Git-Mirrors/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev.git synced 2025-04-19 23:16:05 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update links

Browse Source
This commit is contained in:
Tommy 2025-04-18 17:08:08 -04:00 committed by GitHub
parent de5154e73b
commit 9fb5b84ac6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/posts/linux/Desktop Linux Hardening.md
View File

@ -424,7 +424,7 @@ Most Linux distributions by default use the unencrypted and unauthenticated [Net
If you decide on using NTS with chronyd, consider using multiple, independent time providers and setting [`minsources`](https://chrony-project.org/doc/4.4/chrony.conf.html#minsources) to a value greater than 1.
GrapheneOS uses a [quite nice chrony configuration](https://github.com/GrapheneOS/infrastructure/blob/main/chrony.conf) for their infrastructure. I recommend that you replicate their `chrony.conf` on your system.
GrapheneOS uses a [quite nice chrony configuration](https://github.com/GrapheneOS/infrastructure/blob/main/etc/chrony.conf) for their infrastructure. I recommend that you replicate their `chrony.conf` on your system.
Next, enable the secommp filter for chronyd. On Fedora and Arch Linux, you will need to edit Chrony's environment file in `/etc/sysconfig/chronyd`:

4
content/posts/macos/Secure Time Synchronization on macOS.md
View File

@ -25,8 +25,6 @@ Generally, any distribution with `chrony` 4.0 or above would work fine. I recomm
You can download Fedora Server from their [official website](https://fedoraproject.org/server/download/).
If you want to use Fedora CoreOS, check out my Butane file [here](https://github.com/TommyTran732/Fedora-CoreOS-Ignition/blob/main/UTM-Chrony.yml). Be sure to change the SSH Key and username before converting to your Ignition file! 😉
## Setting up the virtual machine
Next, create your Linux VM in UTM. Make sure that you use the QEMU backend (as opposed to Apple Virtualization), set the Network Mode to Emulated VLAN, and port forward port `123/UDP` and `22/TCP`.
@ -92,7 +90,7 @@ sudo systemctl enable --now dnf-automatic.timer
## Configuring `chrony`
Next, configure `chrony` to use NTS. On Fedora, the configuration file is `/etc/chrony.conf`. We will use [GrapheneOS's configuration](https://github.com/GrapheneOS/infrastructure/blob/main/chrony.conf) as a reference.
Next, configure `chrony` to use NTS. On Fedora, the configuration file is `/etc/chrony.conf`. We will use [GrapheneOS's configuration](https://github.com/GrapheneOS/infrastructure/blob/main/etc/chrony.conf) as a reference.
Your configuration should look something like this: