Just came across this gem of a channel. I’m busy leaning how to secure my Arch Linux build and you’re the only person I’ve seen that’s made a video on namespaces. Thank you so much for helping all of us out!
Thanks for this video. Do you see any point in hardening the kernel (e.g. using the Kernel Self-Protection Project's recommended settings) or is it a matter of diminishing returns? I assume also a PITA having to recompile the kernel with those settings each time a new version is released.
As they say it all depends on your use case, I have never had to do that, but i suppose there is always a first time, I would check with your requirements some of those are pretty specialized as I recall. and Yes more a PITA than you might think, a new kernel compile generates a new version and a new version in the environments I worked in meant a 1-2 year recertification process
was hoping for a good video, but you start with ubuntu.... I always start with redhat/centos/rocky minimal. I don't want a ton of services installed by default. ubuntu doing something weird that no one wants.. that's nothing new.
I started with ubuntu to because they are the #1 server platform and would benefit more people, As for services don't you control that? I just turn the ones off i dont need, or uninstall them all together if it is something I will never use. I might do one on Rocky, but that requires selinux which is very different from AppArmor anc the hardening process is quite involved to make it work right.
I just recently discovered your channel, a true gem.
welcome to the channel!
Thanks DJ for these videos, well done.
Thank you my friend is nice to see you again
Just came across this gem of a channel. I’m busy leaning how to secure my Arch Linux build and you’re the only person I’ve seen that’s made a video on namespaces. Thank you so much for helping all of us out!
Thanks DJ Ware for sharing us this great information.
Welcome
👍Thanks DJ!
I needed this , thanks for the video Sir ., 🙏
Welcome
Awesome! Thank you
good afternoon my friend you and the guy...
Good information. Thanks for the video.
welcome
8:15-8:16 cut of what you are running "./lynis audit system", thanks for info!
Too bad I found this at 11pm on a Thursday… I really wanna spin this up. Certainly adding this to the list. Looks fun
As I am a carpal tunnel sufferer, I wish you would copy/paste those commands into the terminal and save some wear and tear on yourself.
Thanks for this video. Do you see any point in hardening the kernel (e.g. using the Kernel Self-Protection Project's recommended settings) or is it a matter of diminishing returns? I assume also a PITA having to recompile the kernel with those settings each time a new version is released.
As they say it all depends on your use case, I have never had to do that, but i suppose there is always a first time, I would check with your requirements some of those are pretty specialized as I recall. and Yes more a PITA than you might think, a new kernel compile generates a new version and a new version in the environments I worked in meant a 1-2 year recertification process
Finally poked around /etc and saw the umask setting. Really? That's everyone's default?
Even OpenBSD.
systemd starts sshd when the socket gets a connection. that systemd magic I used today to mount an encrypted volume w/o a password during boot.
-oallow_root or -oallow_other for FUSE.
Those gnome file dialags.
You showed us UBUNTU (OOBOONTOO), not "OOBANTOO".
was hoping for a good video, but you start with ubuntu.... I always start with redhat/centos/rocky minimal. I don't want a ton of services installed by default. ubuntu doing something weird that no one wants.. that's nothing new.
I started with ubuntu to because they are the #1 server platform and would benefit more people, As for services don't you control that? I just turn the ones off i dont need, or uninstall them all together if it is something I will never use. I might do one on Rocky, but that requires selinux which is very different from AppArmor anc the hardening process is quite involved to make it work right.