Linux Fortification

Hello everyone,
Ever feel like your Linux system could use a little extra armor?
Recently I wrote about Qubes OS, but sadly my Intel processor just can’t handle it. I really like my current setup with CachyOS. That’s why I needed another solution because using a virtual machine to separate each application provides great isolation from the rest of the system.
First, I thought about installing a very lightweight OS on VirtualBox for using Firefox, but this isn’t practical because of too many extra steps just to use Firefox. Then I read about Firejail.
Firejail can put any program on Linux into a sandbox, which means that the app inside the sandbox is isolated from the rest of the system - similar to a virtual machine, but not the same. Because a virtual machine creates a whole new OS, Firejail just puts the app inside a sandbox. It’s still a great way to fortify myself. So in this blog post, I like to share my configurations on Firefox and how I used Firejail to simplify and fortify my Linux.

I am going to start with my Firefox setup. I use those Extensions:

• Surfshark: Surfshark is a fantastic tool for boosting your privacy online. Based in the Netherlands, they prioritize user anonymity by not keeping any browsing records. They offer robust VPN protection, but also provide CleanWeb, which blocks ads, trackers, and annoying cookie pop-ups, giving you a cleaner and more streamlined browsing experience.
• uBlock: uBlock Origin is an absolute essential browser extension for anyone who wants to banish those pesky ads, trackers, and other online nuisances. While Surfshark's CleanWeb already does a great job of this, it never hurts to double down on protection. Better safe than sorry, right?
• Chameleon: Chameleon is my absolute favorite extension. The idea of seamlessly disguising your OS and browser just blows me away! That's exactly what Chameleon delivers. Whether I'm using Linux, a website might think I'm browsing from Windows, a different Linux distribution, a MacBook, even an iPhone or Android device. When paired with Surfshark's VPN, it creates an incredibly layered approach to online privacy.
• Privacy Badger: Privacy Badger is another essential tool in the fight against online trackers. This extension focuses solely on blocking trackers, keeping your privacy safe and sound.
• ClearURLs: ClearURLs is a truly brilliant extension! I had no idea about this until recently, but many URLs include sneaky trackers hidden within them. For example, when you look at a product on Amazon, the URL can be ridiculously long because much of it is made up of tracking code. ClearURLs steps in and removes all those trackers, leaving only the essential parts of the URL.
• NoScript Security Suite: As described on the official website "... NoScript gives you the best available protection on the web. It allows JavaScript, Flash, and other executable content to run only from trusted domains of your choice (e.g. your banking site), thus mitigating remotely exploitable vulnerabilities, such as Spectre and Meltdown. It protects your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology. ..."
• Bitwarden: Bitwarden has become an absolute lifesaver for me! It not only helps me locate login information for websites I'd completely forgotten about, but it also ensures my passwords are always rock-solid. It does more than just generate strong passwords with customizable numbers, letters, and special characters—it actively keeps track of compromised passwords, alerting me to any potential security risks.
• Firefox: Within Firefox settings, navigate to the "Privacy & Security" tab and enable "HTTPS-Only Mode." This ensures all browsing occurs over secure HTTPS connections, protecting your data. Remember to always avoid HTTP websites and never enter sensitive information (credentials) on unsecured sites. HTTP lacks encryption, making your input vulnerable.
  And did you know Firefox already runs within a security sandbox? To check if it's enabled, open a new tab and type "about:support" in the address bar. Look for the "Sandbox" section in the results. This feature helps isolate Firefox from your system, providing an extra layer of protection.

Extensions are fantastic, but safeguarding my own data is most important.
I've spent time on the Microsoft subreddit, and it felt like daily posts about compromised accounts — a stark reminder of online threats.
I've explored various email providers, and yes, I know many people criticize Microsoft. But their privacy settings for email truly impress me. Microsoft allows you to create aliases, essentially multiple email addresses that share a single mailbox.
I've gone a little overboard with this! I have aliases specifically for Bitwarden and my Microsoft account – never used for anything else, registered nowhere except within Microsoft.
Then there are aliases for different purposes: one for my blog, another for private use, even ones for registering on various websites. The beauty is, all these emails land in the same inbox. And here's the clincher: you can choose which alias grants access to your accounts. So, none of the addresses I use for website registration can ever be used to log into Bitwarden or Microsoft—keeping my login information incredibly secure when combined with 2FA.

Finally, I’ll tell you how I fortified my Cachy OS with Firejail. Normally, to start an application via Firejail, it’s needed to open a terminal and write the command – for example: “Firejail firefox”. But I’m not only using Firefox; I’m a fox by myself! I can’t take all the credit, but with help from ChatGPT, I created a file to make an icon that automatically opens my desired app via Firejail, making those previous steps completely useless.
I will explain the file and show it on the example of Firefox.

[Desktop Entry]
Name=Firefox (Firejail)
Comment=Browse the web with Firefox in a Firejail sandbox
Exec=firejail firefox
Icon=firefox
Terminal=false
Type=Application
Categories=Network;WebBrowser;                 
              

You can create a similar setup yourself! Use a text editor like nano to create a new file and paste this code into it. The script is fairly straightforward and mostly self-explanatory. The crucial line is "Exec=firejail firefox", which executes Firejail with Firefox as the target application every time you click the newly created icon named "Firefox (Firejail)". The "Terminal=false" setting ensures that the application runs as a graphical program, not within a terminal window.
And here's the best part! You can create these types of files for any application you want to run in Firejail. Simply change "firefox" to the command you want to execute, and you have an icon for secure, isolated app usage.

Remember, no security setup guarantees complete protection. There's always a possibility of compromise, no matter how robust your defenses. However, by implementing these measures, you significantly reduce your risk and make it much harder for attackers to succeed. Stay informed about potential threats and remain vigilant, because Cybersecurity is an ongoing journey!