[arch-devops] Linux lockdown mode deployed

Giancarlo Razzolini grazzolini at archlinux.org
Mon Dec 23 15:54:06 UTC 2019

Em dezembro 23, 2019 11:49 Jelle van der Waa escreveu:
> Hi All,
> I've deployed a new Linux hardening setting on all our VPS'es which is
> available since 5.4. Which makes it harder for root to modify the
> running kernel by shielding off some functionality for userland. [1]
> No application should rely on this features so everything should still
> work as normal.
> Currently it is deployed as tmpfiles.d file which is suboptimal but
> adding it to our bootloader seems to be hard since we currently already
> enable btrfs via lineinfile. Maybe the grub configuration should live in
> our ansible repository?
> [1] https://git.archlinux.org/infrastructure.git/commit/?id=2c7538040f6353633adf4f6dc55ea23229a33bda
> Greetings,
> Jelle

+1 for having grub configuration on ansible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20191223/c9afa9f5/attachment.sig>

More information about the arch-devops mailing list