scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-03 11:58:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,027 Commits 1 Branch 0 Tags
1a395452bab0d3d2da40c52aace5b392f73b849c
Commit Graph

1027 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
qoijjj
98c2b6cd58 docs: update readme to reflect postinstall changes 2024-07-23 06:47:03 -07:00
qoijjj
c824e7e37b docs: move nvidia steps to POSTINSTALL-README.md 2024-07-23 06:46:38 -07:00
qoijjj
14dfed4f45 docs: improve image list readability 2024-07-23 06:45:20 -07:00
qoijjj
dd2ce0ee3d docs: fix typo 2024-07-23 06:31:39 -07:00
qoijjj
50bac9eadd docs: improve image list readability 2024-07-23 06:29:33 -07:00
qoijjj
f8537210d7 docs: fix typo 2024-07-23 06:26:17 -07:00
qoijjj
0410a65af6 docs: adjust headers 2024-07-23 06:25:18 -07:00
qoijjj
a60f535a34 docs: fix unclosed <sup> 2024-07-22 18:29:59 -07:00
qoijjj
c9560fb0e1 docs: more consise headers 2024-07-22 18:29:15 -07:00
qoijjj
b9f7eecaf3 docs: reorganize and add recommended section 2024-07-22 18:28:23 -07:00
qoijjj
23fde33ad6 feat: disable geoclue by default 2024-07-22 17:38:27 -07:00
qoijjj
5fe5ccc67d fix: whitespace issue 2024-07-21 14:43:17 -07:00
qoijjj
3187065cbf chore: add back executable bit where needed 2024-07-21 14:35:26 -07:00
qoijjj
0c1551df09 chore: bump dependencies and migrate to bluebuild 1.6 2024-07-21 14:33:53 -07:00
spaceoden
cee19df852 Have yafti run ujust harden-flatpak instead of duplicating its code (#323) 
* Add a ujust script that applies highest supported flatpak malloc hwcap

This script runs ld-linux-x86-64.so.2 --help to identify supported microarchitectures, then applies a flatpak override to set LD_PRELOAD to load the highest supported hwcap for libhardened_malloc.so

* revert addition to 60-custom.just

* add automatic flatpak malloc hwcap selection to yafti.yml

This script runs ld-linux-x86-64.so.2 --help to identify supported microarchitectures, then applies a flatpak override to set LD_PRELOAD to load the highest supported hwcap for libhardened_malloc.so

* Update yafti.yml to run `ujust harden-flatpak` instead of duplicating it

---------

Co-authored-by: qoijjj <129108030+qoijjj@users.noreply.github.com>
 2024-07-20 22:35:34 -07:00
qoijjj
3f267251d9 fix: unpin images now that upstream is fixed 2024-07-20 21:56:06 -07:00
spaceoden
e536efadc7 Update 60-custom.just.readme.md to identify command inclusion (#320) 
identify which kargs are applied by which ujust commands
 2024-07-19 11:32:45 -07:00
qoijjj
34759e24d2 fix: wayblue image tag 2024-07-19 01:44:52 -07:00
qoijjj
5254dfc744 fix: use correct tag 2024-07-19 01:24:45 -07:00
qoijjj
b877fd5d6a fix: temporarily set known good image due to upstream issue 2024-07-19 01:10:15 -07:00
qoijjj
9fffc9460d fix: remove setroubleshoot gui from server images 2024-07-18 23:21:57 -07:00
qoijjj
9102caf67e docs: clarify readme 2024-07-17 17:40:45 -07:00
qoijjj
6bf739f930 docs: fix typo 2024-07-14 23:29:07 -07:00
qoijjj
35d44f87a8 docs: formatting 2024-07-14 23:28:30 -07:00
qoijjj
c35691a091 docs: clarify scope (#319) 2024-07-14 23:27:18 -07:00
Tommy
a3701c7e4f Update chrony.conf (#317) 2024-07-11 20:21:23 -07:00
Tommy
8e14992100 Consistency Fix (#316) 2024-07-11 20:04:39 -07:00
Tommy
f38a520295 Cleaner syntax for disabling ICMP Redirect (#314) 2024-07-11 11:43:18 -07:00
qoijjj
081a2d2978 fix: disable automatic PR builds 2024-07-11 10:44:08 -07:00
Tommy
ffc88b6c9b Disable SSH Stream Local Forwarding & Lowering Config Priority (#312) 
* Better SSH Hardening

* Rename 00-hardening.conf to 30-hardening.conf

* Update 30-hardening.conf

* Update 30-hardening.conf

* Remove extra line
 2024-07-11 10:39:29 -07:00
qoijjj
df4a19f280 fix: use JIT cli setting instead of policy setting (see https://github.com/secureblue/secureblue/issues/304) 2024-07-10 09:51:53 -07:00
qoijjj
f9784d83d7 chore: switch server images to fcos-testing due to stable lagging on patches 2024-07-05 22:38:30 -07:00
qoijjj
79e30ea6d2 docs: add zfs images to readme 2024-07-02 13:42:35 -07:00
qoijjj
eec977755b feat: add server images with zfs built-in 2024-07-02 13:42:04 -07:00
qoijjj
a25075facc feat: update chromium configuration 2024-07-01 23:45:00 -07:00
Tommy
9c7630cc79 Improve ALSR effectiveness for mmap (#307) 2024-07-01 18:39:35 -07:00
qoijjj
667dd4acea chore: ensure /etc/usbguard directory is readable 2024-07-01 18:02:20 -07:00
Tommy
7f090137dc io_uring typo fix (#306) 2024-07-01 17:45:02 -07:00
qoijjj
237f6235e1 chore: ensure usbguard-notifier is present 2024-07-01 16:55:26 -07:00
qoijjj
018608bcb0 chore: update MOTD text 2024-07-01 12:41:32 -07:00
qoijjj
f9c3e15b3f fix: colord issue on no-userns images 2024-07-01 11:18:05 -07:00
qoijjj
8f2a9b16cc chore: add usbguard-notifier to usbguard setup ujust command 2024-06-30 12:16:04 -07:00
qoijjj
bebb18c06c fix: set executable flag on caps script 2024-06-29 23:42:19 -07:00
qoijjj
bc325cca6d feat: replace SUID root with capabilities where possible (#303) 2024-06-29 10:34:06 -07:00
qoijjj
f6d8037b26 fix: temp fix bug due to upstream chromium flag change 2024-06-29 10:32:53 -07:00
qoijjj
9f92777c95 feat: add anticheat toggle to justfile 2024-06-27 23:51:50 -07:00
qoijjj
6180c4f4c8 docs: update steam FAQ 2024-06-27 23:27:49 -07:00
qoijjj
2f856069ee docs: add usbguard setup step to postinstall instructions 2024-06-26 08:48:32 -07:00
qoijjj
27db2dbfa7 fix: usbguard ujust command 2024-06-25 19:38:16 -07:00
qoijjj
99ff4757ec feat: add usbguard and yafti ujust commands 2024-06-25 17:47:45 -07:00