I’m running the now dead Fedora 40 on a machine that’s currently used for some sensitive tasks. Baiscally I’m broke AF, so I can’t afford enough storage and a battery^[1] to manually upgrade to Fedora 42, that’s why I can’t upgrade.

I’m also running an old Linux kernel because latest kernels kernel-panic the machine and I don’t want to lose access to the PC if the kernel that works gets replaced with the latest kernel, but I’ll try to take some time to troubleshoot it. And I’m not sure if EOL Fedora will receive kernel updates anyways.

And well, I’m kinda paranoid. I feel like I’m using Windows 7 at this point.

So do you, guys, have any tips to try to secure my EOL machine as much as possible meanwhile?

1. Because I don’t want to lose my unbacked-up data in case of a sudden blackout. ↩︎

Probably best to just risk it and do the upgrade. Even on a slow machine it should only take 30 minutes to process.

Fedora keeps 3 kernels installed so once if you fail to boot the f42 one you should still be able to use your old known good f40 one.
But if that good one is already at the bottom of the list you should either uninstall the middle two or increase the saved amount by setting installonly_limit=5 in /etc/dnf/dnf.conf

If it does fail during the upgrade it will likely break, but no actual data (especially in /home) would be lost. If it fails during the final cleanup/verifying step then it shouldn’t have any impact.
You can also use this helper afterwards to verify all package files are in–tact: Brace/brace/usr/sbin/brace-rpm-verify at 18e41d34229e21921f18dbcd83bad692ee487ed7 · divestedcg/Brace · GitHub

As for not having storage for a backup: I’ve always enjoyed dumpster diving for goodies and even if a laptop or whatever is damaged their disks have always been plentiful for me.
There are also some free cloud options that you could use to backup:

• Oracle Cloud Always Free tier offers 200GB of space and you could just use encrypted restic or borg to it
• if you’re in a college/uni, you may have a large space available as part of Google/Microsoft offerings

Also if you’re at a larger workplace with lots of computers maybe drop by the IT department and ask if they have any drives there were going to toss/recycle

If you really do want to put it off further then see my usual spiel: Security comparison - GNOME and KDE Plasma - #12 by SkewedZeppelin

edit: if you want to get creative you can also give this a try: Make use of Btrfs snapshots to upgrade Fedora Linux with easy fallback - Fedora Magazine

For your sensitive info, is there a way you could encrypt + load to cloud storage? Not sure how much info you have, but I imagine this is feasible.

Does your system have upgradeable storage? I can definitely relate to being broke, but (depending on context/region) storage doesn’t need to be that expensive. For example, here is a used 256gb nvme drive for $16, and here is a used 512gb nvme drive for $25 another cheap-ish possibiity would be paying for short term cloud storage (to backup and restore your userdata after you upgrade). A new 512gb thumbdrive (for backing up your userdata) could be ~$30ish new.

If I were in your shoes and I truly couldn’t upgrade my OS and I couldn’t upgrade my hardware/storage or buy external storage, I’d probably switch to a different distro with a longer support life.

It’s going to be very challenging, because that machine is sometimes used by my family (and right now I can’t afford one for myself and with better specs lol), and it has +400 GB of data (including important archives). And I’m limited to 1.5 MB/s in mid 2025 to upload stuff in the cloud… :'|

And well, I don’t want to lose my data in case something goes wrong.

I don’t want to get personal with my economical situation, but when I bought a ~120 GB SSD (which isn’t enough space) a couple of years ago it cost me 13500 Costa Rican colones (~USD 27). It’s not much, but well, I don’t have a job (basically no income) and my family doesn’t give me enough money, so I had to go for free solutions, like upload some files to Filen, but of course even if I go for the Oracle cloud solution that @SkewedZeppelin mentioned it’ll be a pain in the ass upload hundreds of GBs on my 1.5MB/s Internet connection, and it will not be enough space anyways.

I’ll try to check how much can cost me an SATA to USB cable, because with my slow Internet speeds I should rely more in local physical storage, and I know it’ll be painful to wait days to upload data and then redownload everything back again.

Yeah, I wasn’t quite expecting that when I went with Fedora 40 a couple of years ago. My main PC is rotting away, so I took this machine as a temporary solution. I was expecting to save up enough money to buy a new computer at this point, but what I got so far is 0.

Damn, I really need to get a job and run ads on my website. Those are probably my last options.

TL;DR

So, for those reasons I was thinking on taking other security measurements in the mean time. Maybe installing security software like AppArmor or SELinux and manually analyse this machine for any security threats, but I’m not sure what else can I do to keep this machine a bit more secured.

Selinux is enabled by default on fedora iirc

I’m not sure if it’s working for me, because I don’t receive updates and notifications from SELinux a long time ago for some reason. Maybe I should troubleshoot that.

Even if you don’t get a new computer, you are still at risk of your current hard drive failing.

I would recommend scrounging for some cheap mechanical drive if you can by some means.

selinux is only enforcing for system services: ps -auxZ | grep -v -e kernel_t -e unconfined_t

Just so you can wake up some day, and see your account gone with no reason at all.