[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fsuk-manchester] Follow-up: MFS Meeting. Tue, 20 Nov. "NCSC End User De
[Fsuk-manchester] Follow-up: MFS Meeting. Tue, 20 Nov. "NCSC End User Device security - Installer. AppArmor+auditd. GRUB."
Thu, 13 Dec 2018 20:39:11 +0000
Mozilla/5.0 (X11; Linux i686 on x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0
On 16/11/2018 00:17, Michael Dorrington wrote:
> Please forward this notice to those that would welcome it.
> You can subscribe to the Manchester Free Software mailing list at:
> * Event: Manchester Free Software's November Meeting
> * 45 minute slot: AppArmor + auditd
> * 15 minute slot 1: Debian Installer Preseeding for security
> * 15 minute slot 2: Boot process hardening including GRUB
> * 15 minute slot 3: Security monthly round-up
The National Cyber Security Centre (NCSC) End User Device (EUD) Security
Guidance for GNU/Linux is at:
In January's MFS meeting we will do the remaining parts of the NCSC EUD
security; the large part will be on VPN with smaller parts on user
setup, file systems and automatic updates. Over the Christmas and New
Year period you can put into practice the items we covered in November's
1. Setup AppArmor and enforce the profiles in the guidance.
Some distros will require enabling AppArmor, hints:
Advanced: Produce a profile for an application that is missing one.
2. Setup auditd to start from boot and put in rules useful for your
3. Use 'Preseeding' (or the equivalent for your distro) to ensure
security setup is consistently done during Operating System installation.
Advanced: Use a tool to ensure that the security setup is kept as
desired throughout the life of the Operating System.
4. Set a GRUB password
You could configure GRUB so it only needs a password if not doing the
default boot or you could require a password for doing anything. It is
probably best to start with allowing a default boot without password in
case you make a mistake and so lock yourself out.
Post to the MFS mailing list if you need more hints or help.
See you at MFS Christmas meeting on Tuesday,
FSF member #9429
"The Free Software Foundation (FSF) is a nonprofit with a worldwide
mission to promote computer user freedom and to defend the rights of all
free software users."
Description: OpenPGP digital signature
|[Prev in Thread]
||[Next in Thread]|
- [Fsuk-manchester] Follow-up: MFS Meeting. Tue, 20 Nov. "NCSC End User Device security - Installer. AppArmor+auditd. GRUB.",
Michael Dorrington <=