Using Linux


(In Linux Mint, at least:) Any time you hear of an application you'd like to try, first go to Start menu and see if it's already installed in your system. If not, go to Software Manager and see if it's available there. [But check to see if the version you get is seriously old.] If not, do "apt list | grep NAME" and see if it's in the repo. If not, go to web site for the application and get it from there.

Same is true of Ubuntu, just make sure you have all repos enabled, and name of the store/manager app varies. Also, some apps will be snaps.

Applications that work well and I use have a green check-mark next to them. Your needs and opinions may differ from mine.


Important: After you install a browser, disconnect from the internet, launch the browser for the first time, turn off telemetry and other features you don't want, quit, connect to internet again, launch the browser again.

One quirk: when saving files to a VeraCrypt volume, Firefox will forget the proper setting of "last directory saved to". GNOME Web (Epiphany) doesn't have that problem.

It seems that when you're browsing/reading text pages, you want "open link in new tab" to automatically switch focus to the new tab. But if you're going to download a bunch of photos from a photo-gallery page, you don't want that, you want focus to stay on the original page.

Email Client:

Password Manager:
See "Password Manager" section of my "Authentication" page.


GUI Text Editor:
To make some CLI commands launch your favorite editor instead of nano or something, set e.g. "export VISUAL=/usr/bin/xed" in your .profile.

CLI Text Editor:

Source Code Editor:
Alistair Ross's "Howto: What is Git and Github? How do I use it and why should I care?"
See Using Git and GitHub section of my "Develop an Application" page

Markdown editors:
Add Markdown AllInOne + Markdown Preview Enhanced extensions to VSCode. Or:
voldyman / MarkMyWords

Microsoft's "Docs Markdown reference"
adam-p's "Markdown Cheatsheet"

PDF Viewer and Editor:
Adobe no longer supports Linux for PDF viewing and editing.

I think "annotating" a PDF is not the same as "doing form-filling". Neither is same as "editing". And there are two types of form-filling: "XFA" and "AcroForms". Then there is "signing".

I ended up having to go to a Windows machine to do my PDF tax forms.

poppler-utils ? PDF Chain / pdfchain ?
quickfill add-on for Chromium ?
Xournal (does annotation, writing over top of a PDF that is used as the background image).

Useful online service:

From someone on reddit:
I was not looking forward to today because I was under the impression that I was going to have to set up a cracked version of Windows on a VM so that I could use a free trial of Acrobat Pro to do a simple (but time-sensitive) PDF edit on my xubuntu machine.

That was before I stumbled upon pdftk.

The process was quite simple:
sudo apt-get install pdftk 
pdftk PDF_File.pdf burst #This command strips out all of the pages and creates individual .pdf files

#Sign the signature page with GIMP
#Create a new page to add new text with LibreOffice 
#Paste signature into new page and export as PDF

ls *.pdf >> pdf-filenames.txt #Create a file of individual page names
value=$(<pdf-filenames2.txt) #Assign pagenames to bash variable
pdftk $value cat output Merged_Document.pdf #Merge the files back into one
[There is also Python package to do stuff like this, PyPDF2.]

qpdfview ?

Diagram And Flowchart Editors:
Ankush Das's "Top 10 Microsoft Visio Alternatives for Linux"

Farm-Fresh web icons

Genealogy (family tree):
Steve Emms' "8 Best Free Linux Family History Software"

Web Site Tools:
Alistair Ross's "How to password protect web sites via .htaccess"
Alistair Ross's "Quick and dirty hacks: one line HTTP Server"

Downloading Videos and Images:
VLC has a "Record" function that's supposed to let you save any video VLC is playing, but Record totally sucks, don't use it.

For downloading videos, use browser add-on "Video DownloadHelper" by mig, and install the companion app that it uses.

Recording Desktop Activity:
OBS (video and live streaming)

Recording CLI Activity:

Image Viewing and Editing:
CLI image manipulation: KolourPaint, phatch, Inkscape, Photoscope

Video Player:

Video Editor:
Tried Kdenlive and Openshot-qt video editors, but way too complicated for me, all I want to do is cut segments out of existing videos.

For just cutting:

I've heard: avoid Davinci Resolve; installation and distro support are horrible, and it's Nvidia-oriented (crashes a bit on AMD ?).

FOSS Linux's "How to capture screenshot GIF, and Video with Audio, from command line"
Alistair Ross's "Screencast recording with Green Recorder"
Rotating videos with FFmpeg
SK's "20+ FFmpeg Commands For Beginners"

Check MP3 file:
sudo apt-get install libimage-exiftool-perl
exiftool -veryShort FILENAME
exiftool -veryShort -x IngredientsFilePath -x IngredientsToPart -x IngredientsFromPart -x IngredientsDocumentID -x IngredientsMaskMarkers -x IngredientsInstanceID -x Lyrics -x Lyrics-eng -x Comment -x Comment-eng -x Composer -x Album -x Artist -x Band -x Subtitle -x HistoryAction -x HistoryInstanceID -x HistoryWhen -x HistorySoftwareAgent FILENAME

# part of ffmpeg package
ffprobe FILENAME

sudo apt-get install mp3info
mp3info -x -f -F FILENAME

sudo apt install mp3diags

Encryption etc:
Archive encryption: "zip -e".
Single-file encryption: "vim -x".

"7z" files: "sudo apt install p7zip-full", and then maybe Archive Manager will handle 7z files. If not, "7za x FILE.7z" or "7za x FILE.7z.001" to extract files.


Backup and Restore:
Syncing your primary disk to a secondary disk, or syncing a primary disk to the cloud, is not the same as backing up that primary disk. With syncing, if you delete something from the primary or it gets corrupted, the problem will be copied to the other place, and you've lost data. Usually in a backup, the destination maintains multiple historical copies of each file, so a mistake/problem on your primary disk does not wipe out the previously-backed-up data.

Good idea to save snapshots of disk configuration into files, and back up those files, so you can rebuild the configuration of your system if necessary. Maybe a script containing:
sudo blkid | grep -v squashfs >saved.blkid.txt
cp /etc/fstab saved.etcfstab.txt
lsblk --fs --list --paths >saved.lsblk.txt
sudo fdisk --list >saved.fdisk.list.txt
sudo inxi -Fmpx >saved.inxi.txt
tar --create --file ~/.ecryptfs/*
# .ecryptfs files let you use ecryptfs-recover-private to recover access

Good idea to save browser things such as bookmarks, settings of "trained" browser add-ons (such as uBlock Origin, uMatrix, Privacy Badger, CanvasBlocker), digital certificates, into files and back those up. Also export RSS feed subscriptions out of email client or RSS reader to a file that will get backed up.

Aaron Kili's "24 Outstanding Backup Utilities for Linux Systems in 2018"

Anti-Virus and Malware Scanners:
Two "modes" of anti-virus:
For a moderately careful user, I think manual scanning is best. Real-time scanning imposes a performance penalty, may destabilize the system, can introduce vulnerabilities, and requires that you trust your AV software greatly.

For every product, you can find detractors. It slows down the system, increases the attack surface, runs at too high a privilege level, has a history of exploits, gives too many false positives, etc. Most of the criticisms apply more to the real-time mode rather than the manual mode.

Some say AV is not needed on Linux:
Some people say there is no risk of malware on Linux, but this is less true every year. Now that most of the world's web servers and most of the IoT devices are running some form of Unix/Linux, attacks and malware are becoming more and more common. Now that home users spend 90% of their time in a browser, browser and browser add-on exploits are a big risk. Attack surfaces such as code/macro engines inside "smart" documents such as MS Office and PDF documents, or inside email clients, are similar on Linux to those in any other OS. Java, Javascript, Python, Electron, etc, everything is trying to become cross-platform. A browser exploit probably doesn't care what underlying OS you're running.

From someone on reddit 3/2019:
Cybersecurity blue team here, in the wild we probably see more Linux payloads than we do Windows due to the high number of servers that run enterprise Linux. That being said, botnet attacks and scripted exploits normally drop and try to execute both Windows and Linux versions of the same payload which is super scary to see. Linux doesn't protect you from viruses at all. In fact, thinking you're more secure just for running Linux is deluded, new privilege escalations are released almost daily. If you stay on top of it, you could own someone's laptop pretty trivially with some help from exploit-db.

From /u/longm0de on reddit 2/2020:

I have an experimental Win10 laptop that I keep up to date with Defender disabled through WinRE with no other anti-malware, and I haven't had a single malware enter my system in years, I've even purposefully downloaded malware. I've even run it knowing its limitations by limiting it to a single user and without administrator privileges without my system ever being screwed. Linux users will claim similar things such as not having malware ever since switching over. The commonality here? Both of our points are anecdotal as there is always the right tool for a job, and anti-malware software works great for protecting users.


Linux is multi-user so it is more secure ? Windows is multi-user as well. Win 1x,2x,3x,95/98/ME are from a different lineage of Windows. Windows NT was launched in 1993 and used the kernel which Windows still uses (of course, upgraded) today, which is rooted in OpenVMS and inherits a lot of the stability, robustness, multi-user features, and security that it had. It's not built from DOS in any way shape or form. Windows is a secure multi-user operating system. Many "consumer friendly" distributions such as Ubuntu give you access to read/write to other user directories without root access. This will NEVER happen by default on "Windoze".

Easy Linux tips project's "Security in Linux Mint: an explanation and some tips" strongly advises NOT installing anti-virus software, and gives reasons.

Also see:
Wikipedia's "Linux malware"
Catalin Cimpanu's "ESET discovers 21 new Linux malware families"
Paolo Rovelli's "Don't believe these four myths about Linux security"

Moe Long's "The 7 Best Free Linux Anti-Virus Programs"
Tecmint's "The 8 Best Free Anti-Virus Programs for Linux"
Wikipedia's "Linux malware"

See the "Testing your defenses" section of my "Computer Security and Privacy" page.

File Integrity Checkers:
Scan system files and report any changes, which might be due to malware.

For info about iptables, firewalls, Firejail, Apparmor, SELinux, and more, see my VMs, Containers, Controls page.

CLI Shell:
There are lots of other alternatives: dash, ksh, oksh, csh, tcsh, loksh, mksh, yash, etc.

Correcting mis-typed commands: nvbn / thef*ck

See "Linux Shell Script" section of my "Develop an Application" page.


Word Online: can be used for free by anyone with an or Hotmail account.

Office 365 is a home and business subscription service. Some subscription plans offer desktop Office but others don't. Some plans include web services like business email and Azure AD but others don't.

From someone on reddit 7/2019:
[For small-business use:]
Honestly, Linux Desktop isn't really business-ready at the moment. It's getting close but it's not there.

For office work you need Microsoft Office, be it Word, Powerpoint, Visio, or Excel.

Some will say you can use LibreOffice, or other open-source. But the main problems are the same tasks are not always possible (try setting sequential formulas in an excel sheet with the Ctrl + Enter on Libre), and when you create documents in these alternatives, they don't look the same when opened with Microsoft Office (i.e. vendors or clients you deal with will see this as unprofessional).

An issue I see, as a home user, is that the printer drivers don't properly shrink an oversize document. Maybe it's a bug in my distro (Mint 19) or apps or the driver for my printer (HP 363x series), or because I'm in Europe using A4 paper and an A4-sized printer. But a document with content right up to the edges, and slight bigger than the paper size, has the edges cut off instead of being shrunk to fit. Happens with xed and xreader at least. And there're no margin settings in their print dialogs. [Edit: not a problem with same printer with Ubuntu 20.04 and gedit app.]

Robert Zak's "How to Open a docx File without Microsoft Office"

For info about Docker, flatpak, appimage, and more, see my VMs, Containers, Controls page.

Jack Wallen's "An Introduction to MySQL"
Gabriel Canepa's "Learn MySQL / MariaDB for Beginners - Part 1"
Gabriel Canepa's "How to Install, Secure and Performance Tuning of MariaDB Database Server"
Carla Schroder's "What Is NoSQL?"
Muhammad Arul's "How to Install and Configure MongoDB on Ubuntu 18.04 LTS"

Remote Access (Remote Desktop) to Linux machine:

Recommended: X2Go (uses SSH, so secure from the start)
TeamViewer (installs a version of Wine, daemon runs as root, not a lot of features).
VNC ? (have to add a VPN to get security)
noVNC ?
Remmina ?

System Hardware Monitoring and Control:
Use Mint's "Disks" app, or install "GSmartControl" app through Software Manager, to test hard disk and see SMART info.
Thomas-Krenn's "SMART tests with smartctl"

Software Resource Monitoring:

Network Monitoring:
This section is for tools used by a person. For tools that generally run unattended, see the Network Control And Security section.

Some terms:

Hayden James' "Linux Networking commands and scripts"
Martin Bruchanov's "Linux Network Administration"

Monitor the traffic in/out of your LAN. Best ways probably are custom software in your router, and a Pi-hole doing DNS filtering. From Security in Five Podcast - Episode 746, investigation of traffic volume exceeding data cap found that iCloud was uploading/downloading the entire collection any time one thing was added, and after that was fixed almost 50% of all traffic was due to blockable scripts (ads, trackers).

Security Testing and Penetration Testing:

Ankush Das's "Top 31 Best Linux Games You Can Play for FREE"
Nick Congleton's "The 10 Best Free Linux Games"
Steve Emms' "42 of the Best Free Linux Games"
Robert Zak's "16 of the Best Free Games For Linux"

Hedgewars: available in Mint's Software manager, and it's a recent version.

Dota 2:
Install Steam first, from Mint's Software Manager.
VPN not allowed while installing.
Dota 2 installs 24 GB under ~/.steam
Try to run game, get "Unable to start game - Failed to create an OpenGL context - Your graphics card must support at least OpenGL v3.1".
I'm using Mint 19.3, kernel 5.3.0-46-generic, Intel integrated i915, X.Org 1.19.6, "OpenGL: renderer: Mesa DRI Intel Ironlake Mobile v: 2.1 Mesa 19.2.8".
Set Dota 2 launch options in Steam to include "LIBGL_ALWAYS_SOFTWARE=1": Launch Steam, right-click on Dota 2, click on Properties, click on Set Launch Options, set field to "LIBGL_ALWAYS_SOFTWARE=1 %command%".
ArchWiki's "Steam"
While running, Steam and Dota 2 together will take more than 1.5 GB of RAM.
Performance is atrocious, unplayable on my slow laptop with no special GPU.

Finding apps:
Look in Mint's Software Manager.
ArchWiki's "List of applications"
One Thing Well blog
103cuong / awesome-linux-apps

Some applications are written to work only in a specific GUI framework, such as KDE or Gnome. Others are written to work inside a cross-platform framework, such as Electron or Node.js or Ruby Rails, that then has versions which run inside various lower frameworks, such as KDE or Gnome.

There are some application-deployment frameworks, such as Docker and Ansible.

Note: CLI tools "apt" and "apt-get / apt-clone / apt-config" give identical functionality but differ in emphasis:
"apt" is intended for interactive use, and may change slightly over time.
The others are intended for scripting / back-end use, and try to stay constant over time.
Someone said the two groups use separate caches.

Easy Linux tips project's "Firefox: optimize its settings"
Easy Linux tips project's "Google Chrome and Chromium: improve their settings"

Alistair Ross's "Review: Download Managers for Linux"

App Outlet (finding and downloading newest versions of packages)

Lilite: A Linux Autoinstaller

ArchLinux's "Font configuration"
"apt-cache search ^fonts-" and "apt search ^fonts-"
Install fontconfig-infinality.
cryzed /

Linux4one's "How to Install Google Earth on Linux Mint 19"
But it's available through Mint's Software Manager too.
If all searches go to equator, edit /opt/google/earth/free/googleearth (or /opt/google/earth/pro/googleearth ?) to add a line "export LC_NUMERIC=en_US.UTF-8" before line that starts with "LD_LIBRARY_PATH".

cboxdoerfer / fsearch (fast file search utility)
Joey Sneddon's "Linux File Search Tool 'Catfish' Just Got Even Faster"

Check hash of a file you downloaded:
Alexandru Andrei's "How to Verify Authenticity of Linux Software with Digital Signatures"
drewblay / Compare-File-To-Hash

My "Develop a Desktop Application" page

Things To Do

Work your way through some basic tutorials:
Linux Journey
Linux Survival
Ubuntu's "Using The Terminal"
Linux command line for you and me
Ryans Tutorials' "Linux Tutorial"
Julia's Drawings

Chris Hoffman's "The Linux Directory Structure, Explained"
[At CLI do "man hier" (canonical hierarchy) or "man file-hierarchy" (hierarchy in systemd systems).]
Debian's "Device Names in Linux"

Far more in-depth:
Sven Vermeulen's "Linux Sea"
David A Rusling's "The Linux Kernel" (circa 1999)
The Linux Kernel documentation

Tightening Security:
Really, it seems that 95% of the vulnerabilities are eliminated if you just don't run a web server on your machine. Also don't run SSH or FTP or other login-type services, and keep software updated, and you're above 99%.

From older version of Easy Linux tips project's "Security in Linux Mint: an explanation and some tips":
"Don't install Windows emulators such as Wine, PlayOnLinux and CrossOver, or the Mono infrastructure, in your Linux, because they make your Linux partially vulnerable to Windows malware. Mono is present by default in Linux Mint; run 'sudo apt-get remove mono-runtime-common' to get rid of Mono."
[First run 'sudo apt-get --simulate remove mono-runtime-common' to see what else you'd lose.]

Ask Ubuntu's "What are PPAs and how do I use them?"
But: "One thing to keep in mind about using PPAs (Personal Package Archives) is that when you add a PPA to your Software Sources, you're giving Administrative access (root) to everyone that can upload to that PPA. Packages in PPAs have access to your entire system as they get installed (just like a regular package from the main Ubuntu Archive), so always decide if you trust a PPA before you add it to your system."

A good idea to get CLI mail working, and check it regularly, since various services and packages will send failure or security notices to root's email. See "Getting Linux local CLI mail working" section.

Easy Linux tips project's "Security in Linux Mint: an explanation and some tips"
The Empire's "An Ubuntu Hardening Guide"
lfit's "Linux workstation security checklist"
blakkheim's "Linux Security Hardening and Other Tweaks"
Maybe likely to break things:
SK's "How To Password Protect GRUB Bootloader In Linux"
[But that doesn't protect against booting from USB drive.]

See Anti-Virus and Malware Scanners section.

See Application Control and Security section.

Tightening Privacy:

On Mint, run Update Manager application. Application and kernel updates will appear automatically. If you want to change kernel "lines" (e.g. change from 4.15.x to 5.0.y), use View / Linux Kernels menu item.

On Ubuntu, to manually update kernel, use Ukuu (Ubuntu kernel update utility) or bkw777 / mainline. But the normal update app automatically will update kernel and remove old kernels. To see kernels, do "sudo dpkg --list 'linux-image*'".

On Ubuntu, to see when snaps were last updated, do "ls -l /snap".

For Ubuntu, I asked about installing a LTS release and then later updating to a non-LTS release, and got this from people on reddit:
[From LTS to non-LTS,] You don't need to do a fresh install. Ubuntu will update with its software update tool. If your first install was an Ubuntu LTS, you will need to configure Ubuntu to allow non-LTS upgrades though. If you open "software sources" and go to the "Updates tab" configure "Notify me of a new Ubuntu version" from "Long term support" to "any new version". When the time comes you'll be prompted to update.

Word of advice: Avoid using third party software repositories (like PPAs) as they can cause situations where Ubuntu can't do an OS update. This is the number 1 cause for Ubuntu failing to upgrade. I personally don't have any as most of the stuff I use is available through Ubuntu's software library.


In major updates, the updater tool will disable your PPAs so that there are no conflicts.

Reporting Bugs:
On Mint, run System Reports application to see any crash reports.

Run "apt show PKGNAME" to get info about a package, including URLs for bug-reporting and source code.

For some apps, it's hard to even figure out what you're running. For example, in Ubuntu 20.04, the default app that plays mp4 video files has no app-name or About menu item anywhere in the UI of the app. From the file-association in file explorer, I found out it's called "Videos". But that name doesn't appear anywhere on disk or in packages or in running processes, that I can find. From the application store, I was able to find out its home web site: From there, I was able to find that another name for it is "Totem". Then "apt show totem" gives useful info.

For a given problem, check the version number of the software you are running, and what the latest released version number is. Is it possible for you to upgrade and re-test ?

Rocket2DMn's "Improving Ubuntu: A Beginners Guide to Filing Bug Reports"
Brendan Hesse's "How to Submit a Bug Report to Apple, Google, Facebook, Twitter, Microsoft, and More"

My impression of what usually happens:

Run "sudo more /etc/shadow". Any account with password field (2nd field) set to a single character such as "*" or "!" or "x" is blocked from login: no possible password can be typed to log into that account.

My understanding of accounts:

Ubuntu's "RootSudo"

Some command-line ways to list all users: "getent passwd", "compgen -u", "cat /etc/passwd".

List users with no password set: "sudo awk -F: '($2 == "") {print}' /etc/shadow"

List users with UID set to 0 (superuser): "sudo awk -F: '($3 == "0") {print}' /etc/passwd"

List info about a user: "id user1"

Set limits on users or groups: /etc/security/limits.conf

Login security can be defeated if attacker has physical access:
Alarming article about (a hole in) account security:
Abhishek Prakash's "How to Reset Ubuntu Password in 2 Minutes" (boot into Recovery mode)
Maybe there is some way to password-protect GRUB, or maybe this doesn't work if /home is encrypted ?
SK's "How To Password Protect GRUB Bootloader In Linux"

Another way to change passwords if you have physical access: boot the machine from a Live system on USB or CD, do "sudo -i", do chroot to the main system disk, do "passwd $username".

Ask Ubuntu's "How do I reset a lost administrative password?" (boot into Recovery mode)
SK's "How To Reset Root User Password In Linux"

Not sure, but I think these methods work even if user's home is encrypted. Access to the disk encryption passphrase is controlled by the user permissions, so once you login as the user (with any or empty password), software can decrypt the user's home.

PAM (Pluggable Authentication Modules):
Files in /etc/pam.d directory.

To enable TOTP on desktop logins:
If you're going to enable this, I would save a copy of "/etc/pam.d/lightdm", then create another user account, login to that account, and enable TOTP on that account, to make sure everything works.

Chris Hoffman's "How to Log In To Your Linux Desktop With Google Authenticator"
Daniel Pellarini's "How To Configure Multi-Factor Authentication on Ubuntu 18.04"
nixCraft's "Secure Your Linux Desktop and SSH Login Using Two Factor Google Authenticator"

"sudo apt-get install libpam-google-authenticator".
"man google-authenticator".

Types of keys and certificates:

From "man ssh":
"The idea is that each user creates a public/private key pair for authentication purposes. The server knows the public key, and only the user knows the private key. ssh implements public key authentication protocol automatically ..." and "A variation on public key authentication is available in the form of certificate authentication: instead of a set of public/private keys, signed certificates are used. This has the advantage that a single trusted certification authority can be used in place of many public/private keys."
Also relevant "man ssh-keygen".

Steve Cope's "SSL and SSL Certificates Explained For Beginners"

Keyring / GnomeKeyring / ksecretservice:
setevoy's "What is: Linux keyring, gnome-keyring, Secret Service, and D-Bus" (also here)
GNOME Keyring
Keyrings(7) man page
Arch Wiki's "GNOME/Keyring"
Nurdletech's "Gnome Keyring"

There is a Linux kernel keyring (see "man 7 keyrings"), and a GNOME Keyring (GNOME Keyring).

Is integrated with ssh, sftp, scp, PAM, Chrome, chromium. Can be integrated with Git, GnuPG, Firefox.
swick / mozilla-gnome-keyring (extension for Firefox and Thunderbird)
From Gnome Keyring - Security FAQ:
"Gnome Keyring is integrated with PAM, so that the 'login' keyring can be unlocked when the user logs in.".
LZone's "Using Linux keyring secrets from your scripts"

On CLI, do "cat /proc/keys" to see some of the keys in the Linux kernel keyring.
On CLI, do "man keyctl".

GNOME keyring stored under ~/.local/share/keyrings

Mint's "Passwords and Keys" application (AKA "Seahorse"):
Accesses GNOME Keyring.
AKA Seahorse

Under Passwords - Logins, it seems to have a bunch of placeholder entries for web sites, and a couple of things for apps (Chrome, Skype). There's nothing (for me) under Certificates (I do have certs installed in FF, Chrome, Thunderbird, but they don't show up here), and under Secure Shell (OpenSSH = ~/.ssh). But there are several keys under PGP Keys (maybe stored under ~/.gnupg directory ?). Hover mouse over each item to see tooltips.

SSH logins:
Ubuntu's "SSH / OpenSSH / Installing Configuring Testing"
Chris Hoffman's "How to Secure SSH with Google Authenticator’s Two-Factor Authentication"
Linuxaria's "Add security to your ssh daemon with PAM module"
nixCraft's "Top 20 OpenSSH Server Best Security Practices"

From Ravi Saive's ""How to Setup Two-Factor Authentication (Google Authenticator) for SSH Logins:
"Important: The two-factor authentication works with password based SSH login. If you are using any private/public key SSH session, it will ignore two-factor authentication and log you in directly."

SK's "How To Configure SSH Key-based Authentication In Linux"
Alistair Ross's "How To Set Up SSH Keys"
Carla Schroder's "5 SSH Hardening Tips"

Testing your SSH from outside:
InfoByIp's "SSH server connectivity test"
Rebex SSH Check
But really you need to try to connect from an outside machine and see what happens.

Jesus Vigo's "How to join a Linux computer to an Active Directory domain"

Trusted certificate stores:
Security certificates can be stored in a number of places ?
From someone on Stack Exchange:
Most distros put their certificates soft-link in system-wide location at /etc/ssl/certs.
  • Key files go into /etc/ssl/private
  • System-provided actual files are located at /usr/share/ca-certificates
  • Custom certificates go into /usr/local/share/ca-certificates
Whenever you put a certificate in one of the above mentioned paths, run update-ca-certificates to update /etc/ssl/certs lists.

From someone on reddit 11/2019:
Applications that utilize the system cert store: Chrome on macOS/windows. Safari on macOS. Edge on windows. Linux support depends on the distribution. RHEL is probably better than others.

Firefox uses it's own key store ...

Java applications will vary in support. It really depends on the implementer.

[Certs can be stored in a hardware device:] A Yubikey with certs provisioned acts as a pkcs#11 device which is an industry standard interface to cryptographic devices. It has good support for all applications that utilize the system cert store. There are plugins to utilize pkcs11 devices for Firefox.

Amit N. Bhagat's "Digital Certificates Explained"
Federal Public Key Infrastructure Guides' "Trust Stores"

Places passwords are stored:
GNOME networking passwords are stored in plaintext in files in /etc/NetworkManager/system-connections

MEGA password discussion
MEGAchat: Technical Security Primer

libsecret-based clients via the secret storage DBus API ?
KeePassXC 2.5.x can be used as a vault service by libsecret: KeePassXC as "secret service"

KeePassXC password manager can supply SSH keys to an SSH agent: KeePassXC and SSH.

Run "ssh-add -l" or "ssh-add -L" to see all keys available through ssh-agent.
Run "ssh-add -s filename.pkcs11" to add a digital certificate to ssh-agent.

"nmap --script ssl-cert localhost" gives me one cert used by port 25 SMTP, called "mint" or "DNS:Mint".

"nmap --script ssl-enum-ciphers localhost" gives me TLS ciphers used by port 25 SMTP, port 631 CUPS.

Security Test / Audit:

David Mytton's "80+ Linux Monitoring Tools for SysAdmins"
Daniel Miessler's "A tcpdump Tutorial and Primer with Examples"
"sudo tcpdump -i lo -A | grep Host:"
netstat: "sudo netstat -atupl"
lsof: "sudo lsof -i" to see established connections.
ss: "sudo ss -lptu".
NixCraft's "ss command: Display Linux TCP / UDP Network/Socket Information"
NixCraft's "Linux: 25 Iptables Netfilter Firewall Examples For New SysAdmins" (see "27. Testing Your Firewall")
nethogs: install from Mint's Software Manager, and then "sudo nethogs"

CERT's "Intruder Detection Checklist"

See the "Port scanning and router testing" section of my "Computer Security and Privacy" page.

SEI's "Steps for Recovering from a UNIX or NT System Compromise" (PDF)

Connecting Linux and Windows:
Separate Linux machine and Windows machine:

Could just format a USB drive as NTFS and move it back and forth.

Create file-share on Linux:
Mohd Sohail's "Share Folders On Local Network Between Ubuntu And Windows"
Jonathan Moeller's "Install & Configure Samba On Linux Mint 19"
Ubuntu Tutorials' "Install and Configure Samba"
Also Nemo-share extension to Nemo.

Create a file-share on Windows:
In Windows, create file-share, add permission in BOTH Sharing and Security. Then in browser on Linux, go to address "smb://IPADDRESS/SHARENAME", login with Windows account username and password.

Install WinSCP on the Windows machine.

Windows OpenSSH server on Windows, and use scp to copy back and forth.

Create simple read-only web-server on Linux:
ip addr | grep 192		# get LAN IP address of Linux machine
python -m SimpleHTTPServer
# go to Windows machine, and in browser go to:

Various ways:
Sandra Henry-Stocker's "How to share files between Linux and Windows"
Sandra Henry-Stocker's "Moving files between Unix and Windows systems"
Kristen Waters' "How to Mount SMB or NFS Shares With Ubuntu"
In Linux Mint, Nemo file explorer has a "File / Connect to Server ..." menu item.

In a single-machine dual-booting situation:

Mount Linux filesystem while running Windows:
Mount the Windows main partition (NTFS filesystem) for read/write access under Linux:

Windows must be fully shut down, not hibernated, to allow Linux to have read/write access to the Windows partition. If all you want is read-only access in Linux, ignore the rest of this section.

In Windows 10, normally if you select "Start / Shutdown", it hibernates, doesn't fully shut down.

Ways to make Windows fully shut down:
  • Turn off "Fast Startup", and now "Start / Shutdown" will do a full shutdown.
  • Hold down Shift key while selecting "Start / Shutdown", and it will do a full shutdown.
I think it's best to leave "Fast Startup" turned off. But Windows will start up slower.

Chris Hoffman's "How to Mount Your Windows 10 (or 8) System Drive on Linux"
Unix & Linux Stack Exchange's "How to mount the 'D:\' disk of Windows in linux mint?"'s "gnome-disk-utility"

But: Ubuntu 18 / Mint Tara automatically recognizes Windows OS partition in a dual-boot system and mounts it; no package installation or other steps needed. It was read-only in my live session, maybe because I didn't shut down Windows fully.

Connecting Two Linux Machines:
Alexandru Andrei's "How to Use Netcat to Quickly Transfer Files Between Linux Computers"
Jonathan Moeller's "Install & Configure Samba On Linux Mint 19"

Special hardware:

After using Linux for a while:

Magic key-sequences:

Eric Simard's "Frozen Linux System? Here are 3 Ways to Deal With It"
superuser's "Does Linux have a Ctrl+Alt+Del equivalent?"
kember's "REISUB - the gentle Linux restart"
Wikipedia's "Magic SysRq key"
Fedora Wiki's "QA/Sysrq"

Problems and troubleshooting:

Easy Linux tips project's "Solutions for 27 bugs in Linux Mint 19.1"
Easy Linux tips project's "System hacks for advanced Linux Mint users"

Easy Linux tips project's "Complete starters' guide for Linux Mint"
Linux Mint's "The Linux Mint User Guide"'s "Tutorials"
Paul Hill's "Ten things to do after installing Linux Mint 18.3"

Looking at Other Distros:
Jason Evangelho's "How To Test Drive 200+ Linux Distributions Without Ever Downloading Or Installing Them" (; for me didn't work in Firefox, worked in ungoogled-chromium)

From someone on reddit 6/2020:
"OpenSUSE lets you try different DEs just by logging out. There's only one distro OpenSUSE and it comes with KDE, Gnome, Xfce, Enlightenment, Mate, LXDE, LXQT, and more."

If you just want a quick look at "tiling" in a DE, on top of GNOME you could try the gTile or zTile extensions.

Create a bootable USB with N different ISOs on it: Ventoy (Windows and Linux)
SK's "Create Persistent Bootable USB Using Ventoy In Linux"

RenewablePCs' "Which Linux distros are the best?"
Gary Newell's "How To Choose The Best Linux Distro For Your Needs"
It's FOSS's "Explained: Which Ubuntu Version Should I Use?"
Adarsh Verma's "Top 10 Best Linux Distros For 2018 - Ultimate Distro Choosing Guide"
Adarsh Verma's "9 Most Beautiful Linux Distros You Need To Use"
RenewablePCs' "Desktop Environments for Linux"
Distro Chooser

Jason Evangelho's "Linux For Beginners: Understanding The Many Versions Of Ubuntu"
Gary Newell's "Ubuntu vs Xubuntu"
Canonical's "Ubuntu flavours"
Canonical's "Derivatives"
Ubuntu forums
Linux Mint Forums

Sense I'm getting from various places: Upgrading Ubuntu from one major release to another often breaks something; better to do a fresh install. But Mint doesn't have that problem, upgrades are smooth.

I'm planning to take a slow tour of various distros. Used Mint Cinnamon 19.0-19.3 for about 20 months. Now on Ubuntu GNOME 20.04. Maybe then Ubuntu MATE, KDE neon (Ubuntu-based), Ubuntu DDE, Fedora GNOME (Red-Hat-family), CentOS (Red-Hat-family), Manjaro XFCE (Arch-based), MX Linux (xfce), OpenSUSE Tumbleweed (Slackware-based).


Gary Newell's "Complete List of Linux Mint 18 Keyboard Shortcuts for Cinnamon"
OSTechNix's "3 Good Alternatives To Man Pages Every Linux User Should Know"
TLDR pages ("simplify the beloved man pages with practical examples")
ManKier ("a collection of man pages, translated ... to semantic HTML5")
Using "man": in output, use /SEARCHTERM to find a match, n to go to next match, Shift+n to go to previous match.
"man -k KEYWORD": list all man pages that relate to KEYWORD.
"info" (mainly for GNU components).
GNU Project's "All GNU packages"
LeCoupa /
P. Lutus's "How to Use Secure Shell"

To change keyboard behavior/mappings, see man pages for setxkbmap and xkeyboard-config. Or on Mint, go to System Settings app, Hardware / Keyboard / Layouts, select a layout [probably English (US)], click Options, click on Caps Lock behavior.

Tweaking/fixing audio:
Definitely back up the config files before you start messing with stuff, it's easy to go wrong.
Gamunu Balagalla's "Enable High Quality Audio on Linux"
"sudo apt install pulseaudio-equalizer"
Related: PulseAudio, JACK, PipeWire (future)

Tweaking/fixing mouse/trackpad/scrolling/video latency/tearing:
Definitely back up the config files before you start messing with stuff, it's easy to go wrong.
Check what drivers you are using.
Compare behavior in various apps; maybe change a "smooth scrolling" setting in an app.
For KDE, maybe try kwin-lowlatency package.
Maybe try a different DE, distro, or GPU hardware.

"apt install ink" and then "ink -p usb" to see ink levels in a USB-connected printer.

Apparently HP printers have had great support for Linux for a long time, and open-source drivers; strongly recommended.

# in BIOS, check to see that Bluetooth is available and enabled

sudo rfkill list
sudo rfkill unblock bluetooth
sudo rfkill unblock 1	# another form of the command
sudo rfkill unblock all

# in Mint, run Software Manager and install Blueman

# Run Bluetooth Manager app
# It may say Bluetooth is off, turn it on ?  say yes
# Bluetooth icon appears in system tray, looks likes x-triangles
# click on Bluetooth icon

# I think Bluetooth Manager app did this when I ran it for first time
sudo service bluetooth start

sudo service bluetooth status
systemctl status bluetooth
bluetooth on
blueberry	# runs the GUI app called Bluetooth
blueman		# runs the GUI app call Bluetooth Manager
bt-adapter --list   # part of

# In Bluetooth Manager app (through system tray icon):
# when using Turn Bluetooth Off/On menu item, have to
# click it twice, first time doesn't work

# I don't see any Bluetooth devices or adapters in Bluetooth Manager
# can't get it to work

# rebooted the system
# got messages that bluez daemon failed to start
# rfkill settings got changed back to "software blocked", but unblocking didn't fix it
systemctl enable bluetooth		# didn't fix it
systemctl start bluetooth		# didn't fix it
# getting "ConditionPathIsDirectory=/sys/class/bluetooth was not met"
/etc/init.d/bluetooth start
dmesg | grep -i blue
# finally this seems to work:
sudo bluetoothd
# get it to happen at boot by doing: gksudo gedit /etc/rc.local   ?

# some say do this ?
sudo apt-get remove blueberry

# another tool:
bluetoothctl	# then type help to see commands

inxi -N
# my device is Broadcom BCM4313 with id 14e4:4727
ls /lib/firmware/brcm

sudo apt-get install b43-fwcutter
sudo apt-get install firmware-b43-installer

# I'm not sure if turning off Wi-Fi also turns off Bluetooth,
# so I turned on Wi-Fi even though I'm using wired Ethernet.

# this seems very dangerous:
sudo apt-get remove --purge bcmwl-kernel-source
sudo apt-get install linux-firmware-nonfree
sudo modprobe b43

# Also try Driver Manager app
# It showed that I was using bcmwl-kernel-source driver,
# but gave me no alternative except "don't use the device".

# Apparently kernels before 4.15.0-35 or so used to require a patch,
# and it may still be installed in the system ?
# This could affect Wi-Fi, so have an ethernet connection available.
# I did it and the system survived, but still no Bluetooth device.
sudo apt-get purge bcmwl-kernel-source broadcom-sta-common broadcom-sta-dkms
# to recover in case of disaster:
sudo apt install broadcom-sta-dkms
# Now Driver Manager app says I'm on "don't use the device".
# But Wi-Fi still works.

# did this ( to register my hardware in a database:
sudo apt install ./hw-probe_1.4-2_all.deb
sudo apt-get install edid-decode
sudo hw-probe -all -upload
# got


# remove kernel module with:
sudo modprobe -r btusb
# then load it again with:
sudo modprobe btusb
# and after that bluetooth is active ?  Didn't work for me.

# my Android phone in Settings/Bluetooth does show devices at various times,
# probably mostly from neighbors (use
# 94:53:30:A2:D3:30 (something from Hon Hai Precision Ind. Co, Ltd in China)
# KD-55XD8005 (Sony Bravia KD55XD80005 TV)
# ELEGIANT S1 (my headphones; E3:28:E9:25:8D:A3)
# 00:12:1C:51:6A:2C (something from 174 Quai de Jemmapes company in France)
# Redmi (someone's headphones)
# 70:3A:51:8B:4C:0B (something from Xiaomi Communications Co Ltd in China)
# my phone (X9 Mini, bluetooth address cc:73:14)
Some of these are old, conflict with each other, may be dangerous:
Ayo Isaiah's "How to Set Up Bluetooth in Linux"
HowtoForge's "How to send sound through Bluetooth on Linux"
Bruce Byfield's "Adding a Bluetooth Speaker to Linux"
Arnab Satapathi's "Linux bluetooth setup with bluez and hcitool"
winterheart / broadcom-bt-firmware
ArchWiki's "Blueman and PulseAudio"

From someone on reddit:
"TLP and/or powertop --auto-tune may put the Bluetooth module into power-saving mode; stop that".

From someone on reddit:
If your built-in Bluetooth doesn't work, disable it and buy a usb receiver () for $20 or so.

In Mint, to see what distro/kernel versions you are using:
cat /etc/lsb-release
cat /etc/upstream-release/lsb-release
cat /etc/debian_version
cat /proc/version

To see if you are using any 32-bit software:
lsof | grep i386-linux-gnu && echo "Found 32-bit library in use" || echo "No 32-bit library in use"
dpkg -l | grep "^ii" | grep ":i386" && echo "Found 32-bit packages installed" || echo "No 32-bit packages installed"
Jesse Smith's "Checking for 32-bit applications on the operating system"

To see if your CPU has any vulnerabilities and if mitigations have been implemented:
tail -n +1 /sys/devices/system/cpu/vulnerabilities/*
Michael Larabel's "The Desktop CPU Security Mitigation Impact On Ubuntu 20.04" (10% perf loss on somewhat-older CPUs)

To see if you are using any non-free software:
sudo apt install vrms
# note: installation creates a monthly cron job !

Using your Linux box to do penetration-testing of other devices:
See my Penetration Testing and Bug-Bounty Hunting page

Compiling stuff from source:
Chris Hoffman's "How To Compile and Install from Source on Ubuntu"

SK's "An Easy Way To Remove Programs Installed From Source In Linux"
Ubuntu's "CheckInstall"

I don't know how to register a compiled app under apt. But once you've done so, you can create a .deb file from it by using "dpkg-repack". Or:
Debian Packager

Search my site