From f8fea8190ae65db3c9cda0563bd78afadc093761 Mon Sep 17 00:00:00 2001
From: Thien Tran <contact@tommytran.io>
Date: Tue, 8 Aug 2023 21:26:01 -0700
Subject: [PATCH] Clarify the location of Chrony's EnvironmentFile

Signed-off-by: Thien Tran <contact@tommytran.io>
---
 content/posts/linux/Desktop Linux Hardening.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/content/posts/linux/Desktop Linux Hardening.md b/content/posts/linux/Desktop Linux Hardening.md
index 75d097b..5d208ce 100644
--- a/content/posts/linux/Desktop Linux Hardening.md	
+++ b/content/posts/linux/Desktop Linux Hardening.md	
@@ -388,13 +388,15 @@ If decide on using NTS with chronyd, consider using multiple, independent time p
 
 GrapheneOS uses a [quite nice chrony configuration](https://github.com/GrapheneOS/infrastructure/blob/main/chrony.conf) for their infrastructure. I recommend that you replicate their `chrony.conf` on your system.
 
-You should also enable the secommp filter for chronyd in `/etc/sysconfig/chronyd`:
+Next, enable the secommp filter for chronyd. On Fedora and Arch Linux, you will need to edit Chrony's environment file in `/etc/sysconfig/chronyd`:
 
 ```
 # Command-line options for chronyd
 OPTIONS="-F 1"
 ```
 
+On Ubuntu and Debian, the environment file is `/etc/default/chrony`, and the seccomp filter should already be enabled by default.
+
 ![Verifying NTS configuration](/images/nts.png)
 
 ### Pluggable Authentication Modules (PAM)