Daniel Micay
|
984d0f200f
|
nftables: implement loopback access control
|
2022-07-25 20:47:29 -04:00 |
|
Daniel Micay
|
a68a456778
|
update mirrorlist
|
2022-07-25 04:09:58 -04:00 |
|
Daniel Micay
|
f38929f9b4
|
add pacreport.conf
|
2022-07-24 20:55:47 -04:00 |
|
Daniel Micay
|
c0266f6a16
|
rename modprobe.d configuration file
|
2022-07-24 20:07:57 -04:00 |
|
Daniel Micay
|
e5f576c062
|
sshd: reduce MaxAuthTries to 1
|
2022-07-22 20:00:52 -04:00 |
|
Daniel Micay
|
84ca6bfa27
|
sshd: sntrup761x25519-sha512@openssh.com kex only
|
2022-07-22 19:55:59 -04:00 |
|
Daniel Micay
|
d7c23eac02
|
disable unused AES-GCM cipher suites
|
2022-07-22 19:11:28 -04:00 |
|
Daniel Micay
|
ad6e998ec2
|
nftables: filter input service traffic by dst addr
|
2022-07-21 19:32:43 -04:00 |
|
Daniel Micay
|
fdf21af1ae
|
nftables: use notrack accept instead of notrack
|
2022-07-21 17:31:16 -04:00 |
|
Daniel Micay
|
f7da683012
|
nftables: simplify ICMP handling
|
2022-07-18 22:14:35 -04:00 |
|
Daniel Micay
|
494247747c
|
add flarum-admin user
|
2022-07-12 17:36:13 -04:00 |
|
Daniel Micay
|
1a195570c8
|
sshd: disable unused agent forwarding feature
This is a misguided feature and while this doesn't meaningfully reduce
attack surface, it makes sense not to enable it.
|
2022-07-11 19:57:42 -04:00 |
|
Daniel Micay
|
1d9d5df54c
|
unbound: only listen on IPv6
|
2022-07-10 15:41:10 -04:00 |
|
Daniel Micay
|
710d487e78
|
qname-minimisation is enabled by default now
|
2022-07-03 09:30:44 -04:00 |
|
Daniel Micay
|
f957d83855
|
add resolv.conf
|
2022-07-03 09:05:41 -04:00 |
|
Daniel Micay
|
829ea23e8d
|
lower conntrack established tcp connection timeout
|
2022-07-03 05:28:54 -04:00 |
|
Daniel Micay
|
1c47cd88ab
|
disable loose TCP connection tracking
|
2022-07-03 03:50:53 -04:00 |
|
Daniel Micay
|
9dbc7347b5
|
directory for nginx unix domain sockets in /run
|
2022-07-02 13:10:42 -04:00 |
|
Daniel Micay
|
765704b07f
|
style fix
|
2022-06-30 07:05:13 -04:00 |
|
Daniel Micay
|
32074453eb
|
nftables: use numeric port format
|
2022-06-30 07:02:34 -04:00 |
|
Daniel Micay
|
01f9274fc4
|
nftables: implement output filtering for loopback
|
2022-06-30 06:41:52 -04:00 |
|
Daniel Micay
|
fea9197ace
|
disable unused chrony command port
|
2022-06-30 03:08:28 -04:00 |
|
Daniel Micay
|
e0ab41c4f4
|
nftables: friendlier output traffic filtering
|
2022-06-29 21:27:01 -04:00 |
|
Daniel Micay
|
3ca0c347c6
|
add baseline nftables configurations
|
2022-06-29 10:53:07 -04:00 |
|
Daniel Micay
|
52d67a3085
|
add chrony configuration
|
2022-06-29 10:51:41 -04:00 |
|
Daniel Micay
|
f6435cae74
|
reduce tcp retransmission attempts
|
2022-06-29 03:58:53 -04:00 |
|
Daniel Micay
|
905ff4d433
|
update mirrorlist
|
2022-06-06 12:18:19 -04:00 |
|
Daniel Micay
|
e73dab2375
|
update systemd/system.conf
|
2022-05-22 15:57:02 -04:00 |
|
Daniel Micay
|
8c81a44d6d
|
update mirrorlist and switch to NA pkgbuild.com
|
2022-05-02 00:56:41 -04:00 |
|
Daniel Micay
|
4a732879f3
|
update grub configuration
|
2022-03-16 22:56:06 -04:00 |
|
Daniel Micay
|
962270c183
|
update system.conf
|
2022-03-14 15:08:14 -04:00 |
|
Daniel Micay
|
adb1ab92b3
|
update mirrorlist
|
2022-03-12 12:06:17 -05:00 |
|
Daniel Micay
|
72937c922f
|
add new file limit configuration for sshd
|
2022-02-25 19:31:35 -05:00 |
|
Daniel Micay
|
8ad991e8c5
|
add locale configuration
|
2022-02-15 01:03:56 -05:00 |
|
Void
|
151a761d2b
|
Fix readme
|
2021-12-16 12:43:34 -05:00 |
|
Daniel Micay
|
ed3824208d
|
update mirrorlist
|
2021-12-12 18:57:48 -05:00 |
|
Daniel Micay
|
19d0e86112
|
add sshd_config.tmp to gitignore
|
2021-11-30 13:02:57 -05:00 |
|
Daniel Micay
|
f1005cf339
|
user-based whitelist for ssh access
|
2021-11-27 20:33:48 -05:00 |
|
Daniel Micay
|
9f82fe54bd
|
use double brace for templates
|
2021-11-27 20:25:47 -05:00 |
|
Daniel Micay
|
693655f5bc
|
blacklist unused intel_agp driver
|
2021-11-27 18:45:10 -05:00 |
|
Daniel Micay
|
6bbe5bc95a
|
blacklist unused mouse/joystick drivers
|
2021-11-27 18:16:13 -05:00 |
|
Daniel Micay
|
47a765066c
|
blacklist unused virtio_balloon driver
|
2021-11-27 18:16:09 -05:00 |
|
Daniel Micay
|
73a78746f1
|
hard-wire ext4 as the only initramfs filesystem
|
2021-11-27 17:11:38 -05:00 |
|
Daniel Micay
|
00c21469df
|
add mkinitcpio.conf
|
2021-11-27 17:09:26 -05:00 |
|
Daniel Micay
|
7671f6b795
|
switch to a more consistent mirror
|
2021-11-26 18:08:17 -05:00 |
|
Daniel Micay
|
91c9fd275e
|
update system-login
|
2021-11-21 22:38:36 -05:00 |
|
Daniel Micay
|
932b117824
|
blacklist useless floppy module too
|
2021-11-17 14:34:19 -05:00 |
|
Daniel Micay
|
96c77bf78a
|
update mirrorlist
|
2021-11-14 09:43:30 -05:00 |
|
Daniel Micay
|
4a6474cb56
|
128k tcp_notsent_lowat to improve fairness/latency
|
2021-10-02 15:45:21 -04:00 |
|
Daniel Micay
|
35f539f237
|
only permit native system call architecture
|
2021-09-16 03:57:53 -04:00 |
|