Installing Astra Linux Common Edition in a VM. The installer seems based on the usual old Debian installer (DI). A new screen shows various options. All disabled by default. Possible to opt-in.
- Use hardened kernel.
- Enable console lock.
- Enable interpreter locks.
- Enable ufw firewall.
- Enable system limits.
- Disable ptrace capability.
- Disable non-execution bit setup. [skip]
- Enable password entry for sudo.
- System clock is set to local time.
- Enable autologin X session. [skip]
- Disable automatic network configuration. [skip]
- Install 32-bit bootloader. [skip]
[skip] meaning I will skip those.
- Disable non-execution bit setup. [skip]
I don’t know if this should be checked for better security.
I see it in source code here:
https://gitlab.boincfast.ru/Kekkonen/autoinstall-astra/blob/de73879efc221dafc28b417ded5c6ce659c336d1/roles/preseed/vars/main.yml#L66
But that repository https://gitlab.boincfast.ru/Kekkonen/autoinstall-astra may be third-party / extra just for auto installation.
- System clock is set to local time.
What would it be set to otherwise?