This article provides an overview of Linux hardening recommendations that I thought would be useful to Whonix devs, in case some recommendations are not yet implemented:
2 Likes
I don’t see anything actionable except for automounter disabling in GNOME.
The page refers to Kicksecure, Whonix several times.
Btw I posted an enhancement request for the website:
2 Likes
Note that the one reason there aren’t many actionable items is that substantial amounts of the kernel hardening section was written by me in this PR.
Patrick and I had already applied these recommendations to Whonix many months before I created the PR at Privsec.
2 Likes