Our great sponsors
-
linux-hardened
Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
It is currently up to date, but that's not the norm. You need to look at the update history to get the bigger picture. There was no 5.13 hardened kernel until 5.13.13, for example. The mainline updates that you admit lag behind always contain security fixes too.
The patches come from https://github.com/anthraxx/linux-hardened/ but I'm very appreciative for all the pre-packaged effort, validation, bug-checking etc.
I want to point out I like this script to run some additional security confirmation checks on the kernel (pretty advanced, you need to know what stuff is, your brain needs to be on) https://github.com/a13xp0p0v/kconfig-hardened-check/
I also want to point out the checksec script for your confirming security on your userspace binaries - https://github.com/slimm609/checksec.sh (look for violations marked in red)
Anbox is now proprietary, Anbox-cloud.io, check out WayDroid and to install the kernel properly use the first part of: https://github.com/sickcodes/droid-native