Ccache is also good to compile and set up as one of the first.

https://www.linuxfoundation.org/about/members They are hiding here.

Everyone should think about threats to their data. Cloud backup and laptops better be encrypted, services with open ports be shielded. Linux viruses do exist, especially for android and routers. But also whatever system has an outdated dokuwiki open in the wild is a welcome addition to a botnet. The value of a botnet is in number of infected systems and you don’t need root access to mine monero or take part in a ddos on a machine. Linux security is sincerely undervalued. Selinux, the grsec kernel patches, chrootjail, tripwire… do exist, but are a hassle to setup and maintain. The new container options are nice (docker or flatpack) having your webbrowser contained is not a bad idea.

Update your router, your desktop is spoiled for updates. I stop my 1 am ramblings here.

Only public facing ports, maybe your openvpn login. But that means you are already firewalled up and your attack surface is tiny, good 👍

I recommend fail2ban to stop the automated attacks that are the background noise of the internet. It will set your firewall to block certain ip’s for a while, especially ports 21/22 are getting hammered with dictionary login attempts. And port 80 and 8080 for example get constantly version checked to see if you are vulnerable with an old apache, old dokuwiki etc, so don’t expose more than you need to and maybe learn about ssh tunnels and close a few.

I once installed ossim in a small network with a server and it showed me it is war out there, scripts flying everywhere.