Introduction:
Why must we harden the Linux kernel?
Thinking about this question:
You have a big house with many valuables, and now you want to shield them from thieves. You must find ways to secure the house, such as using many IP cameras for detection and taking various measures to protect your valuables.
Now, let me ask another question:
Your phone is always with you.
OK, now imagine a hacker finds a bug in your phone and gains access to it. They can take photos, record voice, and access it completely, using your data. Now, think about what you would want to do after that.
Let me say:
Nothing Because now your data is for selling.
( this is just an introduction to start speaking about secure options in the linux kernel )
#Kernel_hardening #privacy
Why must we harden the Linux kernel?
Thinking about this question:
You have a big house with many valuables, and now you want to shield them from thieves. You must find ways to secure the house, such as using many IP cameras for detection and taking various measures to protect your valuables.
Now, let me ask another question:
Your phone is always with you.
OK, now imagine a hacker finds a bug in your phone and gains access to it. They can take photos, record voice, and access it completely, using your data. Now, think about what you would want to do after that.
Let me say:
Nothing Because now your data is for selling.
( this is just an introduction to start speaking about secure options in the linux kernel )
#Kernel_hardening #privacy
بهترین های لینوکس سابق
Would you like us to have a group for writing under the posts?
Thank you for sending votes.
And now the channel has a group.
With a 24-hours timer for automatic content deletion.
And now the channel has a group.
With a 24-hours timer for automatic content deletion.
بهترین های لینوکس سابق
Introduction: Why must we harden the Linux kernel? Thinking about this question: You have a big house with many valuables, and now you want to shield them from thieves. You must find ways to secure the house, such as using many IP cameras for detection…
Welcome Everyone
Welcome where ? To new day 😁
OK let's Go
The First Option is about
DM_CRYPT
When should we enable it!?
Imaging now you want to install a new distribution and your first parameter is encryption and you want to use software encryption to encrypt your disk because you need use cryptoapi
Like cryptsetup software
OK now what !?
We must enable it
Yes just this
I wish have best times.
#kernel_hardening #linux #options
Welcome where ? To new day 😁
OK let's Go
The First Option is about
DM_CRYPT
When should we enable it!?
Imaging now you want to install a new distribution and your first parameter is encryption and you want to use software encryption to encrypt your disk because you need use cryptoapi
Like cryptsetup software
OK now what !?
We must enable it
Yes just this
I wish have best times.
#kernel_hardening #linux #options
01 - Havas
Shohreh [SariMusic.IR]
#persian_music
Persian version
Persian version
بهترین های لینوکس سابق
Welcome Everyone Welcome where ? To new day 😁 OK let's Go The First Option is about DM_CRYPT When should we enable it!? Imaging now you want to install a new distribution and your first parameter is encryption and you want to use software encryption to…
Welcome everybody
Welcome to introducing a new parameter
CONFIG_MODULE_SIG.
Denoscription:
Thinking about this section,
You have too many modules, and you have a signature for every module.
You shouldn't allow anybody to add a new module because maybe it's not good software.
We can use it for signature verification.
#Kernel_hardening #linux #options
Welcome to introducing a new parameter
CONFIG_MODULE_SIG.
Denoscription:
Thinking about this section,
You have too many modules, and you have a signature for every module.
You shouldn't allow anybody to add a new module because maybe it's not good software.
We can use it for signature verification.
#Kernel_hardening #linux #options
I really like writing
But I don't have free time 🥲
And you know I'm not as good as you
Please tell me if you have any suggestions for writing better.
But I don't have free time 🥲
And you know I'm not as good as you
Please tell me if you have any suggestions for writing better.
⚡1❤🔥1
Hello everyone
Happy new year
I wish you all the best times with your loved ones.
Be Happy good days are very near
And believe in yourself.
Happy new year
I wish you all the best times with your loved ones.
Be Happy good days are very near
And believe in yourself.
❤🔥1
Hello everybody,
I'm back again after maybe two months. Okay,
let's go.
Today, I want to speak about a very fun experience
Let me share it.
My friend told me, "Hey, could you please change the code for this project?" (It was in Java.)
At first, I asked myself, "I've never had experience with Java, but it was a request from my friend, so I told him, Okay."
First off, I thought of many things:
Using attack injection, which means finding symbols/functions and changing them.
Figuring out how to access the codes.
I selected the second way.
I know that reaching the codes in Java is very simple, and I can read and change them very easily.
And again, I know why I must write in C++ 😁 And why I don't have a liking for any other language
And I found that there are many ways to use method obfuscation in your codes. And please always use them because nerds are always after your codes.
I'm back again after maybe two months. Okay,
let's go.
Today, I want to speak about a very fun experience
Let me share it.
My friend told me, "Hey, could you please change the code for this project?" (It was in Java.)
At first, I asked myself, "I've never had experience with Java, but it was a request from my friend, so I told him, Okay."
First off, I thought of many things:
Using attack injection, which means finding symbols/functions and changing them.
Figuring out how to access the codes.
I selected the second way.
I know that reaching the codes in Java is very simple, and I can read and change them very easily.
And again, I know why I must write in C++ 😁 And why I don't have a liking for any other language
And I found that there are many ways to use method obfuscation in your codes. And please always use them because nerds are always after your codes.
بهترین های لینوکس سابق
Hello everybody, I'm back again after maybe two months. Okay, let's go. Today, I want to speak about a very fun experience Let me share it. My friend told me, "Hey, could you please change the code for this project?" (It was in Java.) At first, I asked…
This was just a cool prank. Please don't let this post affect your decision-making.
Hi everybody
I want talk about YAMA
#YAMA #linux #embedded #hardening
YAMA is a LSM ( Linux sub module )
What's Yama:
Yama is a Linux Security Module that collects system-wide DAC security protections
How we can enable it:
This is selectable at build-time with CONFIG_SECURITY_YAMA
Options:
0 - classic ptrace permissions
1 - restricted ptrace
2 - admin-only attach
3 - no attach
First off, I thought I had mostly written everything about it.
But after a few seconds, I realized it's better to read from web pages and help them continue writing.
( original address writer https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html )
I want talk about YAMA
#YAMA #linux #embedded #hardening
YAMA is a LSM ( Linux sub module )
What's Yama:
Yama is a Linux Security Module that collects system-wide DAC security protections
How we can enable it:
This is selectable at build-time with CONFIG_SECURITY_YAMA
Options:
0 - classic ptrace permissions
1 - restricted ptrace
2 - admin-only attach
3 - no attach
First off, I thought I had mostly written everything about it.
But after a few seconds, I realized it's better to read from web pages and help them continue writing.
( original address writer https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html )
why we must always check base toolchain target device
and why we must always write Documention
As a developer, we always ask ourselves why this doesn't work or why that doesn't have the output I want, but it's better to ask this:
Which part isn't compatible with this path, and why must we continue it? Maybe this path is wrong.
Let me tell you a fun experience. We decided to completely change the workflow for sending Data from a device to a server.
We read many articles and did research to find the best solution. Finally, we decided to use Curl.
We tested it on many devices with different distributions, but when we tested it on the final device, it wouldn't work. However, out of every 150 tries, it worked once 🤣.
I checked so many things, but I forgot to check which base the device was using: uClibc, GLibc, or Musl.
If we had documentation for that final device, we would never have faced any time costs.
::::::we used a static build because we didn't have time to generate a new custom distribution
As developers, we must recognize the importance of documentation and thorough examination of the base toolchain for target devices. These practices not only enhance the quality of our work but also prevent potential issues and additional costs.
#Arm #embedded_Linux #develop #static_build
and why we must always write Documention
As a developer, we always ask ourselves why this doesn't work or why that doesn't have the output I want, but it's better to ask this:
Which part isn't compatible with this path, and why must we continue it? Maybe this path is wrong.
Let me tell you a fun experience. We decided to completely change the workflow for sending Data from a device to a server.
We read many articles and did research to find the best solution. Finally, we decided to use Curl.
We tested it on many devices with different distributions, but when we tested it on the final device, it wouldn't work. However, out of every 150 tries, it worked once 🤣.
I checked so many things, but I forgot to check which base the device was using: uClibc, GLibc, or Musl.
If we had documentation for that final device, we would never have faced any time costs.
::::::we used a static build because we didn't have time to generate a new custom distribution
As developers, we must recognize the importance of documentation and thorough examination of the base toolchain for target devices. These practices not only enhance the quality of our work but also prevent potential issues and additional costs.
#Arm #embedded_Linux #develop #static_build
I always just want to turn off my Brain
But I don't know how.
But I don't know how.
🌚1
I don't know why finding a job is so challenging.
It's not just in this country, but all over the world.
I want to say I don't know what the problem is, but honestly, I do know.
Let me tell you what the problem is:
We are Iranian, and this nationality always seems to face challenges.
It's not just in this country, but all over the world.
I want to say I don't know what the problem is, but honestly, I do know.
Let me tell you what the problem is:
We are Iranian, and this nationality always seems to face challenges.
👾1
A cute experience
I mostly changed many noscripts,
And my device doesn't have a BASH shell, it just has an sh shell.
I read all of them, and I always asked myself,
Why does this noscript work with a shebang bash,
But it doesn't have it?
After many searches, I found out that
If we run it with sh, it ignores the shebang bash and starts with the sh shell.
#embedded_Linux #shell #cute
I mostly changed many noscripts,
And my device doesn't have a BASH shell, it just has an sh shell.
I read all of them, and I always asked myself,
Why does this noscript work with a shebang bash,
But it doesn't have it?
After many searches, I found out that
If we run it with sh, it ignores the shebang bash and starts with the sh shell.
#embedded_Linux #shell #cute
Before judging me, please read this completely.
Open-source software is often rushed.
Let me give an example:
If you try to generate a static build of OpenSSL on an ARM board and connect it to a server service like FTPS, it depends on many factors.
For example, the server and client versions must be the same.
However, even if they are, they still might not work together, and you may need to test multiple builds to find one that finally works.
Because the code is originally designed for x86, but you want to use it on ARM.
Yet developers often claim it's good, works fine, and supports all architectures.
But
SIGH
#embedded #openssl
Open-source software is often rushed.
Let me give an example:
If you try to generate a static build of OpenSSL on an ARM board and connect it to a server service like FTPS, it depends on many factors.
For example, the server and client versions must be the same.
However, even if they are, they still might not work together, and you may need to test multiple builds to find one that finally works.
Because the code is originally designed for x86, but you want to use it on ARM.
Yet developers often claim it's good, works fine, and supports all architectures.
But
SIGH
#embedded #openssl
بهترین های لینوکس سابق
I always just want to turn off my Brain But I don't know how.
Finally, I found it.
I just have to say:
Shut up, my dear brain!😄
I just have to say:
Shut up, my dear brain!😄
🥰1
Very sad news
Creator: community-noscripts/ProxmoxVE
Died
https://github.com/community-noscripts/ProxmoxVE/discussions/237
Creator: community-noscripts/ProxmoxVE
Died
https://github.com/community-noscripts/ProxmoxVE/discussions/237
GitHub
Update · community-noscripts ProxmoxVE · Discussion #237
Good afternoon! I am tteckster's wife. I don't have a clue if anyone will even see this because I'm not the computer savvy person that my husband was, but I wanted to try. I know that h...
👻1