#Tag · bonfire.cafe

Stefano Marinelli boosted

@Larvitz@mastodon.bsd.cafe · last month

Proper FreeBSD system hardning :)
(all for sysctl)

security.bsd.see_other_uids
security.bsd.see_other_gids
--> Don't show other users processes

security.bsd.unprivileged_read_msgbuf
--> Don't allow unprivileges to read kernel buffer (dmesg)

security.bsd.unprivileged_proc_debug
--> Don't allow unprivileged to use debugging

security.bsd.hardlink_check_uid
security.bsd.hardlink_check_gid
--> restrict hardlinks to same user/group

kern.elf64.aslr.enable
kern.elf32.aslr.enable
--> Enable kernel address randomization (ASLR)

security.bsd.unprivileged_mlock
--> Restrict unprivileged users from loading kernel modules

sysctl kern.securelevel=1
--> Cannot lower securelevel
--> Cannot write directly to mounted disks
--> Cannot write to /dev/mem or /dev/kmem
--> Cannot load/unload kernel modules
--> Cannot change firewall rules (if compiled with IPFIREWALL_STATIC)
--> System immutable and append-only file flags cannot be removed

This can make a FreeBSD system more secure, especially on multi-user systems. Securelevel ca even go higher, but those restrictions generally need care.

#runbsd #freebsd #security #hardening #goodpractice #devops #sysadmin

Sorry, no caption provided by author

@Larvitz@mastodon.bsd.cafe · last month

Proper FreeBSD system hardning :)
(all for sysctl)

security.bsd.see_other_uids
security.bsd.see_other_gids
--> Don't show other users processes

security.bsd.unprivileged_read_msgbuf
--> Don't allow unprivileges to read kernel buffer (dmesg)

security.bsd.unprivileged_proc_debug
--> Don't allow unprivileged to use debugging

security.bsd.hardlink_check_uid
security.bsd.hardlink_check_gid
--> restrict hardlinks to same user/group

kern.elf64.aslr.enable
kern.elf32.aslr.enable
--> Enable kernel address randomization (ASLR)

security.bsd.unprivileged_mlock
--> Restrict unprivileged users from loading kernel modules

sysctl kern.securelevel=1
--> Cannot lower securelevel
--> Cannot write directly to mounted disks
--> Cannot write to /dev/mem or /dev/kmem
--> Cannot load/unload kernel modules
--> Cannot change firewall rules (if compiled with IPFIREWALL_STATIC)
--> System immutable and append-only file flags cannot be removed

This can make a FreeBSD system more secure, especially on multi-user systems. Securelevel ca even go higher, but those restrictions generally need care.

#runbsd #freebsd #security #hardening #goodpractice #devops #sysadmin

Sorry, no caption provided by author

Cr☥ssy 𓆣𓆃

@Crissy@tech.lgbt · 2 months ago

How you do consent, cuties ❤️
“I would like to kiss you, if that’s ok?”

#consent #goodpractice #respect #romantic #consensual #caturday #kitten

Cute kitten on the carpet, standing up and holding onto someone’s sweater (person not shown). Caption says “I would like to kiss you, if that’s ok” which teaches consent

Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-alpha.8 no JS en

Automatic federation enabled