Recommend package manager hardening

anonymous595 · May 22, 2026, 1:27pm

For example I use for apt this simple hardening:

sudo apt install apt-transport-https
sudo sed -i 's|http://|https://|g' /etc/apt/sources.list
sudo sed -i 's|http://|https://|g' /etc/apt/sources.list.d/*.list

This will force APT to use HTTPS.

If you are feeling extra paranoid, block port 80 in firewall.

Why: http is insecure and can be tampered super trivially.

Important: while most repos support https, some may not. You will need to manually rotete them to find out.

CloakedNetizen · May 22, 2026, 1:29pm

Do you have instructions for rpm based distros?

any1 · May 22, 2026, 1:35pm

github.com/secureblue/secureblue

files/scripts/httpsmirrors.sh

e74193b11

#!/usr/bin/env bash

# SPDX-FileCopyrightText: Copyright 2025-2026 The Secureblue Authors
#
# SPDX-License-Identifier: Apache-2.0

set -euo pipefail

for repo in /etc/yum.repos.d/*.repo; do
    sed -i 's/metalink?/metalink?protocol=https\&/g' "$repo"
done

fria · May 22, 2026, 2:25pm

I think most distros sign their packages and enforce verification checks so https isn’t so important, but it could be good for some added privacy.

Topic		Replies	Views
Apt or dkpg alternative? Questions	10	184	April 15, 2025
Linux Hardening and Sandboxing Tips and Tools General software	2	907	June 30, 2025
Kicksecure vs Secureblue? Questions	10	1800	December 28, 2024
Secureblue - Atomic Fedora Hardening Tool Suggestions completed	179	28521	April 12, 2025
Is it possible to harden linux without using the terminal Off Topic	22	1199	July 7, 2024

Recommend package manager hardening

Related topics