PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Remove USG

Browse Source
This commit is contained in:
Tommy 2024-06-25 17:24:33 -07:00 committed by GitHub
parent 74fe8215dc
commit 5e6f8f9f37
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
content/posts/linux/Desktop Linux Hardening.md
View File

@ -194,6 +194,14 @@ Another option is [Kata Containers](https://katacontainers.io/) which masquerade
![opensuse-computer.jpg](/images/opensuse-computer.jpg)
### Ubuntu Pro
If you are using Ubuntu LTS, consider subscribing to [Ubuntu Pro](https://ubuntu.com/pro). Canonical currently allows up to 5 machines with the free subscription.
You will also gain access to the [Canonical Livepatch Service](https://ubuntu.com/security/livepatch), which provides livepatching for [certain kernel variants](https://ubuntu.com/security/livepatch/docs/livepatch/reference/kernels). Note that the [Hardware Enablement (HWE)](https://ubuntu.com/kernel/lifecycle) kernel is not supported.
While livepatching is less than ideal and I still recommend regularly rebooting your computer, it is quite nice to have.
### Umask 077
On distributions besides openSUSE, consider changing the default [umask](https://wiki.archlinux.org/title/Umask) for both root and regular users to `077` (symbolically, `u=rwx,g=,o=`). _On openSUSE, a umask of 077 can break snapper and is thus not recommended._