9604aed927
Remove Ubuntu USG mention ( #250 )
...
* Remove Ubuntu Pro mention
Signed-off-by: Tommy <contact@tommytran.io>
* Remove USG
---------
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-26 09:52:17 -07:00
eb1098bc37
Change /dev/urandom to /dev/random
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-18 16:07:42 -07:00
friendly-rabbit-35
1ceabea0fc
Update kernel module blacklisting recommendation ( #255 )
...
* Replace Kicksecure kmod blacklist with secureblue's and move disclaimer about Kicksecure morphing
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
2024-06-16 21:40:37 -07:00
friendly-rabbit-35
cbe365251d
Remove link to archived Kicksecure repository for AppArmor profiles ( #254 )
...
* Remove link to deprecated Kicksecure AppArmor profile repo
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Add apparmor.d mention as a reference
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Remove mentions of Whonix sandboxed app launcher and AppArmor profiles
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
---------
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
2024-06-16 15:49:53 -07:00
friendly-rabbit-35
074f5d1813
Remove hardened_malloc mention from Whonix section ( #253 )
...
Remove hardened_malloc mention from Whonix section and expand on Aeon RC
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
2024-06-16 13:53:37 -07:00
7f75180bfc
Update sysctl settings recommendations ( #251 )
...
* Update sysctl settings recommendations
* Update author names
Signed-off-by: Tommy <contact@tommytran.io>
Co-authored-by: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com>
2024-06-16 13:47:54 -07:00
6f6b9b5c16
Update hardened_malloc information ( #249 )
...
* Update hardened_malloc information
Signed-off-by: Tommy <contact@tommytran.io>
Co-authored-by: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com>
2024-06-16 13:38:37 -07:00
friendly-rabbit-35
4783e250ee
Make grammar changes and apply other fixes across various posts ( #248 )
...
* Make grammar changes and other fixes
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* More fixes and touch-ups
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Clean up
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Make minor grammar changes
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* More cleanup
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Slightly reword
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
---------
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
2024-06-11 14:20:47 -07:00
95f945b56f
Remove fsverity mention
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-29 17:58:01 -07:00
7db27f6074
security_opt expects =
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-28 14:45:27 -07:00
e7d1cff73d
Update kargs
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-27 13:39:09 -07:00
friendly-rabbit-35
5049772a67
Remove provider description and reword other category descriptions ( #235 )
...
* Remove VPN provider description
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Reword description slightly
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Reword description slightly
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Reword description slightly
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Make various grammar changes
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Fix grammar
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Fix grammar
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Fix grammar
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
---------
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
2024-05-25 03:13:23 +00:00
friendly-rabbit-35
9ef57f03e8
Fix more dead links on Desktop Linux Hardening page ( #232 )
...
* Fix dead links
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
* Remove outdated line about BT
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
---------
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
2024-05-17 16:56:15 -07:00
friendly-rabbit-35
2a0f8344d7
Fix dead links on Desktop Linux Hardening page ( #228 )
...
* Make various grammar and wording changes for improved clarity
* Fix dead link
---------
Signed-off-by: friendly-rabbit-35 <chariot-barbed-0v@icloud.com>
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-16 16:03:26 -07:00
d2f1ab85ba
Add --nosocket=session-bus and --nosocket=system-bus
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-24 23:30:05 -07:00
xyhhx
4ef5e890de
fix(linux/Docker and OCI Hardening): correction on no_new_privs option ( #223 )
2024-04-19 02:49:30 +00:00
d824a1ccae
Instruction to disable XWayland
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-15 01:26:29 -07:00
0c2cc614d0
Rename MicroOS to Aeon
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-15 00:32:10 -07:00
fe158e7e04
Blacklist dconf dbus
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-13 22:16:41 -07:00
81eb3f8dd0
Block org.gnome.Shell.Extensions
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-13 20:58:58 -07:00
2526628d64
Add --no-talk-name=org.freedesktop.systemd1
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-02 17:51:23 -07:00
07f018f614
Add --no-talk-name=org.freedesktop.Flatpak
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-02 17:04:05 -07:00
4776c3e812
Update hardened malloc info ( #216 )
...
* Update hardened malloc info
Signed-off-by: Tommy <contact@tommytran.io>
* Add link
Signed-off-by: Tommy <contact@tommytran.io>
---------
Signed-off-by: Tommy <contact@tommytran.io>
2024-03-24 23:30:19 -07:00
34bb760d13
Remove extra_latent_entropy
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-26 21:47:39 -07:00
846933379b
Update kernel args
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-09 19:47:36 -07:00
samsepi0l
c6964ecb07
Update GrapheneOS link ( #207 )
2024-01-31 08:10:09 -07:00
0ce2ac190d
Disable 32 bit emulation
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-01-15 01:24:49 -07:00
e5607c74c6
Update flatpak overrides
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-01-15 01:14:53 -07:00
c817cfc4da
Update flatpak override recommendation
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-01-11 01:53:58 -07:00
891bb0eaf6
Stop recommending Sway
...
Signed-off-by: Tommy <contact@tommytran.io>
2024-01-11 01:37:59 -07:00
samsepi0l
f1ddd0b892
Fix typos ( #188 )
2023-12-10 01:18:15 +00:00
7c5c2081e1
Fix IOMMU kernel param
...
Signed-off-by: Tommy <contact@tommytran.io>
2023-12-05 16:36:50 -07:00
82a9a6094e
Remove bluetooth kernel module
...
Signed-off-by: Tommy <contact@tommytran.io>
2023-11-10 16:23:19 -07:00
ece5edb4d3
Update Mailcow permission policy
...
Signed-off-by: Tommy <contact@tommytran.io>
2023-11-07 01:07:30 -07:00
599b8317f2
Wording fix ( #162 )
...
* Wording fix
Signed-off-by: Tommy <contact@tommytran.io>
Co-authored-by: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com>
2023-09-28 05:39:50 -07:00
473bba3df3
Fix Firewalld bypass ( #156 )
...
* Update Desktop Linux Hardening.md
Co-authored-by: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com>
Signed-off-by: Tommy <contact@tommytran.io>
---------
Signed-off-by: Tommy <contact@tommytran.io>
Co-authored-by: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com>
2023-09-26 23:18:52 -07:00
c162d22c35
Disable gzip compression for mailcow
...
Signed-off-by: Thien Tran <contact@tommytran.io>
2023-08-25 15:28:59 -07:00
950bf8ee1d
Pronoun fix
...
Signed-off-by: Tommy <contact@tommytran.io>
2023-08-16 06:10:34 -07:00
8131129099
Mention Ubuntu Pro ( #149 )
...
Update Desktop Linux Hardening.md
Signed-off-by: Tommy <contact@tommytran.io>
2023-08-16 06:04:49 -07:00
e14fb3e05a
Consistency fix
...
Signed-off-by: Tommy <contact@tommytran.io>
2023-08-16 04:12:33 -07:00
0f9f94d2ce
Add upgrade-insecure-requests;
2023-08-15 17:09:44 -07:00
f8fea8190a
Clarify the location of Chrony's EnvironmentFile
...
Signed-off-by: Thien Tran <contact@tommytran.io>
2023-08-08 21:26:01 -07:00
90dce6a30b
Update Chrony configurations
2023-08-08 21:08:20 -07:00
7226a9c72f
Update file path for Proxmox 8
2023-07-26 15:00:38 -07:00
901bb89f66
Mention that /etc/apt/sources.list.d/* should be 644 ( #138 )
...
* Update Desktop Linux Hardening.md
Signed-off-by: Tommy <contact@tommytran.io>
2023-06-30 03:32:49 -07:00
d7a8bd7849
Secure Time Synchronization on macOS ( #139 )
...
Signed-off-by: Tommy <contact@tommytran.io>
2023-06-25 10:16:31 -07:00
0a1d5a899e
Typo Fixes
...
Signed-off-by: Thien Tran <contact@tommytran.io>
2023-06-13 02:57:28 -07:00
2090622bbc
/var/lib/zypp/AnonymousUniqueId should be emptied
...
Signed-off-by: Thien Tran <contact@tommytran.io>
2023-06-13 02:53:54 -07:00
b4597888c7
Mention fancy snap packages ( #127 )
2023-06-06 08:35:37 +00:00
Reflux0301
e29398c5bb
Change to dropbear-initramfs ( #126 )
...
Dropbear is an SSH client, but since Proxmox is Debian-based, this requires dropbear-initramfs
Signed-off-by: Reflux0301 <130855216+Reflux0301@users.noreply.github.com>
2023-06-03 18:17:54 -07:00