OpenSnitch
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch. Ref: https://github.com/evilsocket/opensnitch
Warning
appindicators which is required for the system tray icon is buggy and seems to produce a lot of syslog errors: journalctl --since "1 hour ago"
Recommend installing and using Tray Icons: Reloaded instead: https://extensions.gnome.org/extension/2890/tray-icons-reloaded/
Note
Works more or less with VPNs… YMMV.
Other speedup configs
Caution
Tread at your own risk… A lot of these things can fuck-up your device and might be annoying to undo or fix easily. But we all have installation scripts and backups right…. right?!
Monitor journalctl --since "1 hour ago" for bugs and application errors which might use up battery, or other hardware resources. Need to run as admin to see all messages otherwise you will only see logs related to your system.
gnome-shell editor: dconf-editor
To look into:
Hardening scripts
debian-cis
Warning
Some of these may not be desirable to have hardened on host machines.
# Installation
# need root to cp into /etc/default/cis-hardening
cd debian-cis
cp debian/default /etc/default/cis-hardening
sed -i "s#CIS_LIB_DIR=.*#CIS_LIB_DIR='$(pwd)'/lib#" /etc/default/cis-hardening
sed -i "s#CIS_CHECKS_DIR=.*#CIS_CHECKS_DIR='$(pwd)'/bin/hardening#" /etc/default/cis-hardening
sed -i "s#CIS_CONF_DIR=.*#CIS_CONF_DIR='$(pwd)'/etc#" /etc/default/cis-hardening
sed -i "s#CIS_TMP_DIR=.*#CIS_TMP_DIR='$(pwd)'/tmp#" /etc/default/cis-hardening
# Audit everything
./bin/hardening.sh --audit-all
# audit single item
./bin/hardening/4.4_logrotate_permissions.sh --audit
# Apply a fix / harden
./bin/hardening/4.4_logrotate_permissions.sh --apply