Trevor Bramwell
19b027f63a
Fix Broken links to Announcement
...
The hosting space for the initial blog post announcing this work was
moved, and a redirect put in place. That redirect appears to have
stopped, or the article moved again. Either way, this appears to be the
canonical location of the article.
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2021-05-13 10:32:37 -04:00
Alexey Kopytko
4ca8b99e0b
Update protecting-code-integrity.md
...
Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN.
From the developer:
http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional
2021-05-13 10:32:37 -04:00
Konstantin Ryabitsev
6ff6fdad73
Use -o instead of stdout redirect with paperkey
...
Using -o makes sure that the file is created with 0600 permissions
instead of whatever the default umask setting is.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 10:32:33 -04:00
Konstantin Ryabitsev
31afef433d
Remove kernel-developer-pgp-guide
...
This document is now part of the official kernel documentation found
here:
https://www.kernel.org/doc/html/latest/process/maintainer-pgp-guide.html
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 10:27:24 -04:00
Konstantin Ryabitsev
51be7788df
Minor wording tweaks
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-26 11:59:28 -05:00
Konstantin Ryabitsev
2158dc39b2
Rework free software/audience paragraph
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 16:50:44 -05:00
Konstantin Ryabitsev
a4924d87b5
ECC support is in GnuPG 2.1+, not v2 in general
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 16:23:43 -05:00
Konstantin Ryabitsev
319a4729a3
Wording on the kernel guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 12:04:31 -05:00
Konstantin Ryabitsev
6747fadc24
Finish up the kernel developer PGP guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 11:54:52 -05:00
Konstantin Ryabitsev
7b5b243a37
Almost done on the kernel guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-24 17:23:23 -05:00
Konstantin Ryabitsev
85ae656965
Start work on kernel-specific guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-23 16:13:43 -05:00
Konstantin Ryabitsev
9ebcdf3b75
Minor tweaks and take out of BETA
...
Protecting code integrity is ready to go production.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-23 10:50:52 -05:00
Konstantin Ryabitsev
1d3b58d17a
Tweak some wording
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-18 16:41:38 -05:00
Konstantin Ryabitsev
7c7477f20c
What is git PGP integration trying to solve?
...
Per question in #28 , explain why git and pgp integration are useful.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-18 16:32:31 -05:00
Konstantin Ryabitsev
126e4f0b5d
Add a note that cp on sockets will fail, but is ok
...
Per issue #25 .
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-18 08:32:17 -05:00
Konstantin Ryabitsev
8a9d547d3e
Explain why master key is 4096 bits
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-18 08:28:38 -05:00
Konstantin Ryabitsev
d859f24c82
Merge pull request #26 from henrich/master
...
Add GPG4Win installation for Windows Platform
2017-12-18 08:15:17 -05:00
Hideki Yamane
f302bf3478
Add GPG4Win installation for Windows Platform
2017-12-17 13:22:56 +09:00
Konstantin Ryabitsev
e836303976
Merge pull request #24 from ftheile/patch-1
...
Use `--homedir` consistently
2017-12-15 13:53:54 -05:00
Frank Theile
1c36837f07
Use --homedir
consistently
2017-12-15 18:16:41 +01:00
Konstantin Ryabitsev
304cd46a38
Merge pull request #23 from ftheile/patch-2
...
Master key backup: use consistent mount point in all examples
2017-12-15 09:20:28 -05:00
Konstantin Ryabitsev
eaf82430cd
Merge pull request #22 from ftheile/patch-1
...
Always use `~` instead of `$HOME` for consistency
2017-12-15 09:20:01 -05:00
Frank Theile
3162817e7c
Master key backup: use consistent mount point in all examples
2017-12-15 08:53:25 +01:00
Frank Theile
6c208d9583
Always use ~
instead of $HOME
for consistency
2017-12-15 08:15:11 +01:00
Konstantin Ryabitsev
790759787e
Typo and wording fixes
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-14 15:08:16 -05:00
Konstantin Ryabitsev
e44163234d
Add TRANSLATIONS file
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-14 14:28:01 -05:00
Konstantin Ryabitsev
1501d8869d
Set status CURRENT/BETA/OUTDATED
...
Need to mark that the protecting-code-integrity document is not quite
ready to be called final product.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:44:35 -05:00
Konstantin Ryabitsev
eafaf6ccc1
Tweak verbiage
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:37:41 -05:00
Konstantin Ryabitsev
501e4ceb88
Remove the zh_CN translation
...
It's obsolete and I have decided not to track these in the same repo.
Please publish your own forks with translated documents and I will
create a translations.md file with links.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:18:09 -05:00
Konstantin Ryabitsev
3148a35dda
Add U2F section and tweak wks-security doc
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:16:44 -05:00
Konstantin Ryabitsev
34233e9d81
Move to protecting-coide-integrity
...
Largely finishes the document -- will work on updated content in
"trusted team communication" and by reviewing the workstation security
guide.
We need at least a basic workstation security guide for the Mac systems.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-12 16:54:03 -05:00
Konstantin Ryabitsev
9d61a13f1c
Edits and a privacy note for keyservers
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-11 14:07:21 -05:00
Konstantin Ryabitsev
f35667dddc
Add large chunk of git+pgp content
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-08 17:18:53 -05:00
Konstantin Ryabitsev
62815ea38e
Largely finish the PGP/smartcard section
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-07 15:53:50 -05:00
Konstantin Ryabitsev
a93d12f80a
Add more GnuPG bits
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-06 17:07:14 -05:00
Konstantin Ryabitsev
c51f664e8e
More base PGP work
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-05 16:37:05 -05:00
Konstantin Ryabitsev
526b138907
Start on Developer Security Hygiene
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-04 16:46:02 -05:00
Konstantin Ryabitsev
b5b0034191
Remove GrSecurity/PAX and trim down SELinux
...
Now that GrSecurity/PaX are no longer available for free download, it is
almost impossible to get it without paying significant amounts of money.
Remove them from the recommendation, but mention that it remains a
viable option for anyone who has a subscription.
Additionally, trim down the SELinux section to remove the detailed
instructions on audit2allow and staff_u. Such details are probably
best suited for a dedicated document.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-11-15 15:47:42 -05:00
Konstantin Ryabitsev
9cbd84f07d
Add Intel ME recommendation (closing issue #12 )
...
Preparing for end-of-2017 update to the recommendations.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-11-13 19:24:16 -05:00
Konstantin Ryabitsev
8f1b807f37
Merge pull request #18 from ronignc/master
...
Corrected the URL for Fedora Security Guide
2017-09-12 16:02:33 -04:00
ronignc
b4e1828b46
Corrected the URL for Fedora Security Guide
2017-09-12 13:31:14 -03:00
Konstantin Ryabitsev
cdfc1d246e
Update a handful of recommendations for early 2017
...
Largely the same stuff, but modify a few recommendations and add a
couple of other ones. See CHANGELOG.md for complete details.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-01-22 17:33:28 -05:00
Konstantin Ryabitsev
424aa0316d
Merge pull request #15 from wyangsun/patch-1
...
Create linux-workstation-security.zh_CN.md
2015-12-24 10:06:07 -08:00
KS
b94a5d4f0a
Merge pull request #1 from mricon/patch-2
...
Rename to linux-workstation-security.zh_CN.md
2015-12-18 10:53:04 +08:00
Konstantin Ryabitsev
1293fac4fc
Rename linux-workstation-security in Chinese.md to linux-workstation-security.zh_CN.md
...
Let's use locale names.
2015-12-17 10:21:17 -05:00
KS
5b8592858f
Create linux-workstation-security in Chinese.md
...
This document is very nice , I have translated it into Chinese. ^.^
2015-12-17 21:37:41 +08:00
Konstantin Ryabitsev
855099a721
Merge pull request #13 from mopsfelder/master
...
Fix typo in semanage command
2015-09-25 09:58:06 -04:00
Murilo Opsfelder Araujo
56a7d0f9a6
Fix typo in semanage command
2015-09-24 23:02:50 -03:00
Konstantin Ryabitsev
0720d94443
Use less ambiguous language
2015-09-10 09:01:33 -04:00
Konstantin Ryabitsev
9b5d82de70
Merge pull request #11 from pdxmph/linuxcom_links
...
Add links to Linux.com Q&A
2015-09-03 13:03:07 -04:00