privacy-respecting
apparmor
privacy-respecting | apparmor | |
---|---|---|
4 | 21 | |
1,932 | - | |
- | - | |
0.0 | - | |
7 months ago | - | |
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
privacy-respecting
-
Question to all the linux mint soldiers
Curated List of Privacy Respecting Services and Software
-
A quick rant- it's so hard to be private when you're basically technologically illiterate
You need to take a moment to realize it will be okay. You are going in the right direction, you just need to learn more https://youtube.com/watch?v=Y19RFmOxfVM https://git.nixnet.services/pluja/awesome-privacy https://github.com/nikitavoloboev/privacy-respecting https://github.com/humanetech-community/awesome-humane-tech#community
-
Open Source, a Gateway to Privacy/Security
There are many open source alternatives to operating systems, browsers, messengers, search engines, cloud storages, etc. Utilizing these more ethical softwares can be of assistance to improve privacy and security of your life. https://www.privacytools.io/ and https://github.com/nikitavoloboev/privacy-respecting are a great place to search.
-
The Pentagon is tracking US citizens without a warrant, Senator says
Here is a list of applications that should be avoided and plenty of alternatives.
apparmor
-
Enhancing Service Security with Systemd
# /etc/systemd/system/nginx.service # Rootless Nginx service based on https://github.com/stephan13360/systemd-services/blob/master/nginx/nginx.service [Unit] # This is from the default nginx.service Description=nginx (hardened rootless) Documentation=https://nginx.org/en/docs/ Documentation=https://github.com/stephan13360/systemd-services/blob/master/nginx/README.md After=network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] # forking is not necessary as `daemon` is turned off in the nginx config Type=exec User=nginx Group=nginx ## can be used e.g. for accessing directory containing SSL certs #SupplementaryGroups=acme # define runtime directory /run/nginx as rootless services can't access /run RuntimeDirectory=nginx # write logs to /var/log/nginx LogsDirectory=nginx # write cache to /var/cache/nginx CacheDirectory=nginx # configuration is in /etc/nginx ConfigurationDirectory=nginx ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf # PID is not necessary here as the service is not forking ExecReload=/usr/sbin/nginx -s reload Restart=on-failure RestartSec=10s # Hardening # hide the entire filesystem tree from the service and also make it read only, requires systemd >=238 TemporaryFileSystem=/:ro # Remount (bind) necessary paths, based on https://gitlab.com/apparmor/apparmor/blob/master/profiles/apparmor.d/abstractions/base, # https://github.com/jelly/apparmor-profiles/blob/master/usr.bin.nginx, # https://www.freedesktop.org/software/systemd/man/systemd.exec.html#RootDirectory= # # This gives access to (probably) necessary system files, allows journald logging BindReadOnlyPaths=/lib/ /lib64/ /usr/lib/ /usr/lib64/ /etc/ld.so.cache /etc/ld.so.conf /etc/ld.so.conf.d/ /etc/bindresvport.blacklist /usr/share/zoneinfo/ /usr/share/locale/ /etc/localtime /usr/share/common-licenses/ /etc/ssl/certs/ /etc/resolv.conf BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout /run/systemd/notify # Additional access to service-specific directories BindReadOnlyPaths=/usr/sbin/nginx BindReadOnlyPaths=/run/ /usr/share/nginx/ PrivateTmp=true PrivateDevices=true ProtectControlGroups=true ProtectKernelModules=true ProtectKernelTunables=true # Network access RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 # Miscellaneous SystemCallArchitectures=native # also implicit because settings like MemoryDenyWriteExecute are set NoNewPrivileges=true MemoryDenyWriteExecute=true ProtectKernelLogs=true LockPersonality=true ProtectHostname=true RemoveIPC=true RestrictSUIDSGID=true ProtectClock=true # Capabilities to bind low ports (80, 443) AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target
- Restricting access to critical directories to trusted applications?
-
Is it safe to enable Apparmor on the proxmox host server?
root@hive:/usr/lib/apparmor# systemctl status apparmor ● apparmor.service - Load AppArmor profiles Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled) Active: active (exited) since Thu 2023-05-18 19:44:34 EDT; 23h ago Docs: man:apparmor(7) https://gitlab.com/apparmor/apparmor/wikis/home/ Process: 861 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, status=0/SU> Main PID: 861 (code=exited, status=0/SUCCESS) CPU: 39ms
- sandboxed and customizable setup of LoL on Linux
- Apparmor rules
- Audit backlog limit exceeded every 2-3 minutes and AppArmor issues
-
Why is OpenSUSE switching to SELinux?
I know you made this comment 5 days ago, but: the last two commits were 1 and 3 day ago for me while SELinux is behind at 3 days and 2 weeks for its last two commits, and also has about half as many commits overall. So AppArmor is arguably as alive, if not more, than SELinux.
-
Do I understand how to use apparmor correctly?
I'm working on doing what I can to secure a hobby VPS running Ubuntu. I've done some reading about apparmor (especially this document) and created a profile for nginx.
-
Void Linux Security Scanners
Also, I agree that the documentation doesn't seem to be exactly helpful. I'd recommend Wikipedia about what it is (for links to what these terms mean) and its documentation in the project's Wiki.
-
Question to all the linux mint soldiers
Learn how to use AppArmor: https://gitlab.com/apparmor/apparmor/-/wikis/Documentation. Enforce its profiles (at least) for internet facing apps.
What are some alternatives?
alternative-frontends - 🔐🌐 Privacy-respecting web frontends for popular services
bubblewrap - Low-level unprivileged sandboxing tool used by Flatpak and similar projects
personal-security-checklist - 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
selinux - This is the upstream repository for the Security Enhanced Linux (SELinux) userland libraries and tools. The software provided by this project complements the SELinux features integrated into the Linux kernel and is used by Linux distributions. All bugs and patches should be submitted to [email protected]
iploggerfilter - This is a list for ublock Origin to filter any site who's only purpose is to log your IP
ubuntu-server-nosnap
privacytools.io - 🛡🛠 You are being watched. Protect your privacy against global mass surveillance.
apparmor-profiles - AppArmor Profiles for Arch Linux
Digital-Forensics-Guide - Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
awesome-security-hardening - A collection of awesome security hardening guides, tools and other resources