Security in Manjaro?

Is Manjaro security enhanced with SE Linux or Apparmor and a firewall? Does it need installation?

Manjaro supports AppArmor, but it’s not activated by default (at least I think so).

1 Like

SELinux is not currently supported. See SELinux: Current status in Arch Linux

Is this AppArmor, important ? Do I need it ?

thank u

In recent .iso (xfce) it seemd to be installed by default, but maybe not activated. I don’t recall. In any case install apparmor, if not installed.
Enable apparmor: systemctl enable apparmor.service

add in grub to GRUB_CMDLINE_LINUX_DEFAULT
apparmor=1 security=apparmor
then update grub: sudo update-grub

Restart computer

Then check in terminal:
aa-enabled

systemctl status apparmor

It is enabled by default, although the amount of profiles that are enforced on a default installation is pretty close to zero.

On a fairly recent Manjaro KDE installation (in VM):

[froggy@kde ~]$ sudo aa-status
[sudo] password for froggy: 
apparmor module is loaded.
5 profiles are loaded.
5 profiles are in enforce mode.
   /usr/lib/snapd/snap-confine
   /usr/lib/snapd/snap-confine//mount-namespace-capture-helper
   lsb_release
   nvidia_modprobe
   nvidia_modprobe//kmod
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
[froggy@kde ~]$
2 Likes

apparmor is atleast prepackaged in any version with SNAP …
whether or not those profiles are very effective
(or even enabled via snapd.apparmor.service as opposed to snapd.service … well I wouldnt know as SNAPs are not my thing)


darnit @Frog :stuck_out_tongue_winking_eye:

Anyhoo…
“Security is something you configure”
https://wiki.archlinux.org/index.php/Security

2 Likes

It is enabled by default,

I just checked

thanks for the tipp

Firejail and netfilter will not conflict with Apparmor will it, nor each other?

Novatian,

I am an average Joe user but I guess you will feel much better if you consider the following:

  • install the security check tool “lynis” from the official repo and make a check of a default install of Manjaro (pretty good),
  • visit the website “Shields up!” and make all the tests there, you will also feel satisfied,
  • run a firewall like “ufw”,
  • update regularly,
  • install “firejail” and all the standard configuration profiles with “sudo firecfg” or (to avoid a possible hiccup) run just your browsers with firejail,
  • remember that you are likely behind a router with its security features.

Please keep in mind that other Linux distros without Apparmor or SELinux by default like PCLOS have (as far as I know) not reported any security disasters. I really think rolling release with tweaks like those above works quite well. Of course a level of 100% security is not available.

1 Like