Mullvad-browser
Mullvad-vpn
Protonmail
Proton-vpn
Google chrome
Virtualbox
Sublimetext
this is the collection of programs what i find essential on my own desktop to be avalible to do what i need to do.
Mullvad browser https://mullvad.net/en/help/install-mullvad-browser#linux-install
Virtualbox https://www.virtualbox.org/wiki/Linux_Downloads
Wireshark
sudo dnf install wireshark-qt
sudo usermod -a -G wireshark username
VScode https://code.visualstudio.com/docs/setup/linux
Sublime text https://www.sublimetext.com/docs/linux_repositories.html#dnf
System changes
sed -i 's/http:/https:/g' /etc/yum.repos.d/*.repo
systemctl stop sshd
systemctl disable sshd
systemctl mask sshd
dnf install -y firewalld
systemctl enable --now firewalld
firewall-cmd --set-default-zone=drop
## IF NEEDED ## firewall-cmd --permanent --add-service=https
firewall-cmd --reload
Strengthen Sysctl Settings: Increase security by adjusting kernel settings in /etc/sysctl.d/99-hardened.conf:
kernel.yama.ptrace_scope = 2: Restricts ptrace (memory hacking/debugging).
net.core.bpf_jit_harden = 2: Hardens BPF JIT compiler.
kernel.kptr_restrict = 2: Restricts access to kernel symbol addresses.
Restrict User Access to Sudo: Add Defaults use_pty to /etc/sudoers (or a file in /etc/sudoers.d/) to force sudo commands to run in a proper pseudo-terminal.
Hide Process Info (hidepid): Restrict /proc access so users cannot see processes run by others, including root.
Disable Telemetry: Disable Fedora's "countme" feature in /etc/dnf/dnf.conf by adding countme=false.