From 901bb89f66b23321133520926801e5cd955a1105 Mon Sep 17 00:00:00 2001 From: Tommy Date: Fri, 30 Jun 2023 03:32:49 -0700 Subject: [PATCH] Mention that /etc/apt/sources.list.d/* should be 644 (#138) * Update Desktop Linux Hardening.md Signed-off-by: Tommy --- content/posts/linux/Desktop Linux Hardening.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/posts/linux/Desktop Linux Hardening.md b/content/posts/linux/Desktop Linux Hardening.md index 91546d5..a044dfc 100644 --- a/content/posts/linux/Desktop Linux Hardening.md +++ b/content/posts/linux/Desktop Linux Hardening.md @@ -180,6 +180,8 @@ Another option is [Kata Containers](https://katacontainers.io/) which masquerade On distributions besides openSUSE, consider changing the default [umask](https://wiki.archlinux.org/title/Umask) for both root and regular users to `077` (symbolically, `u=rwx,g=,o=`). _On openSUSE, a umask of 077 can break snapper and is thus not recommended._ +On Ubuntu, the "Software & Update" application will not work properly if the repository lists in `/etc/apt/sources.list.d` have the 600 permission. You should make sure that they have the 644 permission instead. + The configuration for this varies per distribution, but typically it can be set in `/etc/profile`, `/etc/bashrc`, or `/etc/login.defs`. Note that, unlike on macOS, this will only change the umask for the shell. Files created by running applications will not have their permissions set to 600.