Artix Linux Forum

https://github.com/Michael-Sebero/CoolRune

CoolRune Includes:

A Modified Kernel & Performance Tools 
- CachyOS Kernel (https://wiki.cachyos.org/features/kernel/) 
- Earlyoom (https://github.com/rfjakob/earlyoom) 
- GameMode (https://github.com/FeralInteractive/gamemode) 

Security Software 
- AppArmor (https://en.wikipedia.org/wiki/AppArmor) 
- Chkrootkit (https://en.wikipedia.org/wiki/Chkrootkit) 
- ClamAV (https://github.com/Cisco-Talos/clamav) 
- DNSCrypt (https://github.com/DNSCrypt/dnscrypt-protocol) 
- Fail2Ban (https://github.com/fail2ban/fail2ban) 
- Linux Hardening Script (https://github.com/Michael-Sebero/Linux-Hardening-Script) 
- Lynis (https://github.com/CISOfy/lynis) 
- USBGuard (https://github.com/USBGuard/usbguard) 
- UFW (https://en.wikipedia.org/wiki/Uncomplicated_Firewall)
 
Tools & Utilities 
- Arch Package Dictionary (https://github.com/Michael-Sebero/Arch-Package-Dictionary) 
- Archivist Tools (https://github.com/Michael-Sebero/Archivist-Tools) 
- Audio Frequency Tools (https://github.com/Michael-Sebero/Audio-Frequency-Tools) 
- Document Tools (https://github.com/Michael-Sebero/Document-Tools) 
- Fix Arch Linux (https://github.com/Michael-Sebero/Fix-Arch-Linux) 
- Media Tools (https://github.com/Michael-Sebero/Media-Tools) 

Additional Features 
- A comprehensive manual (https://raw.githubusercontent.com/Michael-Sebero/CoolRune/main/files/coolrune-manual/Manual). 
- MAC address randomization. 
- Configured sysctl and limits for security enhancements, system performance, and network efficiency. 
- Low latency PipeWire (https://github.com/PipeWire/pipewire) audio processing. 
- ALHP (https://wiki.archlinux.org/title/Unofficial_user_repositories#ALHP), Chaotic-AUR (https://github.com/chaotic-aur/packages) and Flatpak (https://flatpak.org/) repositories. 
- Steam Proton GE (https://github.com/GloriousEggroll/proton-ge-custom) prefix.  
- ZFS (https://github.com/openzfs/zfs) compatibility. 
- Optional pre-configured PipeWire audio profiles. 
- Custom Windows-like XFCE theme. 
- Booster (https://github.com/anatol/booster) (mkinitcpio replacement). 
- Battery life optimizations for laptops via TLP (https://github.com/linrunner/TLP). 
- Mimalloc (https://github.com/microsoft/mimallo) (high-performance memory allocator)
- Uses ZRAM and tmpfs to speed up temporary directories by compressing RAM and reducing disk I/O.

Performance & Security Expectations 
- 10-25% FPS boost in gaming. 
- 15-40% faster system responsiveness. 
- 20-50% improved network efficiency. 
- A Lynis system hardening rating of 80.

Another nonsense that ruins the idea of ​​Artix Linux.
For example, in the default Debian installation  a Lynis system hardness rating is 86.


I beg you, God, to protect users from such a super secure system.

> provides no explanation of why he doesn't like my configuration besides "he doesn't like it"

Alright cool, I'm just sharing my configuration I use with others. Base Artix isn't hardened and I've put a lot of work into making a secure but usable system. I've achieved all my goals of making a configuration which is both performant and secure.

Also the base Lynis system hardness rating of Debian isn't 86 it's much lower.

> Another nonsense that ruins the idea of ​​Artix Linux.
> For example, in the default Debian installation  a Lynis system hardness rating is 86.

Lol.

Does it use systemd?
Does the firewall block Xorg server in the default configuration?
Does it block remote connections to/from sddm/gdm/lgihtdm?
Does it block Avahi-daemon?
Is Auditd capable of being enabled before ever connecting to the internet?

Edit:
Do you include most of these recommended structures?
https://www.rootusers.com/23-hardening-tips-to-secure-your-linux-server/

CoolRune is a hardened preset for Artix s6. Whatever Artix does by default this does too. You can see what's hardened by looking at the hardening script + sysctl.conf.

dinit was right there

does it use rEFInd?

I've thought about replacing grub with rEFInd but it's lacking some features I'm looking for. Recently I've been looking into Limine but I haven't had any success with it yet.

The script breaks Xorg on legacy NVIDIA GPUs, also i think it still uses rootful Xorg (LightDM doesn't support rootless Xorg, only TUI display managers, SDDM and GDM support login into a rootless X session).

The fact that blocks access to all TTYs is also pretty bad, making troubleshooting unnecessarily difficult.

This configuration isn't meant for a legacy system. I specified that this is meant for systems which were released post 2015. As for the core dumps they're disabled for security and performance reasons,  also dmesg is still available for troubleshooting.

After running the shell executable I came back to find a grub menu with only memtest as an option. Having another go while watching this time!

it would be good to have the option to delete posts. This probably isn't very interesting.

I'm guessing you're using the NVIDIA variant in a VM? If so I'm not sure what's causing that issue yet. If you picked the open source NVIDIA driver make sure your card is at minimum a GTX 1660 (the open source driver doesn't support older hardware). My main system uses NVIDIA hardware and I did a clean install yesterday without any issues.