Resources

The Digital Fortress

Military-Grade Privacy: UFW, Fail2Ban, and Zero Telemetry.

The Strategy

Your operating system is the last line of defense between your private data and the surveillance capitalism of the internet. Windows and macOS have become double agents—they protect you from hackers, but sell you to advertisers. Tebian is loyal only to you.

This guide explains the "Fortress" stack pre-configured in Tebian's "Security Mode."

1. The Firewall (UFW)

Tebian uses Uncomplicated Firewall (UFW), a wrapper for the Linux kernel's Netfilter. In "Hardened Mode," it blocks all incoming connections by default.

  • Default Deny: No one can connect to your machine unless you explicitly allow it.
  • Port Knocking: Advanced users can set up secret sequences to open SSH ports.
  • AppArmor: Mandatory Access Control that confines programs to a limited set of resources.

2. The Bouncer (Fail2Ban)

If you run a server or SSH on your desktop, you are under attack. Bots are constantly guessing your password. Fail2Ban watches your logs. If an IP fails to log in 3 times, it is banned permanently.

  • SSH Guard: Bans brute-force attacks instantly.
  • Web Guard: Protects your self-hosted services (Nextcloud, Matrix).
  • Jail Time: Configurable ban duration (1 hour to forever).

3. Zero Telemetry

This is the most important security feature. Tebian has Zero Telemetry. We don't collect crash reports. We don't collect usage data. We don't know who you are.

  • No Account Required: You don't need an email to use your OS.
  • Local Search: Fuzzel searches your drive, not the web.
  • Private DNS: By default, we use privacy-respecting resolvers (Quad9/Cloudflare) over ISP DNS.

4. Disk Encryption (LUKS)

If your laptop is stolen, your data is gone. Unless it is encrypted. The Tebian installer (Debian Installer) offers Full Disk Encryption (LUKS) with a single checkbox.

  • AES-256: Military-grade encryption standard.
  • Pre-Boot Auth: You must enter a password before the OS even loads.
  • Swap Encryption: Prevents secrets from leaking into swap space.

Why Privacy is a Right

In a world where every click is tracked, having a "silent" operating system is a radical act. Tebian doesn't just protect you from external threats; it protects you from the OS itself. We believe that privacy is not a setting you toggle; it is the default state of a sovereign machine.