1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-12-22 04:41:33 -05:00

Mention that /etc/apt/sources.list.d/* should be 644 (#138)

* Update Desktop Linux Hardening.md

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2023-06-30 03:32:49 -07:00 committed by GitHub
parent 1c4ba00370
commit 901bb89f66
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -180,6 +180,8 @@ Another option is [Kata Containers](https://katacontainers.io/) which masquerade
On distributions besides openSUSE, consider changing the default [umask](https://wiki.archlinux.org/title/Umask) for both root and regular users to `077` (symbolically, `u=rwx,g=,o=`). _On openSUSE, a umask of 077 can break snapper and is thus not recommended._ On distributions besides openSUSE, consider changing the default [umask](https://wiki.archlinux.org/title/Umask) for both root and regular users to `077` (symbolically, `u=rwx,g=,o=`). _On openSUSE, a umask of 077 can break snapper and is thus not recommended._
On Ubuntu, the "Software & Update" application will not work properly if the repository lists in `/etc/apt/sources.list.d` have the 600 permission. You should make sure that they have the 644 permission instead.
The configuration for this varies per distribution, but typically it can be set in `/etc/profile`, `/etc/bashrc`, or `/etc/login.defs`. The configuration for this varies per distribution, but typically it can be set in `/etc/profile`, `/etc/bashrc`, or `/etc/login.defs`.
Note that, unlike on macOS, this will only change the umask for the shell. Files created by running applications will not have their permissions set to 600. Note that, unlike on macOS, this will only change the umask for the shell. Files created by running applications will not have their permissions set to 600.