[arch-devops] Linux lockdown mode deployed
Sven-Hendrik Haase
svenstaro at gmail.com
Mon Dec 23 16:02:24 UTC 2019
On Mon, Dec 23, 2019, 16:55 Giancarlo Razzolini via arch-devops <
arch-devops at lists.archlinux.org> wrote:
> Em dezembro 23, 2019 11:49 Jelle van der Waa escreveu:
> > Hi All,
> >
> > I've deployed a new Linux hardening setting on all our VPS'es which is
> > available since 5.4. Which makes it harder for root to modify the
> > running kernel by shielding off some functionality for userland. [1]
> >
> > No application should rely on this features so everything should still
> > work as normal.
> >
> > Currently it is deployed as tmpfiles.d file which is suboptimal but
> > adding it to our bootloader seems to be hard since we currently already
> > enable btrfs via lineinfile. Maybe the grub configuration should live in
> > our ansible repository?
> >
> > [1]
> https://git.archlinux.org/infrastructure.git/commit/?id=2c7538040f6353633adf4f6dc55ea23229a33bda
> >
> > Greetings,
> >
> > Jelle
> >
>
> +1 for having grub configuration on ansible.
Yeah, maybe we can find a better solution for this. Thanks, Jelle.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20191223/6a38c903/attachment.htm>
More information about the arch-devops
mailing list