Hello all, running Debian 12 right now and really liking this thing. I never ran straight Debian before, always mint or Ubuntu. But anyway…

I’m wondering if you guys could recommend some troubleshooting or scanning tools that help you find errors, misconfiguration, basically any thing that could be wrong with your system. I’d much prefer GUI tools as CLI tools can be a bit confusing.

So my only thoughts are auditing type apps. Don’t those comb through your system for issues? I’ve tried Lynis and it seemed pretty cool, need to explore further. Of course you got your vulnerability scanners which I plan to use. You’ve got your rootkit scanners and clamv for malware. I just got netdata up and running last night. Now that is one confusing ass app lol so many options and i dont really kniw what im looking at lol. But I’m more interested in the system itself. I know I have some issues within my system. Htop only tells you so much and it never answers my problems when my computer random freezes or It starts overworking and heating, yet no high CPU or memory usage showing on htop.

I know I have networking issues with my VPN and DNS and other stuff. I just lack the knowledge to know where to look and what to fix, so trying to finder more user friendly, maybe more proactive tools I can use to help me discover things within the system that need attention. Overall I just want a healthy, dependable, safe, secure Linux system and I always endupFrankensteining my shit just trying different crap and everything eventually falls apart lol so help with some reomendations please, folks!

  • Stapling9851@lemm.eeOP
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Great advice. Its just that I’m sorta a eager learner when it comes to tech, especially the privacy and security side and I honestly don’t always know what I’m doing or I’ll read the wrong guide to set things up and I end up getting lost or confused or things just straight up don’t work. So I for sure have some wires crossed somewhere and some roadblocks causing issues here and there. I have recently learned more about ansible and chef and I indeed need to research. Those tools seem quite complex but hey, I’ll try anyway. And as far as selinux goes, I just thought that was one of those thins that automatically comes installed and configured on every OS? Also there’s app armor… Is that in this realm of things too? Is it deemed “good” or necessary to use? Thanks

    • pezhore
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Personally, I find Ansible to be much more intuitive than other products in the configuration management space. Start small, think about what you want your system to look like.

      Do you want Firefox installed? Use ansible.builtin.package to install it!

      Do you want to have ssh server configured to disallow password authentication (and only allow ssh keys)? Use ansible.builtin.blockinfile on your sshd.config file!

      Regarding SELinux vs apparmor, they both are designed to lock down a system, but they have different philosophies about how to approach the problem.

      SELinux says block all by default and only if it’s configured to allow it will it be allowed to happen.

      Apparmor on the other hand is permissive by default, and it will only restrict if it is configured to do so.

      By the way, both can be managed by Ansible, and SELinux even has a module to do so: https://docs.ansible.com/ansible/latest/collections/ansible/posix/selinux_module.html.

      • Stapling9851@lemm.eeOP
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Fascinating stuff! A tad confusing lol but definitely learnable. So to me, selinux and app armor sound similar to firewalls… On the surface at least

        • pezhore
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I suppose you could say it’s similar in that there are allow-lists and deny-lists that permit or restrict actions, but the key difference is Apparmor/SELinux are in the OS space - they can permit/restrict the ability to restart services, or prevent sudo from being used in certain ways.

          Firewalls are predominantly used to permit/restrict network connectivity either ingress (e.g. traffic from outside the system coming into it) or egress (e.g. traffic that is leaving the system). A good example would be using a firewall to restrict ingress traffic to port 22 - allowing remote management of a system over SSH.

          I hope this is helpful!