PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Clarify the location of Chrony's EnvironmentFile

Browse Source 
Signed-off-by: Thien Tran <contact@tommytran.io>
This commit is contained in:
Thien Tran 2023-08-08 21:26:01 -07:00
parent 90dce6a30b
commit f8fea8190a
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/posts/linux/Desktop Linux Hardening.md
View File

@ -388,13 +388,15 @@ If decide on using NTS with chronyd, consider using multiple, independent time p
GrapheneOS uses a [quite nice chrony configuration](https://github.com/GrapheneOS/infrastructure/blob/main/chrony.conf) for their infrastructure. I recommend that you replicate their `chrony.conf` on your system.
You should also enable the secommp filter for chronyd in `/etc/sysconfig/chronyd`:
Next, enable the secommp filter for chronyd. On Fedora and Arch Linux, you will need to edit Chrony's environment file in `/etc/sysconfig/chronyd`:
```
# Command-line options for chronyd
OPTIONS="-F 1"
```
On Ubuntu and Debian, the environment file is `/etc/default/chrony`, and the seccomp filter should already be enabled by default.
![Verifying NTS configuration](/images/nts.png)
### Pluggable Authentication Modules (PAM)