How to Configure System Security with Cinnamon Desktop on Linux Mint

Learn how to configure system security for Linux Mint with Cinnamon.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  4 minute read  

Linux Mint, especially with the Cinnamon desktop environment, offers a user-friendly and customizable experience. However, like any operating system, it needs proper security configurations to protect against threats. This guide will walk you through essential security measures to help you configure and strengthen system security on Linux Mint with Cinnamon.

1. Keep Your System Updated

One of the simplest yet most effective security measures is keeping your system updated. Regular updates patch vulnerabilities and improve stability.

Steps to Update Linux Mint

  1. Open Update Manager from the menu.

  2. Click Refresh to check for available updates.

  3. Click Select All and then Install Updates.

  4. If prompted, enter your password and wait for the update process to complete.

  5. For terminal users, run:

    sudo apt update && sudo apt upgrade -y

    This updates all packages and applies security patches.

2. Configure Firewall (UFW)

A firewall controls incoming and outgoing network traffic. Linux Mint includes Uncomplicated Firewall (UFW) for managing firewall settings.

Steps to Enable and Configure UFW

  1. Open the terminal.

  2. Enable UFW by running:

    sudo ufw enable

  3. To check the status:

    sudo ufw status verbose

  4. To allow essential applications (like SSH if using remote access):

    sudo ufw allow ssh

  5. To deny specific applications or ports:

    sudo ufw deny 23/tcp  # Blocks Telnet

  6. To disable UFW (if needed):

    sudo ufw disable

For a graphical interface, install Gufw:

sudo apt install gufw

Then access it from the menu under Firewall Configuration.

3. Manage User Accounts and Permissions

User accounts should have appropriate permissions to prevent unauthorized changes to the system.

Steps to Secure User Accounts

  1. Limit sudo Access:

    • Only grant sudo privileges to necessary users.

    • Check sudo users:

      getent group sudo

    • Remove unnecessary sudo users:

      sudo deluser username sudo

  2. Use Strong Passwords:

    • Enforce password policies with PAM (Pluggable Authentication Module):

      sudo apt install libpam-pwquality

      Edit /etc/security/pwquality.conf to enforce complexity rules.

  3. Lock Inactive Accounts:

    • To disable an account:

      sudo passwd -l username

    • To expire a password:

      sudo chage -E 0 username

4. Enable Automatic Security Updates

Automating security updates reduces the risk of missing critical patches.

Steps to Enable Automatic Updates

  1. Open Update Manager.
  2. Click Edit > Preferences.
  3. Go to the Automation tab.
  4. Enable Security Updates.

For command-line automation:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades

5. Secure the Boot Process with GRUB Password

Adding a password to the GRUB bootloader prevents unauthorized access to boot options.

Steps to Secure GRUB

  1. Open a terminal and edit the GRUB configuration file:

    sudo nano /etc/grub.d/40_custom

  2. Add the following lines:

    set superusers="admin"
password_pbkdf2 admin GRUB_Hash

  3. Generate a password hash:

    grub-mkpasswd-pbkdf2

    Copy the output hash and replace GRUB_Hash in the above code.

  4. Update GRUB:

    sudo update-grub

6. Enable Disk Encryption

Full-disk encryption (FDE) ensures data protection if your device is stolen or lost.

How to Enable Encryption

  • If installing Linux Mint fresh, select Encrypt the new Linux Mint installation during installation.

  • If Linux Mint is already installed, use LUKS encryption:

    sudo cryptsetup luksFormat /dev/sdX

    Replace /dev/sdX with the correct drive partition.

7. Disable Unnecessary Services

Unneeded services can introduce security risks.

Steps to Disable Services

  1. List running services:

    systemctl list-units --type=service

  2. Disable unwanted services:

    sudo systemctl disable service-name

  3. Stop a service immediately:

    sudo systemctl stop service-name

8. Secure Cinnamon Lock Screen and Session

Locking your screen when idle prevents unauthorized access.

Steps to Secure the Lock Screen

  1. Open System Settings > Privacy.
  2. Enable Screen Locking.
  3. Set a short idle time before locking.
  4. Use Ctrl + Alt + L to manually lock the screen.

For extra security, install fail2ban to prevent brute-force attempts:

sudo apt install fail2ban

9. Use AppArmor for Application Security

AppArmor restricts applications from accessing unauthorized system resources.

Steps to Enable and Configure AppArmor

  1. Check if AppArmor is active:

    sudo aa-status

  2. Enable AppArmor if not already enabled:

    sudo systemctl enable --now apparmor

  3. To enforce a profile for an application:

    sudo aa-enforce /etc/apparmor.d/usr.bin.firefox

10. Regular System Audits

Performing security audits helps detect potential vulnerabilities.

  • Chkrootkit (detects rootkits):

    sudo apt install chkrootkit
sudo chkrootkit

  • Lynis (system auditing tool):

    sudo apt install lynis
sudo lynis audit system

Conclusion

Securing your Linux Mint system with the Cinnamon desktop involves several steps, from keeping software updated to configuring firewall rules and enabling encryption. By implementing these security measures, you can greatly reduce the risk of attacks and unauthorized access. Regular audits and best security practices will ensure that your system remains safe and reliable.


< How to Set Up Monitoring ToolsManaging Network Services >