Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2025-08-05 04:07:23 +02:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: Mikaela:014af1b56ca3cf89ce5e964ab0abe92d4f4ab98c
Branches Tags
Mikaela:master
Mikaela:pre-commit-ci-update-config
Mikaela:lfs-media
Mikaela:dependabot/bundler/rexml-3.3.9
Mikaela:2016-05-10
Mikaela:2
Mikaela:1
Mikaela:0
..
compare: Mikaela:963a0cfd3ba0888275f10e330f442bd937d174e7
Branches Tags
Mikaela:master
Mikaela:pre-commit-ci-update-config
Mikaela:lfs-media
Mikaela:dependabot/bundler/rexml-3.3.9
Mikaela:2016-05-10
Mikaela:2
Mikaela:1
Mikaela:0

No commits in common. "014af1b56ca3cf89ce5e964ab0abe92d4f4ab98c" and "963a0cfd3ba0888275f10e330f442bd937d174e7" have entirely different histories.
014af1b56c ... 963a0cfd3b

1 changed files with 3 additions and 8 deletions
Show Stats Expand all files Collapse all files

11
n/essentialsoftware.md
View File

@ -68,10 +68,6 @@ _{{ page.excerpt }}_
and before `initrd /initramfs-linux-lts.img`...
- `ufw` for Deb-based or `firewalld` on Fedora (and Kali and Arch Linux, if you
so choose in the last)
- `setroubleshoot` on distributions using it gives graphical notifications when
SELinux has a security warning and thus hints that it might be a good idea to
take a look at journalctl to see whether it's something that requires action
either incorrect rule or actually nefarious activity.
- `sshguard` for mitigating shared systems where others refuse to use keys
- `needrestart` for knowing when updates actually require services to be
restarted or a kernel upgrade happens and requires reboot
@ -167,10 +163,9 @@ bit...
# Ensure third party Fedora repos are available, this is part of KDE Prompt?
sudo fedora-third-party enable
# Layer packages I need on top of the base image.
sudo rpm-ostree install aircrack-ng android-tools btop clang darkman duperemove gamescope git-lfs gnome-console htop inxi mosh mpv neovim nmap pipx pre-commit setroubleshoot sshguard steam-devices symlinks syncthing terminus-fonts-console tmux tor torsocks unbound zsh
# Disable bootscreen, enable btrfs compression etc. REMEMBER TO REMOVE SSD FOR NON-SSD setups! Ensure CPU vulnerability mitigation.
sudo rpm-ostree kargs --delete=rhgb --delete=quiet --delete=rootflags=subvol=root --append=rootflags=subvol=root,noatime,compress-force=zstd:0,ssd --append=mitigations=auto,nosmt
# Another reminder to not use flag SSD above if there is no SSD on the system.
sudo rpm-ostree install aircrack-ng android-tools btop clang darkman duperemove gamescope git-lfs gnome-console htop inxi mosh mpv neovim nmap pipx pre-commit sshguard steam-devices symlinks syncthing terminus-fonts-console tmux tor torsocks unbound zsh
# Disable bootscreen, ensure CPU vulnerability mitigation.
sudo rpm-ostree kargs --delete=rhgb --delete=quiet --append=mitigations=auto,nosmt
# I would additionally use lockdown=confidentiality (or lockdown=integrity if
# less privacy and security was required, but that prevents shipped osnoise
# module from working.