Skip to main content

Posts

Showing posts from August, 2022

analyze security

systemd-analyze security    /usr/bin/systemd-analyze security    https://www.scip.ch/en/?labs.20200611 https://www.opensourcerers.org/2022/04/25/optimizing-a-systemd-service-for-security/   https://www.ctrl.blog/entry/systemd-service-hardening.html strace -e trace=%file program   disable core dump nano /etc/security/limits.conf * hard core 0      # echo 'fs.suid_dumpable = 0' >> /etc/sysctl.conf   # sysctl -p   # echo 'ulimit -S -c 0 > /dev/null 2>&1' >> /etc/profile  default umask # nano /etc/profile umask 027 Usb device toggle lsusb   lsusb -t assign 'bus-port.Dev' number   echo '2-1.1' > /sys/bus/usb/drivers/usb/unbind   to unload usb module ls /lib/modules/`uname -r`/kernel/drivers/usb/storage  # lsmod | grep -i usb-storage modprobe -r uas modprobe -r usb-storage # modinfo usb-storage # lsscsi -H       vi /etc/modprobe.d/blacklist.conf blacklist usb-storage     sudo vi /etc/modprobe.d/fake_usb.conf Install usb - storage

bluetooth obex

  sudo   ln -fs /usr/lib/systemd/user/obex.service /usr/lib/systemd/user/dbus-org.bluez.obex.service   https://github.com/archlinux/svntogit-packages/blob/packages/bluez/trunk/PKGBUILD # fix obex file transfer - https://bugs.archlinux.org/task/45816   manually   /usr/lib/bluetooth/obexd