User:Pursuable1652: Difference between revisions
mNo edit summary |
mNo edit summary |
||
| Line 10: | Line 10: | ||
The guides still apply to both server and desktop, but desktop has a bigger attack surface usually, because an app ecosystem must be incorporated with security as its designed (compared to server which could just be dockerized + gvisored or virtualized). | The guides still apply to both server and desktop, but desktop has a bigger attack surface usually, because an app ecosystem must be incorporated with security as its designed (compared to server which could just be dockerized + gvisored or virtualized). | ||
Desktop may have a more harder way of controlling the security of software, since you need the support of an app ecosystem already working on a predefined-security focused platform, so not all apps are just running without a sandbox/vm. | Desktop may have a more harder way of controlling the security of software, since you need the support of an app ecosystem already working on a predefined-security focused platform, so not all apps are just running without a sandbox/vm (ideally without a VM or maybe just one, because of performance loss). | ||
Revision as of 17:17, 11 December 2024
Hello, I'm Pursuable1652 and I helped make these wiki pages:
- https://wiki.alpinelinux.org/wiki/Hardened_linux
- https://wiki.alpinelinux.org/wiki/DM-verity
- https://wiki.alpinelinux.org/wiki/Silent_boot
- https://wiki.alpinelinux.org/wiki/Hardened_malloc
My main goal is to secure linux more, better (and very different) than traditional linux distros. My guide is more suited to a server use-case, rather than desktop.
The guides still apply to both server and desktop, but desktop has a bigger attack surface usually, because an app ecosystem must be incorporated with security as its designed (compared to server which could just be dockerized + gvisored or virtualized).
Desktop may have a more harder way of controlling the security of software, since you need the support of an app ecosystem already working on a predefined-security focused platform, so not all apps are just running without a sandbox/vm (ideally without a VM or maybe just one, because of performance loss).