PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Merge 5082a4d152 into a7c507a60c

Browse Source
This commit is contained in:
wj25czxj47bu6q 2023-03-07 10:08:03 -05:00 committed by GitHub
commit 5099fe90a1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
content/posts/linux/Desktop-Linux-Hardening.md
View File

@ -171,6 +171,21 @@ Another option is [Kata Containers](https://katacontainers.io/) which masquerade
![opensuse-computer.jpg](/images/opensuse-computer.jpg)
<!--
### Requiring Package Managers to Use TLS (DRAFT)
- [Fedora Package Delivery Security](https://puiterwijk.org/posts/fedora-package-delivery-security/)
- Note that there is a `Repo-expire` field now, which presumably is what the author was saying didn't exist at the time
- [Attacks against GPG signed APT repositories](https://blog.packagecloud.io/attacks-against-gpg-signed-apt-repositories/)
- [Remote Code Execution in apt/apt-get](https://justi.cz/security/2019/01/22/apt-rce.html)
- [Why does DNF and zypper use HTTPS?](https://old.reddit.com/r/linux/comments/ain7uo/why_does_dnf_and_zypper_use_https/)
- https://askubuntu.com/a/146117
How to:
- [Fedora](https://old.reddit.com/r/Fedora/comments/86r5ya/how_do_i_switch_to_https_for_mirrors_for_fedora/dw7ery0/)
- [Kali](https://www.kali.org/blog/kali-linux-repository-https-support/) (same for all Ubuntu derivatives when supported)
-->
### Umask 077
On distributions besides openSUSE, consider changing the default [umask](https://wiki.archlinux.org/title/Umask) for both root and regular users to `077` (symbolically, `u=rwx,g=,o=`). _On openSUSE, a umask of 077 can break snapper and is thus not recommended._