How to increase security?

Hello Garuda users.

Please read the following template before requesting assistance:

Please post the terminal/konsole input and output as text (no pictures) from the the following command:


Refusing to post the output of the required "garuda-inxi" on a help request will likely result in you not receiving any help from the Garuda team. A failure to provide your system specs may also result in your thread being closed without notice, (as without this information providing assistance is often next to impossible).

Before opening a new help request, please search the Arch and Garuda Wiki's, and read any relevant sections related to your issue. Also, thoroughly search any error messages in the forum's search engine and on the web. For in depth information on how to search for answers to Linux issues effectively read the tips on the Garuda Wiki:

Please report in detail everything you have already attempted to solve your problem.

The template above should be deleted before posting your help request.

Hi to all!!!
I have no problem, everything works great! I just want some advice.
Anyway here is the list of Garuda-inxi:

Kernel: 6.4.1-zen2-1-zen arch: x86_64 bits: 64 compiler: gcc v: 13.1.1
parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
root=UUID=91e581b4-0a47-4ec7-9e8d-0df403d76616 rw rootflags=subvol=@
quiet rd.luks.uuid=ffc7ec5e-333c-49a3-9f60-43dedda2cd86 quiet
rd.udev.log_priority=3 vt.global_cursor_default=0
resume=/dev/mapper/luks-297fbb15-68a1-417d-9ea5-e92a32dde56d loglevel=3
Desktop: KDE Plasma v: 5.27.6 tk: Qt v: 5.15.10 wm: kwin_x11 vt: 2
dm: SDDM Distro: Garuda Linux base: Arch Linux
Type: Desktop System: LENOVO product: 90HU00FXIX v: ideacentre 510-15ICB
serial: Chassis: type: 3 serial:
Mobo: LENOVO model: 36EB v: SDK0J40700 WIN 3258137300085
serial: UEFI-[Legacy]: LENOVO v: O3QKT34A
date: 04/29/2019
Info: model: Intel Core i5-9400 bits: 64 type: MCP arch: Coffee Lake
gen: core 9 level: v3 note: check built: 2018 process: Intel 14nm family: 6
model-id: 0x9E (158) stepping: 0xA (10) microcode: 0xF2
Topology: cpus: 1x cores: 6 smt: cache: L1: 384 KiB
desc: d-6x32 KiB; i-6x32 KiB L2: 1.5 MiB desc: 6x256 KiB L3: 9 MiB
desc: 1x9 MiB
Speed (MHz): avg: 3816 high: 4000 min/max: 800/4100 scaling:
driver: intel_pstate governor: performance cores: 1: 4000 2: 3999 3: 4000
4: 2900 5: 4000 6: 4000 bogomips: 34798
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
Device-1: Intel CoffeeLake-S GT2 [UHD Graphics 630] vendor: Lenovo
driver: i915 v: kernel arch: Gen-9.5 process: Intel 14nm built: 2016-20
ports: active: none empty: DP-1,HDMI-A-1,HDMI-A-2 bus-ID: 00:02.0
chip-ID: 8086:3e92 class-ID: 0380
Device-2: AMD Lexa PRO [Radeon 540/540X/550/550X / RX 540X/550/550X]
vendor: Bitland Information driver: amdgpu v: kernel arch: GCN-4
code: Arctic Islands process: GF 14nm built: 2016-20 pcie: gen: 3
speed: 8 GT/s lanes: 8 ports: active: HDMI-A-3 empty: DP-2,DP-3
bus-ID: 01:00.0 chip-ID: 1002:699f class-ID: 0300 temp: 46.0 C
Display: x11 server: X.Org v: 21.1.8 with: Xwayland v: 23.1.2
compositor: kwin_x11 driver: X: loaded: amdgpu,modesetting
alternate: fbdev,intel,vesa dri: radeonsi,iris gpu: amdgpu display-ID: :0
screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.00x11.22")
s-diag: 582mm (22.93")
Monitor-1: HDMI-A-3 mapped: HDMI-A-2 model: Samsung LF24T35
serial: built: 2022 res: 1920x1080 dpi: 92 gamma: 1.2
size: 528x297mm (20.79x11.69") diag: 606mm (23.9") ratio: 16:9 modes:
max: 1920x1080 min: 720x400
API: OpenGL v: 4.6 Mesa 23.1.3 renderer: AMD Radeon RX 550 / 550 Series
(polaris12 LLVM 15.0.7 DRM 3.52 6.4.1-zen2-1-zen) direct-render: Yes
Device-1: Intel Cannon Lake PCH cAVS vendor: Lenovo driver: snd_hda_intel
v: kernel alternate: snd_soc_skl,snd_sof_pci_intel_cnl bus-ID: 00:1f.3
chip-ID: 8086:a348 class-ID: 0403
Device-2: AMD Baffin HDMI/DP Audio [Radeon RX 550 640SP / 560/560X]
vendor: Bitland Information driver: snd_hda_intel v: kernel pcie: gen: 3
speed: 8 GT/s lanes: 8 bus-ID: 01:00.1 chip-ID: 1002:aae0 class-ID: 0403
API: ALSA v: k6.4.1-zen2-1-zen status: kernel-api with: aoss
type: oss-emulator tools: alsactl,alsamixer,amixer
Server-1: PipeWire v: 0.3.72 status: active with: 1: pipewire-pulse
status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
Device-1: Intel Ethernet I219-V vendor: Lenovo driver: e1000e v: kernel
port: N/A bus-ID: 00:1f.6 chip-ID: 8086:15bc class-ID: 0200
IF: eno1 state: up speed: 1000 Mbps duplex: full mac:
Device-2: Realtek RTL8821CE 802.11ac PCIe Wireless Network Adapter
vendor: Lenovo driver: rtw_8821ce v: N/A modules: rtw88_8821ce pcie: gen: 1
speed: 2.5 GT/s lanes: 1 port: 3000 bus-ID: 02:00.0 chip-ID: 10ec:c821
class-ID: 0280
IF: wlp2s0 state: down mac:
Device-1: Realtek Bluetooth Radio driver: btusb v: 0.8 type: USB rev: 1.1
speed: 12 Mb/s lanes: 1 mode: 1.1 bus-ID: 1-14:5 chip-ID: 0bda:c024
class-ID: e001 serial:
Report: rfkill ID: hci0 rfk-id: 1 state: down bt-service: disabled
rfk-block: hardware: no software: no address: see --recommends
Local Storage: total: 931.51 GiB used: 129.05 GiB (13.9%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/sda maj-min: 8:0 vendor: Seagate model: ST1000DM003-1SB102
size: 931.51 GiB block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s
tech: HDD rpm: 7200 serial: fw-rev: CC63 scheme: MBR
ID-1: / raw-size: 922.71 GiB size: 922.71 GiB (100.00%)
used: 129.05 GiB (14.0%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-ffc7ec5e-333c-49a3-9f60-43dedda2cd86
ID-2: /home raw-size: 922.71 GiB size: 922.71 GiB (100.00%)
used: 129.05 GiB (14.0%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-ffc7ec5e-333c-49a3-9f60-43dedda2cd86
ID-3: /var/log raw-size: 922.71 GiB size: 922.71 GiB (100.00%)
used: 129.05 GiB (14.0%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-ffc7ec5e-333c-49a3-9f60-43dedda2cd86
ID-4: /var/tmp raw-size: 922.71 GiB size: 922.71 GiB (100.00%)
used: 129.05 GiB (14.0%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-ffc7ec5e-333c-49a3-9f60-43dedda2cd86
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default)
ID-1: swap-1 type: partition size: 8.8 GiB used: 0 KiB (0.0%) priority: -2
dev: /dev/dm-1 maj-min: 254:1
mapped: luks-297fbb15-68a1-417d-9ea5-e92a32dde56d
ID-2: swap-2 type: zram size: 7.63 GiB used: 713.2 MiB (9.1%)
priority: 100 dev: /dev/zram0
System Temperatures: cpu: 44.0 C mobo: N/A gpu: amdgpu temp: 45.0 C
Fan Speeds (RPM): N/A gpu: amdgpu fan: 2217
Processes: 257 Uptime: 1h 10m wakeups: 0 Memory: available: 7.63 GiB
used: 3.37 GiB (44.2%) Init: systemd v: 253 default: graphical
tool: systemctl Compilers: gcc: 13.1.1 Packages: pm: pacman pkgs: 1367
libs: 373 tools: octopi,pamac,paru,yay Shell: fish v: 3.6.1 default: Bash
v: 5.1.16 running-in: konsole inxi: 3.3.27
Garuda (2.6.16-1):
System install date: 2023-07-07
Last full system update: 2023-07-07 ↻
Is partially upgraded: No
Relevant software: snapper NetworkManager dracut
Windows dual boot:
Failed units:

I am always worried about protecting my system from various internet problems!
For example, I start Firedragon with firejail, and I set Garuda with Garuda Assistant,
to use DNS Quad9 and hblock...
I would like some of you experts in these things to give me some good advice
to protect my Garuda Linux from the pitfalls of the web.
Many thanks to all.
With best regards.

  • Don’t go where you shouldn’t go.
  • Don’t download what you shouldn’t download.
  • Don’t install what you shouldn’t install.
  • Cover/physically block any computer cameras or microphones.
  • Tin hat is optional.

This is an extremely broad topic, and one that goes far beyond Garuda, of course…
I wouldn’t even know where to begin.
There are books, degrees, professions about it.
Maybe document yourself well on the Internet (learn to understand the reliability of information sources, avoid social networks and the like…).
Maybe throw an eye here:

But again, it’s a drop in the ocean.
First of all I would say choice and security and privacy settings of browser, password, password manager!
And then it all depends more on how you use the tools than the tools themselves.
A lot of the security and a whole lot of the privacy you risk by using social networks too much and too badly for example. And maybe you become a target for social engineering.
If you’re too emotional, you’re more at risk for phishing (or otherwise thoughtless clicks…).



Don't do dumb things, easy as that. 99% of the time when the users get hacked is because they do dumb things such as downloading pirated software, etc... plus, you said that you're already using firejail for example, no need to worry for anything else than you.

That's really it.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.