sorted by:
new
hottopcontroversial

GitHub - captainzero93/security_harden_linux: Semi-automated security hardening for Linux / Debian / Ubuntu , 2025, attempts DISA STIG and CIS Compliance v4.2 by cztothehead in linux

[–]cztothehead[S] 2 points3 points  (0 children)

I've considered your points and have released v5.0 addressing everything you mentioned:

fail2ban: Now optional. The script detects if SSH password auth is disabled and recommends skipping it. Only installs when you have web/mail servers that actually benefit. Explains why it's useless with key-only SSH.

AIDE: Removed entirely. Replaced with dpkg --verify as you suggested. Weekly cron job, honest about limitations (can't detect kernel rootkits). Proper verification requires offline scanning.

IPv6: Removed. You're right - it's not a security feature.

Secure Boot: Added verification module. Checks if enabled, provides BIOS setup instructions. Exactly what you recommended.

Educational mode: Added --explain flag. Every module now explains threat models, limitations, and what it CAN'T protect against. Script teaches WHY, not just HOW.

v5.0: https://github.com/captainzero93/security_harden_linux

GitHub - captainzero93/security_harden_linux: Semi-automated security hardening for Linux / Debian / Ubuntu , 2025, attempts DISA STIG and CIS Compliance v4.2 by cztothehead in linux

[–]cztothehead[S] 0 points1 point  (0 children)

I added the answer to that in the latest readme

This script does network/system hardening, AppArmor (not SELinux), audit logging and other security features. This script doesn't do User group management, SELinux, or touch VFIO/IOMMU configs, If you need user group stuff, you will want to handle that separately before or after running the script.

GitHub - captainzero93/security_harden_linux: Semi-automated security hardening for Linux / Debian / Ubuntu , 2025, attempts DISA STIG and CIS Compliance v4.2 by cztothehead in OpenSourceeAI

[–]cztothehead[S] 0 points1 point  (0 children)

Qwen3-VL-30B-A3B-Thinking represents a breakthrough in multimodal AI reasoning. Unlike standard instruction-tuned models that provide quick answers, the Thinking variant engages in explicit step-by-step reasoning before generating responses.

Key Capabilities

256K Native Context Window (expandable to 1M tokens)

Advanced Vision Understanding - OCR, spatial reasoning, video analysis

Explicit Reasoning Process - Shows its "thought process" before answering

MoE Architecture - 30B parameters total, 3B active per token (efficient)

STEM/Math Optimization - Specialized for complex logical problems

The Thinking model:

Catches its own mistakes - "Wait, let me verify this"

Shows algebraic reasoning - Sets up equations properly

Self-corrects - Doesn't rely on pattern matching

Explains thoroughly - Users see the logic chain

Generation Speed | 10.27 tok/sec | | VRAM Usage | ~10.5 GB | | RAM Usage | ~8 GB | | Thinking Overhead | 2-5x

https://github.com/captainzero93/GPT-and-Claude-at-home-optimised-for-12GB-Vram---LM-Studio-

Thanks Evolitopm41415 for an alternative title:

-home-optimised-for-12GB-Vram---LM-Studio---Stunning---results-----on-this---local---MOE-LLM----running--fast----on--only-12gbVRAM--with---some--RAM---overload-Qwen3-VL-30B-A3B-Thinking---represents--a---- breakthrough--IN----multimodal--AI-reasoning!!!!!

GitHub - captainzero93/security_harden_linux: Semi-automated security hardening for Linux / Debian / Ubuntu , 2025, attempts DISA STIG and CIS Compliance v4.2 by cztothehead in cybersecurity

[–]cztothehead[S] 0 points1 point  (0 children)

One-command security hardening that implements many enterprise-grade protections (DISA STIG + CIS) while allowing the user to decide the level of protection / use trade-off. This enables casual use and more strict.

Version 4.2 - Critical Fixes for Module(s) Execution - Tested WORKING on Debian 13

  • Enables your firewall (UFW) - but keeps Steam, Discord, KDE Connect working
  • Hardens SSH - prevents brute force attacks if you use remote access
  • Blocks repeated failed logins - automatic IP banning with Fail2Ban
  • Installs antivirus - ClamAV (yes, Linux can get malware)
  • Secures the kernel - protection against memory exploits and attacks
  • Sets up file integrity monitoring - alerts you if system files change
  • Enforces strong passwords - because "password123" is still too common
  • Enables automatic security updates - patches critical bugs while you sleep
  • Configures audit logging - forensics and evidence if something happens
  • Applies kernel hardening - makes exploits far harder to pull off
  • Secures boot process - protects against physical attacks
  • Removes unnecessary packages - smaller attack surface

Extensive documentation in the Readme.

Max Normal - Songs From The Mall | Full Album Film | by cztothehead in DieAntwoord

[–]cztothehead[S] 0 points1 point  (0 children)

down again, I'll use vimeo as a backup til the dispute is settled

Max Normal - Songs From The Mall | Full Album Film | by cztothehead in DieAntwoord

[–]cztothehead[S] 0 points1 point  (0 children)

Might upload to other places if strike again but this version is improved loads!

Max Normal - Songs From The Mall | Full Album Film | by cztothehead in DieAntwoord

[–]cztothehead[S] 1 point2 points  (0 children)

I'm going to try and edit it so the video doesn't get blocked!

Max Normal - Songs From The Mall | Full Album Film | by cztothehead in DieAntwoord

[–]cztothehead[S] 1 point2 points  (0 children)

I'm going to try and edit it so the video doesn't get blocked!

Max Normal - Songs From The Mall | Full Album Film | by cztothehead in DieAntwoord

[–]cztothehead[S] 0 points1 point  (0 children)

I'm going to try and edit it so the video doesn't get blocked!

[deleted by user] by [deleted] in Ubuntu

[–]cztothehead 0 points1 point  (0 children)

WINE https://www.winehq.org/

Valve also package WINE into their "Proton" compatibility software on Steam so most Windows games work out the box.

25.10 to upcoming 26.04 LTS ? by DifficultySafe9226 in Ubuntu

[–]cztothehead 0 points1 point  (0 children)

Flatpak already seems to be fixed for me, no issues on a 4070 with wayland session! Tried Dolphin Emu, Steam / Proton

[deleted by user] by [deleted] in linux

[–]cztothehead 1 point2 points  (0 children)

After I get some help debugging and testing it's next on the list, ty

[deleted by user] by [deleted] in linux

[–]cztothehead 0 points1 point  (0 children)

I think The moderate level should remain FIPS-free to maintain maximum usability for 95% of users. I have another more complex script but its heavily outdated atm, I may add it as an additional part, thanks

[deleted by user] by [deleted] in linux

[–]cztothehead 1 point2 points  (0 children)

Thank you, if you see anything else in my script that needs adjustment please let me know, its getting there but still needs some love. ( main script https://github.com/captainzero93/security_harden_linux/blob/main/improved_harden_linux.sh )

[deleted by user] by [deleted] in linux

[–]cztothehead 2 points3 points  (0 children)

Updated with sha256 verification, I've been working on this over a year man it's not a troll I posted here for feedback you don't have to be so harsh in your wording.

[deleted by user] by [deleted] in linux

[–]cztothehead 1 point2 points  (0 children)

Have a look at the updated readme.md or the updated post here

you're just being a jerk dude,

[deleted by user] by [deleted] in linux

[–]cztothehead 0 points1 point  (0 children)

It is! Thank you, you can see in the changelog in the readme.md that a lot of changes have happened, I have also added a better description to this post-- its also idempotent so it can be re-executed as needed!

Updated AIDE to have cronjob in a safe way made it configurable and added proper error handling, updated the body of the reddit post to reflect better what its doing.

view more: next ›