apparmor.d
ssh-p2p
apparmor.d | ssh-p2p | |
---|---|---|
24 | 5 | |
365 | 237 | |
- | - | |
9.9 | 0.0 | |
6 days ago | over 1 year ago | |
Go | Go | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
apparmor.d
-
Sandboxing All the Things with Flatpak and BubbleBox
If anyone want to look further into sandboxing applications on Linux, you can also look at AppArmor and the sandboxing features built into systemd.
I love this repository for bases for AppArmor profiles[1], really good work. Never found a repository as good for systemd, but there are a few around.
[1] https://github.com/roddhjav/apparmor.d
- Anyone writes AppArmor profiles?
-
AppArmor and Profile Inheritance
Then, categorize all your script zoo: maybe some script group want to only read the data, while some need to write, maybe one group needs to use certain set of binaries, and other group - others.
- How would you sandbox shady PDF files from the internet?
-
OpenSUSE Tumbleweed Security – firewall, fail2ban, apparmor
You could utilize some profiles from apparmor.d repo, but you should be slightly aware how it works (disclaimer: I'm the contributor).
-
FOSS alternative to Teamviewer
Regardless, I wrote an AppArmor profile so it couldn't happen again.
-
Cybersec student here. How it possible that Linux is more secure than Windows?
Maintainer's response.
-
MacOS-like support for directory access control on Linux, *per app*
There is a project in early development: apparmor.d. Adopting some or all profiles will do the job. To use it smoothly, basic AppArmor knowledge is required. (I'm the contributor)
-
AppArmor and Firefox: Does it actually work?
Dependent on the OS and Firefox distribution. I can advertise profile that I co-maintain. It uses non-standard tunables, which will require some README reading to get them into the system.
-
SELinux VS AppArmor - go!
Red Hat based distros come preconfigured with a lot of SELinux policies. With AppArmor, you get basically nothing. There is a project I also contribute to from time to time, that gives you a lot more policies, but this is entirely out-of-tree (https://github.com/roddhjav/apparmor.d).
ssh-p2p
- FOSS alternative to Teamviewer
- SSH into client devices without router access
- I want to use VNC to connect to my pi terminal worldwide (Raspian Lite)
-
Is VNC still an ok choice for lan remote access?
For remote access through two NATs, ssh-p2p looks interesting, and then you could use SSH tunelling of VNC. https://github.com/nobonobo/ssh-p2p You can ALMOST install it with a simple command go get -u github.com/nobonobo/ssh-p2p Except that go packages don't install for all users and sudo go get also breaks the user specific ~/go/ subdirctory so it won't work without sudo and your package is still not system wide. GOPATH could be set, first and directories created, etc. but this is too many steps for over the phone. But it may work in a pinch without go path and if it doesn't work without sudo you can try it again with sudo and you can clean up the mess once you get in. And you may be able to predeploy it to the machines. You may have to run ~/go/bin/ssh-p2p if ~/go/bin isn't in path. On windoze, you also need to install ssh which requires some oddball options to chocolatey or you won't actually get the server. Not bad if predeployed but problematic if over the phone. You might also need to install go and add it to the path. And the keys are a full length 36 character UUID which you need to convey over a telephone To make a system permanently accessible, it looks like you would need to add go-ssh to the startup scripts. There is no obvvious way to specify a TURN server if you need one. And it doesn't work with android unless you have linux on top, with GUI if you want to tunnel VNC. But if you want to do it over the telephone you need to do all this on the user's end (on linux,a bit different on windows).
-
Thoughts on pitunnel.com? Safe?
Try https://github.com/nobonobo/ssh-p2p
What are some alternatives?
kubernetes-ingress - NGINX and NGINX Plus Ingress Controllers for Kubernetes
TextSecure - A private messenger for Android.
UBUNTU20-CIS - Ansible role for Ubuntu 2004 CIS Baseline
rustdesk - An open-source remote desktop, and alternative to TeamViewer.
hardentools - Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.
kloak - Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level.
shadowsocks-gtk-rs - A desktop GUI frontend for shadowsocks-rust client implemented with gtk-rs.
apparmor-profiles - Improve your system's security.
shadowsocks-rust - A Rust port of shadowsocks
virt-manager - Desktop tool for managing virtual machines via libvirt
amicontained - Container introspection tool. Find out what container runtime is being used as well as features available.
apparmor-profiles - AppArmor Security Profiles for some applications