Using Mint in this example, since many newer folks are using it.
The avahi service can be a huge vulnerability and attack surface in Linux. Which almost defeats the purpose of privacy on its own. It can reveal your hostname, what OS and version you are running, CPU whether or not ssh is running or open, plus it adds ports and "auto" (aka zero) confs new devices, services and other stuff. I consider it to be part of the iot pandemic, where security is thrown out the door for "things."
As requested... How to install and set-up Tor on BSD.
Warning: You must learn about security in the BSD's first. Most especially setting up a firewall (pf recommended). I am using FreeBSD in this example, but it should also work the same on OpenBSD or Dragonfly. Not sure about NetBSD.
Take this as a guide, every installation is different. At the end I installed firefox-esr just to show you where the Tor-socks config data would go.
I might do more videos about hardening BSD in the future, dunno...
This is how to install a minimal Debian 10.7 system with only i3 window manager and a couple of minimal programs. Yes, I put both dmenu and rofi on the install list, but you can pick one or both.
All you have to do is download the latest Debian net install iso from Debian. In this install I am using a VM, but I use this setup on 2 X230's with the latest kernels and some security tweaks. See my other video about Mint and Debian security upgrades.
This will shutoff USB and bluetooth (if you want) to protect you from USB port attacks, payload attacks, fed-jacking etc. Shuting down bluetooth can eliminate exposure to exploits and proximity surveillance.
Using Debian 10.7 but this should work on any derivative.
Pause it on the code part...
I compare the lynis hardening index score of 3 major distros (according to distrowatch) after a pentest audit.
The operating systems are MX Linux, Ubuntu and Manjaro. All are default VM installs with updates and firewalls enabled- no special rules.
Lynis version 3.0.3
I use sudo ./lynis --pentest audit system and then ./lynis audit system
There are many other comparisons to do and different ways to use lynis, but this is a really good baseline comparison. I only decided to do this because I notice that MX is always listed on top on distrowatch by a large number. I don't use any of these desktops/derivatives, I guess each has their own appeal.
These are the commands to fully remove Firefox and other Mozilla stuff from your system. Some people don't like the polymorphic telemetry.
Your system may or may not have firefox-locale-en, but it is often time installed without your choosing in some Debian derivatives.
Mozilla constantly adds new types of telemetry into Firefox and it is too hard to keep up with. Most users have never opened about:config. But after they do, they realize it is a hodgepodge of intentional confusion designed to keep the average user from having privacy.
As a replacement you can install a GNU Browser, Surf, Brave (its getting worse) or Iceweasel.
I left the .mozilla folder in ~ out of this example because many people have configs with stored passwords etc.
Install OpenSuse Tumbleweed in GuhNohme Boxes. Select the most minimal desktop which is IceWM. Then install lynis i3 and st term.
A good thing is the default install is pretty secure. I run Lynis against the default install with IceWM and get a 92 score, which is pretty good.
Using OpenSuse Net Tumbleweed snapshot.
I am using a barebones debian net install with only ufw in place. Check out my other video on minimal debian and i3 for a full install.
To install DWM the suckless.org winder managerial:
Here am are what I showing you:
1. wget the tarred files from suckless
2. tar xf them
2.5 Install debian specific dependenicies
3. make clean installate
4. create .xinitrc and the few lines that need to go into it to start dwm
5. startx
Its fairly simple and quick. Pause or speed up as you need.