1. OK, so:
- Linux Hardening Guide | Madaidan's Insecurities is done (full page awaiting publication)
- Linux Hardening Guide | Madaidan's Insecurities is done (ripped off bits and pieces for AppArmor entry etc.)
So that leads us to Chapter 4 Sandboxing:
I think we should create a standalone page (full licensing) for this one, but with a focus on systemd sandboxing. The other stuff can be for the introduction i.e. sandbox escapes etc.
We can also reference your addition to the security hardening checklist: ~krathalan/systemd-sandboxing - sourcehut git
Does this apply to both Whonix VMs and host, or just the host? (I presume it applies to Whonix also.)
If you agree, I’ll go ahead and create and populate that page.
This section is very confusing:
Users have to do all this then attempt to install GNUnet? Or the other way around? It needs a basic explanation upfront why this (chroot) is required (or not if optional and they want to take the risk).
What about if I want to run the latest version from the GNUnet website, see:
Once I know, we can add instructions for always downloading and verifying the latest versions from here (14.1 at the time of writing):
With this key:
So we should show instructions for these as the example:
I also presume all of this is happening in Whonix-WS, and just the installation steps in Whonix-WS-15 template VM in Qubes-Whonix (obviously we’d recommend a separate template and AppVM for this purpose).