From cbe365251da14c454733b938a30e327d5276f97c Mon Sep 17 00:00:00 2001 From: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com> Date: Sun, 16 Jun 2024 15:49:53 -0700 Subject: [PATCH] Remove link to archived Kicksecure repository for AppArmor profiles (#254) * Remove link to deprecated Kicksecure AppArmor profile repo Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com> * Add apparmor.d mention as a reference Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com> * Remove mentions of Whonix sandboxed app launcher and AppArmor profiles Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com> --------- Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com> --- .../posts/linux/Choosing Your Desktop Linux Distribution.md | 2 -- content/posts/linux/Desktop Linux Hardening.md | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/content/posts/linux/Choosing Your Desktop Linux Distribution.md b/content/posts/linux/Choosing Your Desktop Linux Distribution.md index 09152ec..f550a6e 100644 --- a/content/posts/linux/Choosing Your Desktop Linux Distribution.md +++ b/content/posts/linux/Choosing Your Desktop Linux Distribution.md @@ -102,6 +102,4 @@ Fedora Workstation and Silverblue's European counterpart. These are rolling rele Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [boot clock randomization](https://www.kicksecure.com/wiki/Boot_Clock_Randomization), [encrypted swap](https://github.com/Whonix/swap-file-creator), hardened boot parameters, and hardened kernel settings. One downside of Whonix is that it still inherits outdated packages with lots of downstream patching from Debian. -Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/Whonix/apparmor-profile-everything) and a [sandbox app launcher](https://www.whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system. - Although Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers), Qubes-Whonix has [various disadvantages](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581) when compared to other hypervisors. diff --git a/content/posts/linux/Desktop Linux Hardening.md b/content/posts/linux/Desktop Linux Hardening.md index bee72fa..be4e37f 100644 --- a/content/posts/linux/Desktop Linux Hardening.md +++ b/content/posts/linux/Desktop Linux Hardening.md @@ -175,10 +175,10 @@ Note that, unlike Android, traditional desktop Linux distributions typically do ### Making Your Own Policies/Profiles -You can make your own AppArmor profiles, SELinux policies, [bubblewrap](https://github.com/containers/bubblewrap) profiles, and [seccomp](https://docs.kernel.org/userspace-api/seccomp_filter.html) blacklist to have better confinement of applications. This is an advanced and sometimes tedious task, but there are various projects you could use as reference: +You can make your own AppArmor profiles, SELinux policies, [bubblewrap](https://github.com/containers/bubblewrap) profiles, and [seccomp](https://docs.kernel.org/userspace-api/seccomp_filter.html) blacklists to have better confinement of applications. This is an advanced and sometimes tedious task, but there are various projects you could use as reference: -- [Kicksecure's apparmor-profile-everything](https://github.com/Kicksecure/apparmor-profile-everything) - [Krathalan’s AppArmor profiles](https://github.com/krathalan/apparmor-profiles) +- [roddhjav's AppArmor profiles](https://github.com/roddhjav/apparmor.d) - [noatsecure’s SELinux templates](https://github.com/noatsecure/hardhat-selinux-templates) - [Seirdy’s bubblewrap scripts](https://sr.ht/~seirdy/bwrap-scripts)