A personal review on using Manjaro

Hello everyone.

I would like to review this distribution from a perspective that a few do. And that is Security.
Professionally, I work in Information Security and in the last 15 years I have seen things in systems, that would knock your socks of regarding security.

TL;DR; Simply amazing.

Manjaro is mainly aimed at desktop users.

I will use as examples the XFCE and Gnome version which I have used primarily (and Architect) , so if I am missing something from either KDE or any of the Community Editions, I apologize in advance.

Disk Encryption: Out of the box. Just type in a password and you are ready to go.
AppArmor: Enabled and running by default.
Ability to choose only https mirrors: sudo pacman-mirrors --api --proto https
Firewall: Installed by default, enabled by the user.
System Backups: Just open Timeshift, configure it, ready to go.
Lynis score in default installation: 70 (Ubuntu gets a 50)
Kernel Parameters are configured securely for a desktop user
Vulnerability Patching: We are on a Rolling distribution. Probably faster patching than other distros.

Additional tools and software available in the repos:

Veracrypt: Encrypt folders, External Disk Drives, and create encrypted USB Drives that work on Linux, Windows and macOS without spending money on expensive hardware.
usbguard: Do not allow allow any USB device to be connected unless allowed.
Tor-Browser Launcher: Enhance your privacy.
FirewallD: From a laptop user's point of view, using the option to change zones, is so easy a child can do it. And it is integrated with NetworkManager.
DejaDup: Back up utility with encryption options, by default installed on Gnome Edition.
Wireguard: The faster and more secure version of VPN.
ClamAV + ClamTK: Antivirus scanner.
rkhunter: Rootkit checker.

My additional configurations:
Disable IPv6 at boot: Privacy Nightmare.
Lock root user and allow only sudo.
Kernel Core Dump Disabled.
AppArmor Denied Desktop Notifications.
[EDIT]: Password protection of GRUB edit

If you had the patience to read all of the above, you will notice a few things:

  1. I have not used the AUR.
  2. I have not added any PPAs, COPRs, Snaps, or Flatpaks.
  3. I have not downloaded, installed software from other sources. They came OUT OF THE BOX.

For the reasons above (I wish I could write them all, because there are more), I can tell you that the amount of work that the Manjaro Team has made regarding security and privacy, is amazing. They can certainly go head to head with "Professionals" that setup systems, servers, that just create a bucket of security issues just by not configuring the system properly.

Most of us in this forum have seen videos on YouTube of Arch Installations. Everyone stops when they login to a Desktop Environment. But you need to understand that at that point the system is not considered secure, because it lacks basic security configuration. But again, the Manjaro Team has already done that.

So again, my huge congratulations.

13 Likes

I think ManjaroGnome is the best in Linux world. :+1:

1 Like

You couldn't do that even if you wanted. :slight_smile:

3 Likes

The same goes for COPRs. You know what I mean :wink:

You can still add third-party repositories though. :upside_down_face:

1 Like

I use herecura for vivaldi and chrome-dev, and i have very few AUR packages too. I still prefer this vs the time i used Linux Mint and PPAs (anyway, that was for a brief time).

I need to look them up, as for now i have no idea :smiley:

I know this is a lot to ask, but a "how-to" for setting up the security would be a real contribution to the community.

https://copr.fedorainfracloud.org/

1 Like

Ah right, now i remember why i managed to render all my fedora installs (around a year or so ago) absolutely useless :rofl: (not their fault tho) :wink:

As I wrote, the basic installation of the 3 major ISOs is realy good regarding security. Now, a how-to would apply to different scenarios that a user may need to address or even needs to know. It all depends on what you have (data, machines, network) and what you need (encryption, enhanced privacy, network security). So throw some ideas around, and I 'll see what I can do.

1 Like

Try Manjaroi3 edition it is very nice maybe only full i3 distro.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by