[arch-devops] Linux lockdown mode deployed
Giancarlo Razzolini
grazzolini at archlinux.org
Mon Dec 23 15:54:06 UTC 2019
Em dezembro 23, 2019 11:49 Jelle van der Waa escreveu:
> Hi All,
>
> I've deployed a new Linux hardening setting on all our VPS'es which is
> available since 5.4. Which makes it harder for root to modify the
> running kernel by shielding off some functionality for userland. [1]
>
> No application should rely on this features so everything should still
> work as normal.
>
> Currently it is deployed as tmpfiles.d file which is suboptimal but
> adding it to our bootloader seems to be hard since we currently already
> enable btrfs via lineinfile. Maybe the grub configuration should live in
> our ansible repository?
>
> [1] https://git.archlinux.org/infrastructure.git/commit/?id=2c7538040f6353633adf4f6dc55ea23229a33bda
>
> Greetings,
>
> Jelle
>
+1 for having grub configuration on ansible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20191223/c9afa9f5/attachment.sig>
More information about the arch-devops
mailing list