PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Remove Ubuntu Pro mention

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-06-16 12:40:16 -07:00
parent 9001a58ccf
commit 74fe8215dc
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
1 changed files with 0 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
content/posts/linux/Desktop Linux Hardening.md
View File

@ -194,22 +194,6 @@ Another option is [Kata Containers](https://katacontainers.io/) which masquerade
![opensuse-computer.jpg](/images/opensuse-computer.jpg)
### Ubuntu Pro
If you are using Ubuntu LTS, consider subscribing to [Ubuntu Pro](https://ubuntu.com/pro). Canonical currently allows up to 5 machines with the free subscription.
With Ubuntu Pro, you gain access to the [The Ubuntu Security Guide](https://ubuntu.com/security/certifications/docs/usg), which allows for easy application of the CIS OpenSCAP profile:
```bash
sudo ua enable usg
sudo apt install -y usg
sudo usg fix cis_level2_workstation
```
You will also gain access to the [Canonical Livepatch Service](https://ubuntu.com/security/livepatch), which provides livepatching for [certain kernel variants](https://ubuntu.com/security/livepatch/docs/livepatch/reference/kernels). Note that the [Hardware Enablement (HWE)](https://ubuntu.com/kernel/lifecycle) kernel is not supported.
While livepatching is less than ideal and I still recommend regularly rebooting your computer, it is quite nice to have.
### Umask 077
On distributions besides openSUSE, consider changing the default [umask](https://wiki.archlinux.org/title/Umask) for both root and regular users to `077` (symbolically, `u=rwx,g=,o=`). _On openSUSE, a umask of 077 can break snapper and is thus not recommended._