lnorg/documentation
1
2
Fork 0
Code Issues 30 Pull requests Projects 6 Activity

Updated things a bit

Browse source
This commit is contained in:
Tastatur 2023-12-29 15:10:42 +01:00
parent 9067e94884
commit d7c230be8c
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/alpine-desktop-setup/post-install/security.md
View file

@ -36,7 +36,7 @@ You can check the status of apparmor using `apparmor-utils`:
There are a lot of kernel settings which can be passed to the command line to make a system more secure. [Madaidans-insecurities page](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel) describes each of their function and how they improve security of the system so lets add them to `/etc/kernel-hooks/secureboot.conf`: There are a lot of kernel settings which can be passed to the command line to make a system more secure. [Madaidans-insecurities page](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel) describes each of their function and how they improve security of the system so lets add them to `/etc/kernel-hooks/secureboot.conf`:
``` ```
cmdline="... slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on randomize_kstack_offset=on vsyscall=none debugfs=off module.sig_enforce=1 lockdown=confidentiality mce=0 loglevel=0 iommu=force spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full mds=full l1ft=flush ipv6.disable=1 rd.shell=0 rd.emergency=reboot" cmdline="... slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on randomize_kstack_offset=on vsyscall=none debugfs=off module.sig_enforce=1 lockdown=confidentiality mce=0 loglevel=0 intel_iommu=on amd_iommu=on iommu=force efi=disable_early_pci_dma spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full mds=full l1ft=flush ipv6.disable=1 rd.shell=0 rd.emergency=reboot"
``` ```
After reconfiguring `kernel-hooks` try to reboot and it should boot. Although there are more options that might make the system more secure, these come with a big performance hit most of the time so these settings should do for now. After reconfiguring `kernel-hooks` try to reboot and it should boot. Although there are more options that might make the system more secure, these come with a big performance hit most of the time so these settings should do for now.

4
docs/alpine-desktop-setup/post-install/users.md
View file

@ -29,7 +29,7 @@ And create a `_power` group for user's to be able to poweroff the system without
Adding a user in alpine can be done using the `setup-user` script. Here we can specify the name, fullname, groups and more: Adding a user in alpine can be done using the `setup-user` script. Here we can specify the name, fullname, groups and more:
``` ```
# setup-user -g wheel,plugdev,seat,nix,_power -f "<Full Name>" <username> # setup-user -g wheel,plugdev,nix,_power -f "<Full Name>" <username>
# passwd <username> # passwd <username>
``` ```
@ -106,7 +106,7 @@ $ fscrypt status /home/<username>
If you have already set up a system with a user but want to add another do this: If you have already set up a system with a user but want to add another do this:
``` ```
# setup-user -g (wheel,)plugdev,seat,nix,_power -f "<Full Name>" <username> # setup-user -g (wheel,)plugdev,nix,_power -f "<Full Name>" <username>
# passwd <username> # passwd <username>
[Change shell in /etc/passwd] [Change shell in /etc/passwd]
# fscrypt encrypt /home/<username> --user=<username> # Doesn't work yet # fscrypt encrypt /home/<username> --user=<username> # Doesn't work yet