On 16/11/2018 00:17, Michael Dorrington wrote: > Please forward this notice to those that would welcome it. > > You can subscribe to the Manchester Free Software mailing list at: > https://lists.nongnu.org/mailman/listinfo/fsuk-manchester > > * Event: Manchester Free Software's November Meeting > > * 45 minute slot: AppArmor + auditd > * 15 minute slot 1: Debian Installer Preseeding for security > * 15 minute slot 2: Boot process hardening including GRUB > * 15 minute slot 3: Security monthly round-up
The National Cyber Security Centre (NCSC) End User Device (EUD) Security Guidance for GNU/Linux is at: https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-lts In January's MFS meeting we will do the remaining parts of the NCSC EUD security; the large part will be on VPN with smaller parts on user setup, file systems and automatic updates. Over the Christmas and New Year period you can put into practice the items we covered in November's meeting, particularly: 1. Setup AppArmor and enforce the profiles in the guidance. Some distros will require enabling AppArmor, hints: apparmor=1 security=apparmor /etc/default/grub Advanced: Produce a profile for an application that is missing one. 2. Setup auditd to start from boot and put in rules useful for your situation. Hints: audit=1 /etc/default/grub man audit.rules 3. Use 'Preseeding' (or the equivalent for your distro) to ensure security setup is consistently done during Operating System installation. Advanced: Use a tool to ensure that the security setup is kept as desired throughout the life of the Operating System. 4. Set a GRUB password You could configure GRUB so it only needs a password if not doing the default boot or you could require a password for doing anything. It is probably best to start with allowing a default boot without password in case you make a mistake and so lock yourself out. Post to the MFS mailing list if you need more hints or help. See you at MFS Christmas meeting on Tuesday, Mike. MFS Chair. -- FSF member #9429 http://www.fsf.org/register_form?referrer=9429 http://www.fsf.org/about "The Free Software Foundation (FSF) is a nonprofit with a worldwide mission to promote computer user freedom and to defend the rights of all free software users."
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Fsfe-uk mailing list [email protected] https://lists.gnu.org/mailman/listinfo/fsfe-uk
