scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-02 11:28:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: improve readability

Browse Source
This commit is contained in:
qoijjj
2024-03-13 16:35:15 -07:00
committed by GitHub
parent 34519792b1
commit 2ef32f75c7
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
POSTINSTALL-README.md
View File

@@ -33,7 +33,7 @@ If you wish to password-protect booting existing entries, you can add the `grub_
## Create a separate wheel account for admin purposes
Creating a dedicated wheel user and removing wheel from your primary user helps prevent certain attack vectors:
Creating a dedicated wheel user and removing wheel from your primary user helps prevent certain attack vectors, like:
- https://www.kicksecure.com/wiki/Dev/Strong_Linux_User_Account_Isolation#LD_PRELOAD
- https://www.kicksecure.com/wiki/Root#Prevent_Malware_from_Sniffing_the_Root_Password
@@ -50,9 +50,9 @@ When not in the wheel group, a user can be added to a dedicated group, otherwise
- use `adb` and `fastboot`: `plugdev`
- use systemwide flatpaks: `flatpak`
Be aware that granting these permissions will increase attack surface, so keep them as minimal as possible. Some actions don't have an associated group yet, you can create your own rules and groups to fix this.
Some actions don't have an associated group yet, you can create your own rules and groups to fix this.
**Example**: Use LUKS encrypted backup drives
**Example**: To allow a non-wheel user to use LUKS encrypted external drives:
1. `sudo groupadd diskadmin`
2. `sudo usermod -aG diskadmin {your username here}`