• Off-TopicNo
  • Solus OS Basic Security Guide for New Users

rootkit hunter was iffy back in the Win days, and with ClamAV the developer walked away from it 6 months ago claiming it was an "awful"* tool. Perhaps the limitations of their signatures and upkeep.
Lynis standalone which is a great audit. *I can find his words if asked.

Other than that I agree with every word.
also for passwords, use pwgen from the repo. First-rate tool.
Excellent write-up. edit/typo&clarify

    brent

    Thanks, i am just putting this here for myself. but if anyone want to use it for their references that is nice as well.

    As a note, neither clamav nor rkhunter are in the Solus repository.

    • h3ll replied to this.

      and neither is Timeshift as far as I remember (not currently logged in to be able to check).

      • h3ll replied to this.

        EbonJaeger

        rkhunter is deprecated

        clamav is still running just compile it yourself and you also use lynis to audit yourself as well

        h3ll Yes, but without it being in the repo it's not necessarily easy for a non-technical user to install and use. Just thought it was worth pointing out.

        • h3ll replied to this.

          Last I knew, Timeshift also relies on cron, which Solus also does not have or support. So unless they've finally added support for systemd timers, I don't think that will work.

          • h3ll replied to this.

            stocc Yeah, i know just pointing out for the others too as well

            EbonJaeger

            For Solus systems without cron, here's how to configure Timeshift with native systemd timers:

            1. Create Timeshift Backup Service

            sudo nano /etc/systemd/system/timeshift-backup.service
            [Unit]
            Description=Timeshift System Backup
            Requires=network-online.target
            After=network-online.target
            
            [Service]
            Type=oneshot
            ExecStart=/usr/bin/timeshift --create --comments "Scheduled snapshot" --tags D
            ExecStartPost=/bin/sh -c 'date +"%%Y-%%m-%%d %%H:%%M:%%S" >> /var/log/timeshift.log'
            ExecStartPost=/bin/sh -c 'echo "Snapshot created: $(ls /timeshift | tail -n1)" >> /var/log/timeshift.log'

            2. Create Systemd Timer

            sudo nano /etc/systemd/system/timeshift-backup.timer
            [Unit]
            Description=Weekly Timeshift Backups
            
            [Timer]
            OnCalendar=Mon *-*-* 04:00:00
            RandomizedDelaySec=1h
            Persistent=true
            
            [Install]
            WantedBy=timers.target

            3. Enable and Verify

            sudo systemctl daemon-reload
            sudo systemctl enable --now timeshift-backup.timer
            
            # Check timer status
            systemctl list-timers timeshift-backup.timer

            Key Differences from Cron:

            1. Persistent State: Survives reboots better than cron
            2. Log Integration: Journal entries via:
                 journalctl -u timeshift-backup.service -b -n 50
            3. Calendar Flexibility: Supports more complex schedules like:
                 OnCalendar=*-*-1,15 03:00:00  # 1st/15th of month

            Note: Solus' curated updates mean you should still manually verify Timeshift snapshots after major system updates:

            sudo eopkg check | grep -q "broken" && timeshift --restore

              Is this output from an LLM? Seems littered with weird/wrong information enough to be the case.

                Staudey

                Nope, this is correct and you can set timeshift with systemd i tested myself and i don't use any LLM. My LLM is DeepSeek with a custom prompt for unrestricted/uncensored results and provides all correct answers only.

                  For password generation i use the dd command
                  dd if=/dev/random count=1 bs=256 2>/dev/null |openssl base64 |tr -d '\n' | cut -b-24
                  the number in the end is the wanted characters

                    TL;DR:
                    Guide meant for (probably Debian based) server hardening makes its way to the forum of a (non Debian based) desktop oriented distro through the "skillful" application of LLM magic.

                      CorvusRuber

                      I don't have any servers and this is my old updated guide i thought i share and post for my reference and others as well. Since most ppl on solus os are noobs, so i thought i help

                      Half of your "guide" either refers to tools and packages that are not present on Solus (like timeshift, clamav or rkunter) or are meant to be used on server environments (like sshguard).
                      The other half is either common sense ("use long passphrases"), useless ("use wireguard or openvpn": what does that mean, since this "guide" should be for "noobs" ?), or simply so devoid of context to be meaningless (like the "virtualization security" section)

                      Again, this looks like a long winded gpt generated "guide" for the sake of karma farming, but we're not on reddit.

                        CorvusRuber

                        rkhunter was in the old solus thats how you know your not a og and you trying to start shit, but it is removed now due to it being depreciated in april 2025.

                        timeshift was also in solus, but it got discontinued and but got brought back to life, here it is: https://github.com/linuxmint/timeshift

                        clamav also used to be in the solus package manager, but later removed

                        sshguard is still in the package manager and can be used for brute force protection + firewalld which is also in the solus packaging

                        long passphrases is good to have if your on linux anyways so no one cant easy to guess and gain access, but ofc not too long as i mention 14+

                        disable unused services like openvpn since it is slower and old, wireguard more speed and modern. Since mullvad uses wireguard now, makes since to use less openvpn and no point to leave it enable

                        incase people want to run virtual machines from their actual pc for testing, trying out isos, or whatever they want

                        you seem to refering to "chatgpt" which no linux user should be using as they collect data etc, so no its not "gpt" and actually you can refer to

                          CorvusRuber oh also the keyword, you forgot to read and didn't bother to read it anyways. "synthesized"

                          stekte For password generation i use the dd command

                          I just use LastPass for that. It's fully adjustable for parameters, and has the advantage of storing the result in its vault for future use whenever needed.