📝 Created hoto on secure_artix and made update notes
This commit is contained in:
z3rOR0ne
parent
8617bcaa41
commit
7efe78e69f
2 changed files with 47 additions and 44 deletions
46
install_basics_security_artix.txt
Normal file
46
install_basics_security_artix.txt
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
#Install fail2ban
|
||||
|
||||
doas pacman -S fail2ban fail2ban-runit
|
||||
|
||||
doas ln -s /etc/runit/sv/fail2ban /run/runit/service/
|
||||
|
||||
doas cp ~/Documents/notes/jail.local /etc/fail2ban/
|
||||
|
||||
doas sv start fail2ban
|
||||
|
||||
#Set up apparmor (basic security measure)
|
||||
|
||||
doas pacman -S apparmor apparmor-runit audit audit-runit python-notify2 python-psutil
|
||||
|
||||
doas ln -s /etc/runit/sv/auditd /run/runit/service/
|
||||
|
||||
doas sv start auditd
|
||||
|
||||
Create an audit group, add $USER to it, and add audit group to /etc/audit/auditd.conf:
|
||||
|
||||
doas groupadd -r audit
|
||||
doas gpasswd -a $USER audit
|
||||
|
||||
/etc/audit/auditd.conf
|
||||
|
||||
log_group = audit
|
||||
|
||||
In /etc/rc/apparmor.conf, uncomment enforce mode
|
||||
|
||||
In /etc/default/grub, rewrite the line at CMDLINE as such (be exact and careful here):
|
||||
|
||||
GRUB_CMDLINE_LINUX="lsm=landlock,lockdown,yama,apparmor,bpf net.ifnames=0"
|
||||
|
||||
grub-mkconfig -o /boot/grub/grub.cfg
|
||||
|
||||
reboot
|
||||
|
||||
If all went well run aa-enabled, which should yield "Yes"
|
||||
|
||||
aa-enabled
|
||||
|
||||
Now load simple defaults:
|
||||
|
||||
doas apparmor_parser /usr/share/apparmor/extra-profiles/
|
||||
|
||||
And reboot again, you should have some sane security defaults now.
|
||||
45
updates.txt
45
updates.txt
|
|
@ -30,12 +30,6 @@ sudo chmod 755 /usr/local/bin/pkgtop
|
|||
|
||||
Finally figured out how to get language servers working neovim, you have to npm install -g each of them from ~/.local/nvim/share/lsp-servers (note that there is still work to be done here...)
|
||||
|
||||
After updating your nvim, make sure to run :LspInstallerInfo and update your language servers
|
||||
|
||||
Update rustup
|
||||
|
||||
rustup update
|
||||
|
||||
https://unixcop.com/basic-setup-of-apparmor-on-arch-linux/
|
||||
https://forum.artixlinux.org/index.php/topic,3823.msg24770.html#msg24770
|
||||
|
||||
|
|
@ -49,41 +43,4 @@ doas cp ~/Documents/notes/jail.local /etc/fail2ban/
|
|||
|
||||
doas sv start fail2ban
|
||||
|
||||
## copy into short walkthrough:
|
||||
|
||||
***Set up apparmor (basic security measure)
|
||||
|
||||
doas pacman -S apparmor apparmor-runit audit audit-runit python-notify2 python-psutil
|
||||
|
||||
doas ln -s /etc/runit/sv/auditd /run/runit/service/
|
||||
|
||||
doas sv start auditd
|
||||
|
||||
Create an audit group, add $USER to it, and add audit group to /etc/audit/auditd.conf:
|
||||
|
||||
doas groupadd -r audit
|
||||
doas gpasswd -a $USER audit
|
||||
|
||||
/etc/audit/auditd.conf
|
||||
|
||||
log_group = audit
|
||||
|
||||
In /etc/rc/apparmor.conf, uncomment enforce mode
|
||||
|
||||
In /etc/default/grub, rewrite the line at CMDLINE as such (be exact and careful here):
|
||||
|
||||
GRUB_CMDLINE_LINUX="lsm=landlock,lockdown,yama,apparmor,bpf net.ifnames=0"
|
||||
|
||||
grub-mkconfig -o /boot/grub/grub.cfg
|
||||
|
||||
reboot
|
||||
|
||||
If all went well run aa-enabled, which should yield "Yes"
|
||||
|
||||
aa-enabled
|
||||
|
||||
Now load simple defaults:
|
||||
|
||||
doas apparmor_parser /usr/share/apparmor/extra-profiles/
|
||||
|
||||
And reboot again, you should have some sane security defaults now.
|
||||
***Install Measure-it on librewolf
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue