Home Security How To Improve The Linux Systems Security Using Firejail

How To Improve The Linux Systems Security Using Firejail

By editor
Published: Updated: 2.4K views

In this brief tutorial, we will discuss what is Firejail, how to install firejail in Linux and how to improve the Linux systems security using Firejail.

Introduction

Linux kernel is secure by default. But, it doesn't mean that the software on the Linux system are completely secure.

Say for example, there is a possibility that any add-ons on your web browser may cause some serious security issues. While doing financial transactions over internet, some key logger may be active in browser which you are not aware of.

Even though, we can't completely give the bullet-proof security to our Linux box, we still can add an extra pinch of security using an application called Firejail.

Firejail is a security utility which can sandbox any such application and let it to run in a controlled environment. To put this simply, Firejail is a SUID (Set owner User ID up on execution) program that reduces the risk of security breaches by restricting the running environment of untrusted applications.

Features

Concerning about Firejail features, we can list the following:

  • Easy to install
  • User can set file or directory attributes.
  • Customized security.
  • Support network.
  • Separate sandbox containers for applications.
  • Easy to monitor.
  • GUI provided to manage application.

1. Install Firejail in Linux

This security application is easy to install, and it can be installed using apt-get package manager. We will be using Ubuntu 16.04 OS for demonstration purpose.

All commands given below are executed as root user.

Update Ubuntu Linux:

# apt-get update

Install Firejail application with command:

# apt-get install firejail

By default firejail configurations and profiles are stored under /etc/firejail. These can be manged by user as per their need, Have a look at the following output.

# ls /etc/firejail
firejail configurations and profiles location
Firejail configurations and profiles location

2. Improve The Linux Systems Security Using Firejail

2.1. Run applications with firejail

The typical syntax to use firejail is:

# firejail <application>

Say for example, to run Firefox web browser using firejail, we can use the following command:

# firejail firefox

When a user launch application with firejail, profile defined in firejail configurations get loaded and events are logged in syslog.

By default firejail launch application with default profile, your can configure default profile with their own parameters.

2.2. Customize firejail profile for application

To create a custom profile for a application/command create following directory under home environment of user.

# cd ~
# mkdir -p  ~/.config/firejail

Copy generic profile to that newly created directory:

# cp /etc/firejail/generic.profile /home/user/.config/example.profile
# vim /etc/firejail/generic.profile
Firejail profile
Firejail profile

If you wants to load Document folder for a particular user to be loaded as read only. Define parameters as follows:

blacklist /home/user/Documents

If you wants to set some attribute as read only:

read-only /home/user/Download

Accessing some banking stuff over the internet is recommended  to be secured, can be achieved with firejail.

Create a directory for user.

# mkdir /home/user/safe

Firefox will consider 'safe'  as home directory.

# firejail --private=/home/user/safe firefox &

Define default network interface for application to run with.

# firejail --net=enp0s3 firefox&

Sample output:

Define default network interface for application
Define default network interface for application

2.3. Using firejail GUI tool

For the ease of user gui tool of firejail is available which can be downloaded from this link.

Download appropriate package as per your hardware and operating system installed and use it.

Conclusion

The filejail tool is a must have for Security concerned users. Although there are lots of methods available in Linux which can provide same level of security, Firejail is one such a way to improve the security to your Linux environment. We hope you will find this article useful.

Resource:

You May Also Like

1 comment

MJ April 5, 2019 - 6:15 pm

Good tutorial on a simple sandbox app. Finally, something for linux better than an idiotbox “firewall for windows” clone….

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More