root@localhost:~# ./linsecure.sh --help

// Harden your
Linux machine.

A single bash script that applies kernel-level hardening, kills hardware tracking, routes traffic through Tor, and installs a full open-source privacy stack — no GUI required.

get started view features
22
commands
0
GUI required
1
script file
deb
compatible
bash — linsecure.sh — 80×24
root@host:~# sudo ./linsecure.sh
==============================================
      LINSECURE PRIVACY TOOLKIT
==============================================
 1) System hardening & security tools
 2) Paranoid firewall mode
 4) Disable camera
 6) Disable microphone
17) Enable Tor routing (safe mode)
99) Restore all changes
==============================================
Choose an option: 1
[*] Updating system packages...
[*] Installing ufw fail2ban apparmor clamav rkhunter...
[*] Applying kernel sysctl hardening...
[✓] System hardening applied and security tools installed.
Press Enter to continue...
root@host:~#
// capabilities

System Hardening

Kernel sysctl tweaks, UFW firewall, fail2ban, AppArmor, ClamAV, and rkhunter — all configured in one pass.

CORE

Paranoid Firewall

Full deny-all mode. Outgoing locked to HTTPS/HTTP only. One command to activate, one to restore defaults.

FIREWALL

Hardware Kill Switches

Blacklist camera, mic, audio, Bluetooth, and Wi-Fi at the kernel module level — persistent across reboots.

HARDWARE

Tor Routing

Transparent proxy mode routes DNS and TCP through the Tor network. Tor Browser installed via Flatpak.

ANONYMITY

Privacy Stack

Brave, Tor Browser, OnionShare, MAT2 metadata stripper, and DNSCrypt proxy — deployed in a single run.

SOFTWARE

Full Restore Mode

Option 99 reverses every change — sysctl configs, module blacklists, firewall rules — back to clean defaults.

RECOVERY

IPv6 Control

Disable IPv6 system-wide via sysctl to close a common leak vector on networks that force IPv6 assignment.

NETWORK

Location Services

Stop and disable the GeoClue daemon to cut off location telemetry from apps and system services.

PRIVACY

Temp & RAM Cleaning

Wipe /tmp, /var/tmp, and drop filesystem caches — no residual artifacts left in memory or on disk.

HYGIENE
REQUIRES ROOT. Run with sudo. This script modifies kernel parameters, firewall rules, and system services. Review the source before running. Tor routing provides obfuscation — it does not guarantee complete anonymity. Use responsibly and within applicable laws.
quick install
$ git clone https://github.com/GrangeDevGroup/linsecure.git
$ cd linsecure && chmod +x linsecure.sh
$ sudo ./linsecure.sh
Tested on Ubuntu 22.04+ and Debian-based distros. Requires apt package manager.