mirror of
https://github.com/optim-enterprises-bv/secureblue.git
synced 2025-11-07 05:47:53 +00:00
Reflect recent changes in the readme
This commit is contained in:
qoijjj
@@ -30,7 +30,8 @@ Hardening applied:
|
|||||||
- Disable passwordless sudo for rpm-ostree
|
- Disable passwordless sudo for rpm-ostree
|
||||||
- Setting more restrictive file permissions (Based on recommendations from [lynis](https://cisofy.com/lynis/))
|
- Setting more restrictive file permissions (Based on recommendations from [lynis](https://cisofy.com/lynis/))
|
||||||
- Installing dnf-automatic and chkrootkit
|
- Installing dnf-automatic and chkrootkit
|
||||||
- Disabling unprivileged user namespaces and removing flatpak
|
- Disabling unprivileged user namespaces
|
||||||
|
- Replacing bubblewrap with bubblewrap-suid so flatpak can be used without unprivileged user namespaces
|
||||||
- Sets numerous hardening kernel parameters (Inspired by [Madaidan's Hardening Guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html))
|
- Sets numerous hardening kernel parameters (Inspired by [Madaidan's Hardening Guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html))
|
||||||
- Installs and enables [hardened_malloc](https://github.com/GrapheneOS/hardened_malloc) globally
|
- Installs and enables [hardened_malloc](https://github.com/GrapheneOS/hardened_malloc) globally
|
||||||
- Installing Chromium from the koji updates-testing repo to always have the latest version of chromium, the stable chromium package lags behind on security patches ([Why chromium?](https://grapheneos.org/usage#web-browsing))
|
- Installing Chromium from the koji updates-testing repo to always have the latest version of chromium, the stable chromium package lags behind on security patches ([Why chromium?](https://grapheneos.org/usage#web-browsing))
|
||||||
|
|||||||
Reference in New Issue
Block a user