Hi I run the lastest verion of linux mint and I have recently started to store some keys (encrypted with password) of various cryptos with small amount of funds on them on my linux system that I also surf with. Eventually those keys will just be stored on paper and offline system but for now I have them on my online system.

What can I do to protect myself from linux malware getting copies of my keys (and possibly bruteforcing the password) or other nasty tricks they can pull of.

I am thinking of getting an usb stick with a live linux enviroment. That way every time I boot from it's a blanc copy.

So as long as I downloaded the iso from a trusted source and check the hashes I should be safe.

I already boot in to tails OS once in a while but they the Electrum wallet build in and I want wallets for more then just bitcoin.

So any tips and tricks in keeping my keys safe? Should I start running additional software on my linux system next to iptables firewall?

I am pretty new to linux too so I don't know how vulnerable my system is from outside interference.  I have my system set to install security updates. But imagine somebody getting acces to a popular linux distory and infecting and pushing out an update. That would be a disaster.

I like to boot .iso files from my usb drive with easy2boot on it, and hopefully there will be a system where easy2boot can calculate the hash of the .iso file so I can always check that hash vs what I have written down on a piece of paper before I load the .iso

The chain of safety in my eyes goes like this.

paper wallet/offline storage > offline linux system > trusted hardware wallet > linux live CD enviroment > online linux system. 

Feel free to correct me. Being your own bank is not easy! This new digital gold is every hackers dream. You can go to jail for 10 years and dream about that one private key that you have in memory and come out of jail a billionare (if the chain still exist and your coin still has value).