zen-kernel
linux-hardened
Our great sponsors
zen-kernel | linux-hardened | |
---|---|---|
34 | 16 | |
1,847 | 535 | |
3.0% | - | |
0.0 | 0.0 | |
4 days ago | 4 days ago | |
C | C | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
zen-kernel
- What Do You Know about Your Linux System?
-
7950X3D second CCD is not completely inactive during games
Linux is configurable. If you don't want it to freeze up, configure it so it wont https://github.com/zen-kernel/zen-kernel
-
Custom Kernel Code Reviews? (Liquorix, Xanmod, Zen, etc. and supply chain attacks)
What do you mean fingers in the pie? And for liquorix the four people are only the ones involved in the packaging, you'll notice that they just include one huge monolithic patch here https://github.com/damentz/liquorix-package/tree/6.1/master/linux-liquorix/debian/patches/zen and to see what is inside that and whose fingers are in there you need to look into https://github.com/zen-kernel/zen-kernel and you have exactly the same situation as with xanmod with your 13k contributors.
- If your system is installed on dm-crypt and becomes unresponsive when writing/reading a lot of data (like installing Steam games) try disabling dm-crypt workqueues.
-
Lenovo IdeaPad - regression introduced in kernel 5.19.10 still exists despite fix being included in 6.1
It seems like the zen kernel "doesn't use" the same version as the upstream kernel (default). I think for now it is still on 6.0.12: https://github.com/zen-kernel/zen-kernel
-
Let's Play with the Linux Kernel
Find the source here.
-
The flashing screen bug seems to be fixed with the 5.19.13 kernel
Officially supported kernels Community support on forum and bug reporting is available for officially supported kernels. Stable — Vanilla Linux kernel and modules, with a few patches applied. https://www.kernel.org/ || linux Hardened — A security-focused Linux kernel applying a set of hardening patches to mitigate kernel and userspace exploits. It also enables more upstream kernel hardening features than linux. https://github.com/anthraxx/linux-hardened || linux-hardened Longterm — Long-term support (LTS) Linux kernel and modules. https://www.kernel.org/ || linux-lts Zen Kernel — Result of a collaborative effort of kernel hackers to provide the best Linux kernel possible for everyday systems. Some more details can be found on https://liquorix.net (which provides kernel binaries based on Zen for Debian). https://github.com/zen-kernel/zen-kernel || linux-zen
-
How can I get ZEN kernel on Void?
linux5.18-zen $: cd patches patches $: wget https://github.com/zen-kernel/zen-kernel/releases/download/v5.18.11-zen1/v5.18.11-zen1.patch.xz patches $: xz -d v5.18.11-zen1.patch.xz
-
Is there any database for optimal game settings like the geforce experience?
@OP So yeah on Linux we don't have NVE which i'm kinda glad about for various reasons. But we have gamemode (sorry for the ArchWiki entry on it) and custom kernels like Zen. If you opt to install the Zen Kernel ALWAYS keep a regular Kernel as backup, just in case.
-
nvme SSD boot time slowed down with linux 5.18
I was afraid that disabling dm-crypt workqueues caused it: https://github.com/zen-kernel/zen-kernel/issues/282
linux-hardened
-
Question about immutability
Glossing over their hardening guide, we notice that the kernel-hardened package is mentioned. This is a fork of what once was the kernel of GrapheneOS. While this hardened kernel can be used on a variety of distros, unfortunately this doesn't apply to Fedora Silverblue. Furthermore, I haven't seen any mention of the hardened kernel being used on openSUSE Tumbleweed. Therefore I see no reason to believe that this is possible on openSUSE Aeon either. Though, I'd love to be corrected on this!
- How to obtain hardened kernel?
-
Is there a security focused Linux distro for desktop users?
Here's the GitHub page for the linux-hardened package in the official Arch repos. You will find that lots of changes come from GrapheneOS. "Forked from GrapheneOS" is in tiny, tiny text near the top-left of the web page underneath the project name.
-
Let's Play with the Linux Kernel
Here is the source code for the hardened Linux kernel.
-
Deploying Firecracker VMs
so that we can use it liberally in CLI) > **Additionally, here's a 'building from the source section** - https://github.com/firecracker-microvm/firecracker/blob/main/docs/getting-started.md#building-from-source ### Running Firecracker > "*In production, Firecracker is designed to be run securely, inside an execution jail, carefully set up by the jailer binary. This is how our integration test suite does it. However, if you just want to see Firecracker booting up a guest Linux machine, you can do that as well.*" 1. We need to first obtain an "uncompressed Linux kernel binary, and an ext4 file system image (to use as rootfs)" ; great, these are two things that we need to seek out before we move forward in our 'adventure' (*this really feels like a "quest" of some sort, like the ones that they forced you to play on Runescape back in the days*) **How to Decompress Linux Kernel** (explicit instructions to be honest here) - https://0xax.gitbooks.io/linux-insides/content/Booting/linux-bootstrap-5.html **Linux-Hardened Kernel** - https://github.com/anthraxx/linux-hardened (this is something that they're all still actively working on at this very point in time) They also say that we need an 'ext4 file system image' (where do we obtain this from?) - found it **Full Guide on How to Create an EXT4 filesystem image here** -https://fabianlee.org/2020/01/13/linux-mounting-a-loopback-ext4-xfs-filesystem-to-isolate-or-enforce-storage-limits/ Assuming that the above has been handled, the directions insist that we create two separate shell prompts, (one to run Firecracker, and another one to control it [by writing to the API socket]; both shells have to run "in the same directory where the firecracker binary was placed") ^^ What? - This is a pain in the ass because this is something that they should've mentioned earlier (obv. everyone is going to move a binary where the rest of their binaries go ; and you're not going to just load up some random project to be used in that manner) - Not even sure what the end goal of opening up an API socket here would really be But fuck it, let's just assume that we play ball and we adhere to all of these (additional) steps that we're being put through (just for the setup up this virtualization tool!). ### Following Through on the Next Steps 1. Ensuring that Firecracker can create its own API ``` bash rm -f /tmp/firecracker.socket
-
The flashing screen bug seems to be fixed with the 5.19.13 kernel
Officially supported kernels Community support on forum and bug reporting is available for officially supported kernels. Stable — Vanilla Linux kernel and modules, with a few patches applied. https://www.kernel.org/ || linux Hardened — A security-focused Linux kernel applying a set of hardening patches to mitigate kernel and userspace exploits. It also enables more upstream kernel hardening features than linux. https://github.com/anthraxx/linux-hardened || linux-hardened Longterm — Long-term support (LTS) Linux kernel and modules. https://www.kernel.org/ || linux-lts Zen Kernel — Result of a collaborative effort of kernel hackers to provide the best Linux kernel possible for everyday systems. Some more details can be found on https://liquorix.net (which provides kernel binaries based on Zen for Debian). https://github.com/zen-kernel/zen-kernel || linux-zen
-
Kernels: xanmod vs tkg vs lqx vs zen vs hardened
Overall those patches do protect you in a lot of cases. Per default upstream features are chose to honor security first. Furthermore patches do frequently protect against upstream failures and vulnerabilities. One of the latest examples is CVE-2022-1729 https://seclists.org/oss-sec/2022/q2/122 a local privilege vulnerability that linux-hardened simply protects since before day 0: https://github.com/anthraxx/linux-hardened/commit/4dd6bdf3b079ef73e597661ee961d225bfccbe2a On top the approach in several places of fail-early instead of potentially continuing with known corruption or certain use-after-free regularly uncovers problems that get fixed upstream and where the vanilla kernels just keep on running, which include exploitable problems. One example of a faulty very recent commit that has been bisected and fixed because of linux-hardened: https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit/?h=for-next&id=acde4003efc16480375543638484d8f13f2e99a3
- When and why did linux-hardened move to lts branch?
-
windows kernel patch guard-like for linux ?
Those two don't protect the kernel itself from "misuse". To do that, there are ways like kernel hardening 3, using hardened kernel 4 5.
- Is Arch dangerously out of date?
What are some alternatives?
linux - XanMod: Linux kernel source code tree
vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
linux-tkg - linux-tkg custom kernels
checksec.sh - Checksec.sh
liquorix-package - Liquorix Debian Package
hardened-kernel - Hardened kernel configuration optimized for virtual machines. - https://www.kicksecure.com/wiki/Hardened-kernel
linux - Linux kernel source tree
steam-for-linux - Issue tracking for the Steam for Linux beta client
system76-scheduler - Auto-configure CFS and process priorities for improved desktop responsiveness
kernel-hardening-checker - A tool for checking the security hardening options of the Linux kernel
ubuntu-mainline-kernel.sh - Bash script for Ubuntu (and derivatives) to easily (un)install kernels from the Ubuntu Kernel PPA
focus-android - ⚠️ Firefox Focus (Android) moved to a new repository. It is now developed and maintained as part of: https://github.com/mozilla-mobile/firefox-android