For password generation i use the dd command
dd if=/dev/random count=1 bs=256 2>/dev/null |openssl base64 |tr -d '\n' | cut -b-24
the number in the end is the wanted characters
Solus OS Basic Security Guide for New Users
TL;DR:
Guide meant for (probably Debian based) server hardening makes its way to the forum of a (non Debian based) desktop oriented distro through the "skillful" application of LLM magic.
I don't have any servers and this is my old updated guide i thought i share and post for my reference and others as well. Since most ppl on solus os are noobs, so i thought i help
Half of your "guide" either refers to tools and packages that are not present on Solus (like timeshift, clamav or rkunter) or are meant to be used on server environments (like sshguard).
The other half is either common sense ("use long passphrases"), useless ("use wireguard or openvpn": what does that mean, since this "guide" should be for "noobs" ?), or simply so devoid of context to be meaningless (like the "virtualization security" section)
Again, this looks like a long winded gpt generated "guide" for the sake of karma farming, but we're not on reddit.
- Edited
rkhunter was in the old solus thats how you know your not a og and you trying to start shit, but it is removed now due to it being depreciated in april 2025.
timeshift was also in solus, but it got discontinued and but got brought back to life, here it is: https://github.com/linuxmint/timeshift
clamav also used to be in the solus package manager, but later removed
sshguard is still in the package manager and can be used for brute force protection + firewalld which is also in the solus packaging
long passphrases is good to have if your on linux anyways so no one cant easy to guess and gain access, but ofc not too long as i mention 14+
disable unused services like openvpn since it is slower and old, wireguard more speed and modern. Since mullvad uses wireguard now, makes since to use less openvpn and no point to leave it enable
incase people want to run virtual machines from their actual pc for testing, trying out isos, or whatever they want
you seem to refering to "chatgpt" which no linux user should be using as they collect data etc, so no its not "gpt" and actually you can refer to
CorvusRuber oh also the keyword, you forgot to read and didn't bother to read it anyways. "synthesized"
Still convinced to be talking to a chatbot....
Again nothing wrong with it anyways, people actually learning and gaining certificates, it is wrong with toxic leftist community cant never go no where, but also prob also use a "chat bot" as well. Everyone should use what they want and instead of false accusing someone, how about you verify yourself?
https://addons.mozilla.org/en-US/firefox/addon/deep-fake-detector/ - Gecko
https://chromewebstore.google.com/detail/deep-fake-detector/kajehpmjflbbjfnbngcpcoingbpedlak - chromium
by Mozilla, uses various open source models for text ai detection and soon video/audio will be out
h3ll synthesized
Synthesized meaning - Though i rewored some words and added some few or extra steps/options. To make it fit solus and before posting all commands work and excellently running on my pc.
h3ll rkhunter, clamav, and timeshift are not in the deprecated package list, which would indicate that they've never been included in the Solua repository. Furthermore, I remember requests for Clam's inclusion being rejected at least once many years ago on the old issue tracker. Timeshift has also been requested several times over the years, but has always been blocked from inclusion due to its reliance on crontab, which Solus also doesn't have. What do you mean exactly by "Old Solus"?
I'm not really sure what's going on in this thread at this point, but I would like to remind everyone to be respectful. This has already gone a bit off the rails.
- Edited
I understand people wanting to share information with other users to help them out. A better approach would be to write up something for the Help Center. That way, the information can be vetted and made "official" so there's no confusion or doubt.
As a user who has searched for how-to's for various things, I will always trust an organizations docs a lot more than random posts on forums or around the Internet.
Some corrections/questions:
h3ll Nope, this is correct and you can set timeshift with systemd i tested myself and i don't use any LLM. My LLM is DeepSeek with a custom prompt for unrestricted/uncensored results and provides all correct answers only.
So are you using an LLM or not? I'm confused, is this a joke? 
h3ll New solus has removed it from package manager:
sudo eopkg install clamav rkhunter
As people have said (and now even your edited post alludes to), this command won't work because those packages aren't, and never were, part of the repository.
h3ll VPN recommendations:
WireGuard (built-in kernel support)
OpenVPN (Disable with sudo systemctl disable openvpn.service)
So do you recommend OpenVPN, or do you want people to disable it? ^^
h3ll sudo eopkg check | grep -q "broken" && timeshift --restore
This'll always fail, since grep is case-sensitive and the actual text is "Broken" with a capital B. Also I'm not sure it's a good idea to restore a backup for any "Broken" package, because most of the time that's not harmful at all, but then again I don't know how timeshift works exactly.
h3ll Synthesized meaning - Though i rewored some words and added some few or extra steps/options. To make it fit solus and before posting all commands work and excellently running on my pc.
FYI Your link doesn't work unless one is logged into kagi. In any case: Clearly you didn't run many of the commands, as they don't work (see above)
- Edited
Staudey confused
Clearly you didn't test, but as for the majority you have to compile it yourself, i can also write a step by step how to get it on your solus os without package manager, or you could use flathub.
Staudey As people have said (and now even your edited post alludes to), this command won't work because those packages aren't, and never were, part of the repository.
ClamAV was never officially supported in Solus repositories. The Solus team maintained a consistent stance against including it due to its Windows-focused scanning nature and limited value for Linux desktop users. However, users could install outdated versions via Flatpak (not recommended). https://discuss.getsol.us/d/6408-new-to-solus-dash-to-dock-clam-antivirus
https://discuss.getsol.us/d/1623-reconsidering-clamav
Rkhunter (Rootkit Hunter) was previously available but removed from Solus' package manager in April 2025. Earlier discussions (2019-2023) show it was used for rootkit detection, though some users reported false positives.
https://discuss.getsol.us/d/1419-highly-suspected-compromised-solus-iso-rootkits-post-fresh-install
https://discuss.getsol.us/d/7006-threats/2
Chkrootkit isn't explicitly mentioned in Solus sources, but Linux security discussions note it's often used alongside rkhunter despite potential false positives. https://www.linux.org/threads/chkrootkit-and-rkhunter-possible-false-positives.53787/#:~:text=A%20virus,your%20password.
Staudey So do you recommend OpenVPN, or do you want people to disable it? ^^
Yes, as i said in the post, clearly didnt read less resources the better, so wireguard is modern, secure, and speed
https://mullvad.net/en/blog/removing-openvpn-15th-january-2026
Staudey This'll always fail, since grep is case-sensitive and the actual text is "Broken" with a capital B. Also I'm not sure it's a good idea to restore a backup for any "Broken" package, because most of the time that's not harmful at all, but then again I don't know how timeshift works exactly.
Good, suggestion and go test as linux is about exploring and trying new things
It used to be in the solus package managing manager back in 4.3 or somewhere as long the lines, i done my research and those rookit detection scanners are getting depreciated soon, i thought i just leave up for reference but ill remove it and keep lynis instead nowadays.
Staudey FYI Your link doesn't work unless one is logged into kagi. In any case: Clearly you didn't run many of the commands, as they don't work (see above)
You can now use kagi without a account, as they recently posted their changelogs about that and everything
https://kagi.com/search?q=synthesized+ai+meaning%3F&r=us&sh=teLIQQS0m5Ypz7beo8jPEQ - try again
- Edited
I'm sorry but this seems very unfocused and like you are generalizing from your own use case?
This is both a logical fallacy and also not very helpful to others. One example that others have also mentioned is about VPN. So because something I never heard about before (mulvad) wants YOU to drop openvpn it means that I should disable openvpn ? Even though my job requires me to use it?
If you want to compile a list of GENERAL advice, it should be GENERALLY applicable.
hakimjonas So because something I never heard about before (mulvad) wants YOU to drop openvpn it means that I should disable openvpn ?
I was pretty sure that Mullvad (which I use) does not preclude the use of OpenVPN, so I asked Grok about that:
"Yes, Mullvad does use OpenVPN. It supports OpenVPN as one of its VPN protocols, alongside WireGuard. Mullvad provides configuration files and settings for OpenVPN in its client software, allowing users to connect to its servers using this protocol. OpenVPN is known for its strong security and flexibility, which aligns with Mullvad’s focus on privacy. However, Mullvad also encourages the use of WireGuard for its speed and modern design, but OpenVPN remains fully supported for those who prefer it.
So, to sum up: Yes, Mullvad uses OpenVPN as an option for securing your connection to its VPN servers."
WetGeek OK but my point was that OP posted this as:
"a concise security guide for new Solus users..."
And then precedes to recommend disabling openvpn even though this is a widely used tool. And the reason seem to be mostly about this other payed vpn service.
What ever they recommend might be correct for them but I don't see how this fits into a general guide for Solus users. But please enlighten me, I have been known to be wrong in the past.
disabling unused services on a Linux system, including Solus OS, can reduce the attack surface. Removing unnecessary software is a way to reduce the attack surface. Disabling unused services improves system security.
https://labex.io/tutorials/linux-linux-disable-command-with-practical-examples-422642
https://techcommunity.microsoft.com/blog/askperf/disabling-unnecessary-services-a-word-to-the-wise/373444
https://unix.stackexchange.com/questions/774460/from-a-security-standpoint-why-should-unused-software-be-deleted
https://discuss.getsol.us/d/4927-disabling-services
https://wafatech.sa/blog/linux/linux-security/best-practices-for-disabling-unnecessary-services-on-linux-servers/
@h3ll It's not that I totally disagree but perhaps its a bit too opinionated. Again I might be wrong but I don't think inactive services present a very serious risk.
And you are probably correct in recommending wireguard but you have to understand that openvpn is not deprecated and is in fact used by many people and companies.
I for one have to use it, and actually want to suggest adding openvpn3 to eopkg - just haven't found time to learn how to correctly suggest that.