The hosting space for the initial blog post announcing this work was
moved, and a redirect put in place. That redirect appears to have
stopped, or the article moved again. Either way, this appears to be the
canonical location of the article.
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
Need to mark that the protecting-code-integrity document is not quite
ready to be called final product.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Now that GrSecurity/PaX are no longer available for free download, it is
almost impossible to get it without paying significant amounts of money.
Remove them from the recommendation, but mention that it remains a
viable option for anyone who has a subscription.
Additionally, trim down the SELinux section to remove the detailed
instructions on audit2allow and staff_u. Such details are probably
best suited for a dedicated document.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Largely the same stuff, but modify a few recommendations and add a
couple of other ones. See CHANGELOG.md for complete details.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
- Use ESSENTIAL/NICE/PARANOID instead of CRITICAL/MODERATE/LOW/PARANOID
- Use GrSecurity/PaX uniformly
- Add a note on weak passphrases
- The browser you run in a VM does not have to be Chrome/Chromium
- Add a section on hibernating vs. suspending