Please tell me if if I am posting this thread in the wrong part of the forum
I am switching to Linux after using purely Apple products for 10 years
I am using Garuda Linux on my laptop and intend on using it on my desktop after I get it
I would like to make Garuda Linux as secure as macOS and some other Linux distributions like Ubuntu
I have a NordVPN subscription and I am currently using LastPass and LastPass Authenticator
I plan on setting up NordVPN on Garuda Linux on my laptop and I will be migrating off LastPass products possibly to Bitwarden/Vaultwarden and maybe Authy for 2FA
Should I be using AppArmor and LUKS in addition and what else can I do?
As with many security-related considerations, the precautions you “should” take are entirely dependent on your threat model. Some people would never dream of configuring their system without disk encryption, while others can’t be bothered because the protection it provides is not relevant to them. Neither stance is correct; it is up to each person to determine what an appropriate security posture is.
Unless you have some way of quantifying how secure these other OS’s are, this is a kind of an unspecific goal. What security features does macOS have that you want to incorporate into your setup? How about Ubuntu? If you are more specific about the type of hardening you want to achieve, it will be a lot easier to figure out what options are available to you, and how realistic their implementation will be for your use case.
Lucky for you, nordvpn-bin is in the Chaotic-AUR and you can just install it with Pacman.
sudo pacman -S nordvpn-bin
Heads-up: NordVPN is configured and managed on the command line, which may be different than what you are used to. But don’t let that deter you; there are only a few commands you need to know, and if you forget you can use the help syntax in any command for a reminder. The ArchWiki article is worth a read (and maybe a bookmark) before you get started as well: NordVPN - ArchWiki.
That’s a great move in my opinion. I have to use LastPass for certain things at work and I think it is terrible. Bitwarden is way better, even if you just use the free tier.
Again, this depends on your threat model. It can make your system more secure and isn’t that difficult to get through the basic setup (although creating custom profiles can be a bit of a rabbit hole), but bear in mind it can introduce additional troubleshooting complexity. If some random application or something isn’t working right, you have to remember to check if AppArmor is blocking something it should not be in addition to other troubleshooting that may be appropriate for whatever is busted.
If security is your goal, this is low-hanging fruit. It’s really easy to set up (just a check-box in the installer), and for the most part it Just WorksTM. Type in your passphrase when you boot up to unlock the disk, and that’s all there is to it. However, using encryption can introduce additional troubleshooting or configuration complexity in some cases.
This article is a great place to start if you want to learn more about hardening your system: Security - ArchWiki. There is obviously a lot of content there, but it’s worth at least reading through the whole article to get an idea of what’s in it. From there, decide what you want to learn more about, and…follow the white rabbit.
Hey there, welcome to Garuda Linux and the Linux world in general!
You’re in the right place and asking all the right questions, so no worries at all. It’s great to see someone moving from macOS and wanting to get things set up securely—Garuda can definitely match or even go beyond macOS in that area.
Here’s a quick guide to help you get your system hardened and secure:
Security Setup Guide for Garuda Linux
1. Full Disk Encryption (LUKS)
If you didn’t enable it during install, consider reinstalling and choosing the encryption option—it’s like Apple’s FileVault.
If you ever need help doing any of these steps, feel free to ask! There’s a great community here, and we’re always happy to help. You’re doing great already by just diving in.
(note - there may be a typo in command so make sure you verify those) and also these measures are good to be taken but i would recommend watching tutorial on these steps for a better understanding if you are new and want to understand everything , its optional for some peopple to do these steps becuase linux by itself is pretty safe and stable )
As with a lot of AI-generated content, this is a mix of good information and bad. In my opinion, this kind of LLM copypasta tends to degrade the overall quality of the forum, and provides little value since anyone can just go type their query into duck.ai or similar on their own for free.
Posting AI-generated content is not forbidden here, but I generally agree with the rationale provided on some of the forums where it is, for example these ones:
Security Setup Guide for Garuda Linux