PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Update Desktop Linux Hardening.md

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2023-06-24 06:55:10 -07:00
parent e5993f32be
commit 908bf19b3f
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/posts/linux/Desktop Linux Hardening.md
View File

@ -180,6 +180,8 @@ Another option is [Kata Containers](https://katacontainers.io/) which masquerade
On distributions besides openSUSE, consider changing the default [umask](https://wiki.archlinux.org/title/Umask) for both root and regular users to `077` (symbolically, `u=rwx,g=,o=`). _On openSUSE, a umask of 077 can break snapper and is thus not recommended._ On distributions besides openSUSE, consider changing the default [umask](https://wiki.archlinux.org/title/Umask) for both root and regular users to `077` (symbolically, `u=rwx,g=,o=`). _On openSUSE, a umask of 077 can break snapper and is thus not recommended._
On Ubuntu, the "Software & Update" application will not work properly if the repository lists in `/etc/apt/sources.list` have 600 permission. You should make sure that they have the 644 permission.
The configuration for this varies per distribution, but typically it can be set in `/etc/profile`, `/etc/bashrc`, or `/etc/login.defs`. The configuration for this varies per distribution, but typically it can be set in `/etc/profile`, `/etc/bashrc`, or `/etc/login.defs`.
Note that, unlike on macOS, this will only change the umask for the shell. Files created by running applications will not have their permissions set to 600. Note that, unlike on macOS, this will only change the umask for the shell. Files created by running applications will not have their permissions set to 600.