Knowledge Base and Support Forum

    Other than those two issues, fedora has been pretty good for the week I have used it.

    I don't know why, but on EVERY linux distro I use, if I left FF running for an extended amount of time (like say overnight while I go to bed) it is always "crashed" when I go to use it next.
     
  6. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    @kckndrgn Memory Leak, most likely... App slowly consumes available Ram Memory, and then once it reaches the limit, it crashes.... Very common, in so-so code..... and very hard to track down, and fix....
     
  7. kckndrgn

    kckndrgn Monkey+++ Moderator Emeritus Founding Member

    @BTPost, yes more than likely and for a while I was sending in the crash reports, but gave up on doing that. Lately to help conserve some energy (and not have a high utility bill) I've just been making sure I power down the PC at night and during the day when not home. I would think that FF would fix a memory leak tho, who knows maybe it's in one of the add-on's I have installed.
     
  8. melbo

    melbo Hunter Gatherer Administrator Founding Member

    FF mem leaks have been chronic for years:
    firefox memory leak - Google Search

    You can set those bug reports to 'automatic' if you want.

    f18, f19 and f20 have all installed for me without any issues.
     
  9. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    Most issues I read from Google link, claim memory hog issues ended with the first couple of distributions, and that those issues have been solved. There was the idea floated that it was the extensions of FF, that were the true cause of modern complaints of memory leakage, not the browser itself.
     
  10. melbo

    melbo Hunter Gatherer Administrator Founding Member

    This may be of value to a new Fedora user. Welcome to the bleeding edge world of yum
    Things I do after a fresh Fedora install | Survival Monkey Forums
     
    kckndrgn likes this.
  11. kckndrgn

    kckndrgn Monkey+++ Moderator Emeritus Founding Member

    melbo likes this.
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7