CodeMirror/itpol
1
0
Fork 0
mirror of synced 2024-04-24 23:52:30 +12:00
Code Issues Projects Releases Wiki Activity
78 commits 1 branch 0 tags 314 KiB
Commit graph

78 commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexey Kopytko 6e27a0f9ae
Update protecting-code-integrity.md 
Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN.

From the developer:

http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional
 2019-04-08 16:49:49 +09:00
Konstantin Ryabitsev 51026930ef
Use -o instead of stdout redirect with paperkey 
Using -o makes sure that the file is created with 0600 permissions
instead of whatever the default umask setting is.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-31 20:40:03 -05:00
Konstantin Ryabitsev 51be7788df
Minor wording tweaks 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-26 11:59:28 -05:00
Konstantin Ryabitsev 2158dc39b2
Rework free software/audience paragraph 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-25 16:50:44 -05:00
Konstantin Ryabitsev a4924d87b5
ECC support is in GnuPG 2.1+, not v2 in general 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-25 16:23:43 -05:00
Konstantin Ryabitsev 319a4729a3
Wording on the kernel guide 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-25 12:04:31 -05:00
Konstantin Ryabitsev 6747fadc24
Finish up the kernel developer PGP guide 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-25 11:54:52 -05:00
Konstantin Ryabitsev 7b5b243a37
Almost done on the kernel guide 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-24 17:23:23 -05:00
Konstantin Ryabitsev 85ae656965
Start work on kernel-specific guide 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-23 16:13:43 -05:00
Konstantin Ryabitsev 9ebcdf3b75
Minor tweaks and take out of BETA 
Protecting code integrity is ready to go production.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-23 10:50:52 -05:00
Konstantin Ryabitsev 1d3b58d17a
Tweak some wording 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-18 16:41:38 -05:00
Konstantin Ryabitsev 7c7477f20c
What is git PGP integration trying to solve? 
Per question in #28, explain why git and pgp integration are useful.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-18 16:32:31 -05:00
Konstantin Ryabitsev 126e4f0b5d
Add a note that cp on sockets will fail, but is ok 
Per issue #25.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-18 08:32:17 -05:00
Konstantin Ryabitsev 8a9d547d3e
Explain why master key is 4096 bits 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-18 08:28:38 -05:00
Konstantin Ryabitsev d859f24c82
Merge pull request #26 from henrich/master 
Add GPG4Win installation for Windows Platform
 2017-12-18 08:15:17 -05:00
Hideki Yamane f302bf3478
Add GPG4Win installation for Windows Platform 2017-12-17 13:22:56 +09:00
Konstantin Ryabitsev e836303976
Merge pull request #24 from ftheile/patch-1 
Use `--homedir` consistently
 2017-12-15 13:53:54 -05:00
Frank Theile 1c36837f07
Use --homedir consistently 2017-12-15 18:16:41 +01:00
Konstantin Ryabitsev 304cd46a38
Merge pull request #23 from ftheile/patch-2 
Master key backup: use consistent mount point in all examples
 2017-12-15 09:20:28 -05:00
Konstantin Ryabitsev eaf82430cd
Merge pull request #22 from ftheile/patch-1 
Always use `~` instead of `$HOME` for consistency
 2017-12-15 09:20:01 -05:00
Frank Theile 3162817e7c
Master key backup: use consistent mount point in all examples 2017-12-15 08:53:25 +01:00
Frank Theile 6c208d9583
Always use ~ instead of $HOME for consistency 2017-12-15 08:15:11 +01:00
Konstantin Ryabitsev 790759787e
Typo and wording fixes 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-14 15:08:16 -05:00
Konstantin Ryabitsev e44163234d
Add TRANSLATIONS file 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-14 14:28:01 -05:00
Konstantin Ryabitsev 1501d8869d
Set status CURRENT/BETA/OUTDATED 
Need to mark that the protecting-code-integrity document is not quite
ready to be called final product.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-13 16:44:35 -05:00
Konstantin Ryabitsev eafaf6ccc1
Tweak verbiage 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-13 16:37:41 -05:00
Konstantin Ryabitsev 501e4ceb88
Remove the zh_CN translation 
It's obsolete and I have decided not to track these in the same repo.
Please publish your own forks with translated documents and I will
create a translations.md file with links.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-13 16:18:09 -05:00
Konstantin Ryabitsev 3148a35dda
Add U2F section and tweak wks-security doc 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-13 16:16:44 -05:00
Konstantin Ryabitsev 34233e9d81
Move to protecting-coide-integrity 
Largely finishes the document -- will work on updated content in
"trusted team communication" and by reviewing the workstation security
guide.

We need at least a basic workstation security guide for the Mac systems.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-12 16:54:03 -05:00
Konstantin Ryabitsev 9d61a13f1c
Edits and a privacy note for keyservers 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-11 14:07:21 -05:00
Konstantin Ryabitsev f35667dddc
Add large chunk of git+pgp content 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-08 17:18:53 -05:00
Konstantin Ryabitsev 62815ea38e
Largely finish the PGP/smartcard section 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-07 15:53:50 -05:00
Konstantin Ryabitsev a93d12f80a Add more GnuPG bits 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-06 17:07:14 -05:00
Konstantin Ryabitsev c51f664e8e
More base PGP work 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-05 16:37:05 -05:00
Konstantin Ryabitsev 526b138907
Start on Developer Security Hygiene 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-04 16:46:02 -05:00
Konstantin Ryabitsev b5b0034191
Remove GrSecurity/PAX and trim down SELinux 
Now that GrSecurity/PaX are no longer available for free download, it is
almost impossible to get it without paying significant amounts of money.
Remove them from the recommendation, but mention that it remains a
viable option for anyone who has a subscription.

Additionally, trim down the SELinux section to remove the detailed
instructions on audit2allow and staff_u. Such details are probably
best suited for a dedicated document.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-11-15 15:47:42 -05:00
Konstantin Ryabitsev 9cbd84f07d
Add Intel ME recommendation (closing issue #12) 
Preparing for end-of-2017 update to the recommendations.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-11-13 19:24:16 -05:00
Konstantin Ryabitsev 8f1b807f37 Merge pull request #18 from ronignc/master 
Corrected the URL for Fedora Security Guide
 2017-09-12 16:02:33 -04:00
ronignc b4e1828b46 Corrected the URL for Fedora Security Guide 2017-09-12 13:31:14 -03:00
Konstantin Ryabitsev cdfc1d246e
Update a handful of recommendations for early 2017 
Largely the same stuff, but modify a few recommendations and add a
couple of other ones. See CHANGELOG.md for complete details.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-01-22 17:33:28 -05:00
Konstantin Ryabitsev 424aa0316d Merge pull request #15 from wyangsun/patch-1 
Create linux-workstation-security.zh_CN.md
 2015-12-24 10:06:07 -08:00
KS b94a5d4f0a Merge pull request #1 from mricon/patch-2 
Rename to linux-workstation-security.zh_CN.md
 2015-12-18 10:53:04 +08:00
Konstantin Ryabitsev 1293fac4fc Rename linux-workstation-security in Chinese.md to linux-workstation-security.zh_CN.md 
Let's use locale names.
 2015-12-17 10:21:17 -05:00
KS 5b8592858f Create linux-workstation-security in Chinese.md 
This document is very nice , I have translated it into Chinese. ^.^
 2015-12-17 21:37:41 +08:00
Konstantin Ryabitsev 855099a721 Merge pull request #13 from mopsfelder/master 
Fix typo in semanage command
 2015-09-25 09:58:06 -04:00
Murilo Opsfelder Araujo 56a7d0f9a6 Fix typo in semanage command 2015-09-24 23:02:50 -03:00
Konstantin Ryabitsev 0720d94443 Use less ambiguous language 2015-09-10 09:01:33 -04:00
Konstantin Ryabitsev 9b5d82de70 Merge pull request #11 from pdxmph/linuxcom_links 
Add links to Linux.com Q&A
 2015-09-03 13:03:07 -04:00
Mike Hall dc66ec032a Add links to Linux.com Q&A 
This commit adds links to the Linux.com Q&A on the motivation behind
releasing these documents.
 2015-09-03 09:18:50 -07:00
Konstantin Ryabitsev 5a68aa9800 Reword target audience 2015-09-02 15:14:50 -04:00