Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-05-02 06:16:27 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add more abbreviations (#1087)

Browse source 
Signed-off-by: Daniel Gray <dng@disroot.org>
This commit is contained in:
elitejake 2022-04-23 18:43:46 +05:30 committed by Daniel Gray
parent c8bd1533d8
commit fb8c62fc9c
No known key found for this signature in database
GPG key ID: 41911F722B0F9AE3
5 changed files with 30 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/linux-desktop/hardening.en.md
View file

@ -18,7 +18,7 @@ All these firewalls use the [Netfilter](https://en.wikipedia.org/wiki/Netfilter)
If you are using Flatpak packages, you can revoke their network socket access using Flatseal and prevent those applications from accessing your network. This permission is not bypassable.
If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_manager)) packages on a system with proper snap confinement support (with both AppArmor and [CGroupsv1](https://en.wikipedia.org/wiki/Cgroups) present), you can use the Snap Store to revoke network permission as well. This is also not bypassable.
If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_manager)) packages on a system with proper snap confinement support (with both AppArmor and [cgroups](https://en.wikipedia.org/wiki/Cgroups) v1 present), you can use the Snap Store to revoke network permission as well. This is also not bypassable.
## Kernel hardening
@ -94,3 +94,5 @@ One of the problems with Secure Boot particularly on Linux is that only the [cha
After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://support.google.com/chromebook/answer/3438631) or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).
--8<-- "includes/abbreviations.en.md"

2
docs/linux-desktop/overview.en.md
View file

@ -74,3 +74,5 @@ For advanced users, we only recommend Arch Linux, not any of its derivatives. We
## Linux-libre kernel and “Libre” distributions
We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
--8<-- "includes/abbreviations.en.md"

2
docs/linux-desktop/sandboxing.en.md
View file

@ -62,3 +62,5 @@ Red Hat develops [Podman](https://docs.podman.io/en/latest/) and secures it with
Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
These container technologies can be useful even for enthusiastic home users who may want to run certain web app software on their local area network (LAN) such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [linuxserver.io](https://www.linuxserver.io) to increase privacy by decreasing dependence on various web services.
--8<-- "includes/abbreviations.en.md"