🐧 Linux Security Guide

Start by updating your Linux distribution: sudo apt update && sudo apt upgrade. Disable unnecessary services with sudo systemctl disable [service]. Set strict file permissions — ensure your home directory is not world-readable (chmod 700). Enable and configure AppArmor or SELinux for mandatory access control. Disable root login over SSH and use key-based authentication only. Install and configure fail2ban to prevent brute-force attacks.

Configure UFW (Uncomplicated Firewall) to block all incoming connections by default: sudo ufw default deny incoming and sudo ufw default allow outgoing. Only open ports you specifically need. For Tor usage, no incoming ports are required. Enable the firewall with sudo ufw enable. For advanced users, configure iptables to force all traffic through Tor (transparent proxy), preventing any application from bypassing Tor.

Install BleachBit to securely delete temporary files, browser history, and application caches. Use shred -vfz -n 5 filename to securely overwrite individual files before deletion. Enable full-disk encryption (LUKS) during installation — this protects all data if your device is seized or stolen. Consider using a separate encrypted partition for darknet-related files. Regularly audit installed packages and remove anything unnecessary with sudo apt autoremove.