mirror of
https://github.com/optim-enterprises-bv/secureblue.git
synced 2025-11-04 04:18:01 +00:00
docs: improve readability
This commit is contained in:
qoijjj
@@ -33,7 +33,7 @@ If you wish to password-protect booting existing entries, you can add the `grub_
|
|||||||
|
|
||||||
## Create a separate wheel account for admin purposes
|
## Create a separate wheel account for admin purposes
|
||||||
|
|
||||||
Creating a dedicated wheel user and removing wheel from your primary user helps prevent certain attack vectors:
|
Creating a dedicated wheel user and removing wheel from your primary user helps prevent certain attack vectors, like:
|
||||||
|
|
||||||
- https://www.kicksecure.com/wiki/Dev/Strong_Linux_User_Account_Isolation#LD_PRELOAD
|
- https://www.kicksecure.com/wiki/Dev/Strong_Linux_User_Account_Isolation#LD_PRELOAD
|
||||||
- https://www.kicksecure.com/wiki/Root#Prevent_Malware_from_Sniffing_the_Root_Password
|
- https://www.kicksecure.com/wiki/Root#Prevent_Malware_from_Sniffing_the_Root_Password
|
||||||
@@ -50,9 +50,9 @@ When not in the wheel group, a user can be added to a dedicated group, otherwise
|
|||||||
- use `adb` and `fastboot`: `plugdev`
|
- use `adb` and `fastboot`: `plugdev`
|
||||||
- use systemwide flatpaks: `flatpak`
|
- use systemwide flatpaks: `flatpak`
|
||||||
|
|
||||||
Be aware that granting these permissions will increase attack surface, so keep them as minimal as possible. Some actions don't have an associated group yet, you can create your own rules and groups to fix this.
|
Some actions don't have an associated group yet, you can create your own rules and groups to fix this.
|
||||||
|
|
||||||
**Example**: Use LUKS encrypted backup drives
|
**Example**: To allow a non-wheel user to use LUKS encrypted external drives:
|
||||||
|
|
||||||
1. `sudo groupadd diskadmin`
|
1. `sudo groupadd diskadmin`
|
||||||
2. `sudo usermod -aG diskadmin {your username here}`
|
2. `sudo usermod -aG diskadmin {your username here}`
|
||||||
|
|||||||
Reference in New Issue
Block a user