Skip to main content

systemd service hardening

  /usr/bin/systemd-analyze security
UNIT                                 EXPOSURE PREDICATE HAPPY
alsa-state.service                        9.6 UNSAFE    😨
dbus.service                              9.6 UNSAFE    😨
emergency.service                         9.5 UNSAFE    😨
[email protected]                        9.6 UNSAFE    😨
iwd.service                               6.0 MEDIUM    😐
lynis.service                             9.6 UNSAFE    😨
polkit.service                            9.6 UNSAFE    😨
rc-local.service                          9.6 UNSAFE    😨
rescue.service                            9.5 UNSAFE    😨
systemd-ask-password-console.service      9.4 UNSAFE    😨
systemd-ask-password-wall.service         9.4 UNSAFE    😨
systemd-fsckd.service                     9.5 UNSAFE    😨
systemd-initctl.service                   9.4 UNSAFE    😨
systemd-journald.service                  4.3 OK        🙂
systemd-logind.service                    2.8 OK        🙂
systemd-networkd.service                  2.6 OK        🙂
systemd-resolved.service                  2.1 OK        🙂
systemd-rfkill.service                    9.4 UNSAFE    😨
systemd-udevd.service                     7.1 MEDIUM    😐
[email protected]                         9.4 UNSAFE    😨

systemctl list-unit-files --state=enabled
UNIT FILE                STATE   PRESET 
e2scrub_reap.service enabled enabled
[email protected] enabled enabled
iwd.service enabled enabled
systemd-pstore.service enabled enabled
systemd-resolved.service enabled enabled enabled enabled
apt-daily-upgrade.timer enabled enabled
apt-daily.timer enabled enabled
dpkg-db-backup.timer enabled enabled
e2scrub_all.timer enabled enabled
fstrim.timer enabled enabled
lynis.timer enabled enabled
man-db.timer enabled enabled 

/usr/bin/systemd-analyze security  alsa-state.service 



Usb device toggle

lsusb -t
assign 'bus-port.Dev' number  
echo '2-1.1' > /sys/bus/usb/drivers/usb/unbind
to unload usb module
ls /lib/modules/`uname -r`/kernel/drivers/usb/storage 
# lsmod | grep -i usb-storage
modprobe -r uas
modprobe -r usb-storage
# modinfo usb-storage

# lsscsi -H
 vi /etc/modprobe.d/blacklist.conf
blacklist usb-storage
sudo vi /etc/modprobe.d/fake_usb.conf
Install usb - storage / bin / true
blacklist firewire
 nano /etc/modprobe.d/blacklist-firewire.conf
blacklist ohci1394
blacklist sbp2
blacklist dv1394
blacklist raw1394
blacklist video1394
#blacklist firewire-ohci
#blacklist firewire-sbp2
 cat /etc/login.defs 
UMASK           077

blacklist uncommon modules


Popular posts from this blog

sxhkd volume andbrightness config for dwm on void

xbps-install  sxhkd ------------ mkdir .config/sxhkd cd .config/sxhkd nano/vim sxhkdrc -------------------------------- XF86AudioRaiseVolume         amixer -c 1 -- sset Master 2db+ XF86AudioLowerVolume         amixer -c 1 -- sset Master 2db- XF86AudioMute         amixer -c 1 -- sset Master toggle alt + shift + Escape         pkill -USR1 -x sxhkd XF86MonBrightnessUp          xbacklight -inc 20 XF86MonBrightnessDown          xbacklight -dec 20 ------------------------------------------------------------- amixer -c card_no -- sset Interface volume run alsamixer to find card no and interface names xbps-install -S git git clone xbps-install -S base-devel libX11-devel libXft-devel libXinerama-devel  vim # FREETYPEINC = ${X11INC}/freetype2 #comment for non-bsd make clean install   cp config.def.h config.h vim config.h xbps-install -S font-symbola #for emoji on statusbar support     void audio config xbps-i

Hidden Wiki

Welcome to The Hidden Wiki New hidden wiki url 2015 http://zqktlwi4fecvo6ri.onion Add it to bookmarks and spread it!!! Editor's picks Bored? Pick a random page from the article index and replace one of these slots with it. The Matrix - Very nice to read. How to Exit the Matrix - Learn how to Protect yourself and your rights, online and off. Verifying PGP signatures - A short and simple how-to guide. In Praise Of Hawala - Anonymous informal value transfer system. Volunteer Here are five different things that you can help us out with. Plunder other hidden service lists for links and place them here! File the SnapBBSIndex links wherever they go. Set external links to HTTPS where available, good certificate, and same content. Care to start recording onionland's history? Check out Onionland's Museum Perform Dead Services Duties. Introduction Points - Clearnet search engine for Tor Hidden Services (allows you

download office 2021 and activate

get office from here open powershell as admin (win+x and a ) type cmd  goto insall dir 1.         cd /d %ProgramFiles(x86)%\Microsoft Office\Office16 2.           cd /d %ProgramFiles%\Microsoft Office\Office16 try 1 or 2 depending on installation  install volume license  for /f %x in ('dir /b ..\root\Licenses16\ProPlus2021VL_KMS*.xrm-ms') do cscript ospp.vbs /inslic:"..\root\Licenses16\%x" activate using kms cscript ospp.vbs /setprt:1688 cscript ospp.vbs /unpkey:6F7TH >nul cscript ospp.vbs /inpkey:FXYTK-NJJ8C-GB6DW-3DYQT-6F7TH cscript ospp.vbs / cscript ospp.vbs /act Automatic script (windefender may block it) ------------------------------------------------------------------------------------------------------------------- @echo off title Activate Microsoft Office 2021 (ALL versions) for FREE - =====================================================================================&