[arch-devops] Linux lockdown mode deployed
grazzolini at archlinux.org
Mon Dec 23 15:54:06 UTC 2019
Em dezembro 23, 2019 11:49 Jelle van der Waa escreveu:
> Hi All,
> I've deployed a new Linux hardening setting on all our VPS'es which is
> available since 5.4. Which makes it harder for root to modify the
> running kernel by shielding off some functionality for userland. 
> No application should rely on this features so everything should still
> work as normal.
> Currently it is deployed as tmpfiles.d file which is suboptimal but
> adding it to our bootloader seems to be hard since we currently already
> enable btrfs via lineinfile. Maybe the grub configuration should live in
> our ansible repository?
>  https://git.archlinux.org/infrastructure.git/commit/?id=2c7538040f6353633adf4f6dc55ea23229a33bda
+1 for having grub configuration on ansible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 833 bytes
Desc: not available
More information about the arch-devops