From 9fb5b84ac606302cad3d273e3f037ee230f216b7 Mon Sep 17 00:00:00 2001 From: Tommy Date: Fri, 18 Apr 2025 17:08:08 -0400 Subject: [PATCH] Update links --- content/posts/linux/Desktop Linux Hardening.md | 2 +- content/posts/macos/Secure Time Synchronization on macOS.md | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/content/posts/linux/Desktop Linux Hardening.md b/content/posts/linux/Desktop Linux Hardening.md index c24d006..73203f5 100644 --- a/content/posts/linux/Desktop Linux Hardening.md +++ b/content/posts/linux/Desktop Linux Hardening.md @@ -424,7 +424,7 @@ Most Linux distributions by default use the unencrypted and unauthenticated [Net If you decide on using NTS with chronyd, consider using multiple, independent time providers and setting [`minsources`](https://chrony-project.org/doc/4.4/chrony.conf.html#minsources) to a value greater than 1. -GrapheneOS uses a [quite nice chrony configuration](https://github.com/GrapheneOS/infrastructure/blob/main/chrony.conf) for their infrastructure. I recommend that you replicate their `chrony.conf` on your system. +GrapheneOS uses a [quite nice chrony configuration](https://github.com/GrapheneOS/infrastructure/blob/main/etc/chrony.conf) for their infrastructure. I recommend that you replicate their `chrony.conf` on your system. Next, enable the secommp filter for chronyd. On Fedora and Arch Linux, you will need to edit Chrony's environment file in `/etc/sysconfig/chronyd`: diff --git a/content/posts/macos/Secure Time Synchronization on macOS.md b/content/posts/macos/Secure Time Synchronization on macOS.md index ed2ede8..be7e2b7 100644 --- a/content/posts/macos/Secure Time Synchronization on macOS.md +++ b/content/posts/macos/Secure Time Synchronization on macOS.md @@ -25,8 +25,6 @@ Generally, any distribution with `chrony` 4.0 or above would work fine. I recomm You can download Fedora Server from their [official website](https://fedoraproject.org/server/download/). -If you want to use Fedora CoreOS, check out my Butane file [here](https://github.com/TommyTran732/Fedora-CoreOS-Ignition/blob/main/UTM-Chrony.yml). Be sure to change the SSH Key and username before converting to your Ignition file! 😉 - ## Setting up the virtual machine Next, create your Linux VM in UTM. Make sure that you use the QEMU backend (as opposed to Apple Virtualization), set the Network Mode to Emulated VLAN, and port forward port `123/UDP` and `22/TCP`. @@ -92,7 +90,7 @@ sudo systemctl enable --now dnf-automatic.timer ## Configuring `chrony` -Next, configure `chrony` to use NTS. On Fedora, the configuration file is `/etc/chrony.conf`. We will use [GrapheneOS's configuration](https://github.com/GrapheneOS/infrastructure/blob/main/chrony.conf) as a reference. +Next, configure `chrony` to use NTS. On Fedora, the configuration file is `/etc/chrony.conf`. We will use [GrapheneOS's configuration](https://github.com/GrapheneOS/infrastructure/blob/main/etc/chrony.conf) as a reference. Your configuration should look something like this: