From 10e53537c61e3340e83bb572b64aa4e466460192 Mon Sep 17 00:00:00 2001 From: Tastatur Date: Fri, 29 Dec 2023 00:09:15 +0100 Subject: [PATCH] wrong link --- docs/alpine-desktop-setup/post-install/security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/alpine-desktop-setup/post-install/security.md b/docs/alpine-desktop-setup/post-install/security.md index 3703743..abfe1d8 100644 --- a/docs/alpine-desktop-setup/post-install/security.md +++ b/docs/alpine-desktop-setup/post-install/security.md @@ -33,13 +33,13 @@ You can check the status of apparmor using `apparmor-utils`: ## Cmdline -There are a lot of kernel settings which can be passed to the command line. [https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel](Madadans-insecurity's page) describes each of their function and how they improve security of the system so lets add them to `/etc/kernel-hooks/secureboot.conf`: +There are a lot of kernel settings which can be passed to the command line. [Madadans-insecurity's page](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel) describes each of their function and how they improve security of the system so lets add them to `/etc/kernel-hooks/secureboot.conf`: ``` cmdline="... slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on randomize_kstack_offset=on vsyscall=none debugfs=off module.sig_enforce=1 lockdown=confidentiality mce=0 loglevel=0 iommu=force spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full mds=full l1ft=flush" ``` -After reconfiguring `kernel-hooks` try to reboot and it should boot. Although there are more options that might make the system more secure, these most of the time come with a big performance hit so this should do for now. +After reconfiguring `kernel-hooks` try to reboot and it should boot. Although there are more options that might make the system more secure, these come with a big performance hit most of the time so these settings should do for now. ## Sysctl