Git-Mirrors/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev.git synced 2024-12-21 21:45:09 -05:00
Code Issues Packages Projects Releases Wiki Activity

Remove link to archived Kicksecure repository for AppArmor profiles (#254)

Browse Source 
* Remove link to deprecated Kicksecure AppArmor profile repo

Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>

* Add apparmor.d mention as a reference

Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>

* Remove mentions of Whonix sandboxed app launcher and AppArmor profiles

Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>

---------

Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
This commit is contained in:
friendly-rabbit-35 2024-06-16 15:49:53 -07:00 committed by GitHub
parent 074f5d1813
commit cbe365251d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/posts/linux/Choosing Your Desktop Linux Distribution.md
View File

@ -102,6 +102,4 @@ Fedora Workstation and Silverblue's European counterpart. These are rolling rele
Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [boot clock randomization](https://www.kicksecure.com/wiki/Boot_Clock_Randomization), [encrypted swap](https://github.com/Whonix/swap-file-creator), hardened boot parameters, and hardened kernel settings. One downside of Whonix is that it still inherits outdated packages with lots of downstream patching from Debian.
Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/Whonix/apparmor-profile-everything) and a [sandbox app launcher](https://www.whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system.
Although Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers), Qubes-Whonix has [various disadvantages](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581) when compared to other hypervisors.

4
content/posts/linux/Desktop Linux Hardening.md
View File

@ -175,10 +175,10 @@ Note that, unlike Android, traditional desktop Linux distributions typically do
### Making Your Own Policies/Profiles
You can make your own AppArmor profiles, SELinux policies, [bubblewrap](https://github.com/containers/bubblewrap) profiles, and [seccomp](https://docs.kernel.org/userspace-api/seccomp_filter.html) blacklist to have better confinement of applications. This is an advanced and sometimes tedious task, but there are various projects you could use as reference:
You can make your own AppArmor profiles, SELinux policies, [bubblewrap](https://github.com/containers/bubblewrap) profiles, and [seccomp](https://docs.kernel.org/userspace-api/seccomp_filter.html) blacklists to have better confinement of applications. This is an advanced and sometimes tedious task, but there are various projects you could use as reference:
- [Kicksecure's apparmor-profile-everything](https://github.com/Kicksecure/apparmor-profile-everything)
- [Krathalans AppArmor profiles](https://github.com/krathalan/apparmor-profiles)
- [roddhjav's AppArmor profiles](https://github.com/roddhjav/apparmor.d)
- [noatsecures SELinux templates](https://github.com/noatsecure/hardhat-selinux-templates)
- [Seirdys bubblewrap scripts](https://sr.ht/~seirdy/bwrap-scripts)