From 56ecf1c77745c12c2ca6163374ecb6f8403137a8 Mon Sep 17 00:00:00 2001 From: TommyTran732 <57488583+tommytran732@users.noreply.github.com> Date: Sun, 25 Jul 2021 08:33:40 +0000 Subject: [PATCH] Update README.md --- README.md | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 263d2e7..13212f3 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,15 @@ This fork comes with various security improvements and fully working rollbacks w 6. `cd Arch-Setup-Script` 7. `chmod u+x ./install.sh && ./install.sh` +### Changes to the original project +1. Encrypted /boot with LUKS1 +2. SUSE - like partition layout and fully working snapper snapshots & rollback +3. Minimally setup GNOME 40 with pipewire +4. AppArmor and Firewalld enabled by default +5. Defaulting umask to 077 +6. Randomize Mac Address and disable Connectivity Check for privacy +7. Added some kernel/grub settings from https://github.com/Whonix/security-misc/tree/master/etc/default + ### Snapper behavior The partition layout I use rallows us to replicate the behavior found in openSUSE 🦎 1. Snapper rollback works! You will no longer need to manually rollback from a live USB like you would with the @ and @home layout suggested in the Arch Wiki. @@ -20,17 +29,6 @@ The partition layout I use rallows us to replicate the behavior found in openSUS 4. Directories such as /boot, /boot/efi, /var/log, /var/crash, /var/tmp, /var/spool, /var/lib/libvirt/images are excluded from the snapshots as they either should be persistent or are just temporary files. /cryptkey is excluded as we do not want the encryption key to be included in the snapshots, which could be sent to another device as a backup. 5. GRUB will boot into the default BTRFS snapshot set by snapper. Like on SUSE, your running system will always be a read-write snapshot in @/.snapshots/X/snapshot. -### Changes to the original project -1. Encrypted /boot -2. SUSE - like partition layout -3. Snapper snapshots & rollback -4. Default umask to 077 -5. Firewalld is enabled by default -6. Minimally setup GNOME 40 with pipewire -7. Randomize Mac Address and disable Connectivity Check for privacy -8. Added some kernel/grub settings from https://github.com/Whonix/security-misc/tree/master/etc/default - - ### Partitions layout | Partition/Subvolume | Label | Mountpoint | Notes |