Commit Graph

195 Commits

Author SHA1 Message Date
Tommy
b674e55d42
Unbound systemd hardening moved to Linux-Setup-Scripts
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-25 22:32:16 -07:00
Tommy
7f470747b9
Unbound listen on ::1
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-24 02:34:55 -07:00
Tommy
540f5f1774
Do not remove resolved
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-21 15:09:58 -07:00
Tommy
14446d8c6b
No Unbound on UTM
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-21 15:07:58 -07:00
Tommy
0d634e5051
Unbound for container
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-21 15:06:09 -07:00
Tommy
d88311198c
Switch to UTC
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-20 05:21:05 -07:00
Tommy
7fad7ab23b
Panic on oops
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-17 01:19:59 -07:00
Tommy
4eef6410bb
Remove Divested PGP key
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-09 05:35:45 -07:00
Tommy
551814f15c
Remove divested repo
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-09 05:35:13 -07:00
Tommy
e49c2c5ca4
Rename server-blacklist to vps-blacklist
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-07 04:51:45 -07:00
Tommy
d9bd0f9563
Use secureblue hardenedmalloc
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-06 22:54:40 -07:00
Tommy
37ab9797c7
Disable coredump in systemd as well
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-04 14:09:50 -07:00
Tommy
71d681ff8b
Use custom config and SecureBlue whenever possible
Signed-off-by: Tommy <contact@tommytran.io>
2024-06-04 13:58:01 -07:00
Tommy
1a38e16151
Remove bind overrides
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-31 14:24:56 -07:00
Tommy
13a4d89a69
Better regex for kernel module blacklist
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-31 13:49:45 -07:00
Tommy
64efef581c
Add escapes for regex
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-31 13:37:30 -07:00
Tommy
d06e7489e9
Beter regex
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-31 13:16:38 -07:00
Tommy
f9823a43e4
Better regex
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-31 02:36:47 -07:00
Tommy
0eda27d343
Update overrides for F40
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-28 16:21:59 -07:00
Tommy
d3e0ea0f35
Add notes to fix FCOS 39 -> 40 upgrade
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-28 14:22:23 -07:00
Tommy
4295b7e075
Update gvisor-downloader
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-28 13:48:13 -07:00
Tommy
3cb75ee460
Remove 5 seconds wait
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-27 15:15:41 -07:00
Tommy
4906ea33d8
Update kargs
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-27 13:23:30 -07:00
Tommy
e5f5980e0c
Use After=network-online.target
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-22 12:17:24 -07:00
Tommy
8d6447c67b
/etc/issue moved to Linux-Setup-Scripts
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-16 23:18:07 -07:00
Tommy
c320659852
zram-generator config moved to Linux-Setup-Scripts
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-16 22:27:06 -07:00
Tommy
f6751a1597
Workaround for unbound-keygen
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-06 23:47:45 -07:00
Tommy
2e0f0719cd
Update docker-compose-updater
Signed-off-by: Tommy <contact@tommytran.io>
2024-05-03 14:55:36 -07:00
Tommy
147945e752
Rearrange kargs
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-19 14:50:41 -07:00
Tommy
02ae78dfec
Add trailing white space
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-12 16:45:15 -07:00
Tommy
7b62e6d24f
Update docker-compose-updater.service
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-09 15:15:34 -07:00
Tommy
e579cf0cf1
Disable mdns and dhcpv6-client for x86 QEMU
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-05 15:53:36 -07:00
Tommy
c6a758d8a0
Switch to using systemd timer for container update
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-05 14:21:39 -07:00
Tommy
4b109fa93b
Disable msr
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-05 13:43:06 -07:00
Tommy
2f67145fd1
Update ptrace settings
Signed-off-by: Tommy <contact@tommytran.io>
2024-03-24 14:38:07 -07:00
Tommy
c3481cbcc8
Disable coreos-cni-networking-check.service
Signed-off-by: Tommy <contact@tommytran.io>
2024-03-24 14:00:46 -07:00
Tommy
2ecb5662fc
Enable module sig enforce and lockdown=confidentiality
Signed-off-by: Tommy <contact@tommytran.io>
2024-03-05 14:52:54 -07:00
Tommy
f5411aab36
Add ARM hardened malloc
Signed-off-by: Tommy <contact@tommytran.io>
2024-03-05 14:24:45 -07:00
Tommy
9ee6949e84
Fix rpm-ostree kargs --editor
Signed-off-by: Tommy <contact@tommytran.io>
2024-03-05 14:06:08 -07:00
Tommy
652b549e71
FCOS has already fixed SELinux handling
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-29 11:39:21 -07:00
Tommy
0721f0d393
Fix /var labels
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-29 10:48:58 -07:00
Tommy
0e29af560f
ld_preload fix
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-28 10:47:05 -07:00
Tommy
469358b8ed
Add serial port support for Proxmox
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-28 09:40:01 -07:00
Tommy
3f8465e696
Use systemd units section to disable kdump and debug-shell
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-27 21:56:58 -07:00
Tommy
0adadc1932
Add missing stamp for postinst2
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-27 18:48:17 -07:00
Tommy
bf92773f86
Fix GPG signature
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-27 18:41:02 -07:00
Tommy
46285b769e
Single quote echo
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-27 02:19:44 -07:00
Tommy
e754f3a5eb
ld.preload path does not needed to be hardcoded
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-27 00:19:46 -07:00
Tommy
3ec705b520
Remove extra_latent_entropy from karg file
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-26 23:38:22 -07:00
Tommy
6f0bf8d8a7
Implement hardened_malloc, rename to x86_64-v3
Signed-off-by: Tommy <contact@tommytran.io>
2024-02-26 23:36:13 -07:00