An shirya taron ayyuka , dangane da nau'in 32-bit na Slackware-Current kuma an tura shi tare da 32- da 64-bit bambance-bambancen na Linux 4.19 kernel. Girman 800 MB.
Main , idan aka kwatanta da ainihin Slackware:
- Shigarwa a kan sassan 4 "/", "/boot", "/var" da "/ gida". An ɗora sassan "/" da "/boot" a cikin yanayin karantawa kawai, kuma "/ gida" da "/ var" an saka su a cikin yanayin noexec;
- Kernel patch CONFIG_SETCAP. Tsarin saiti na iya kashe ƙayyadaddun ikon tsarin ko ba su damar duk masu amfani. Babban mai amfani ne ya daidaita tsarin a yayin da tsarin ke gudana ta hanyar sysctl interface ko /proc/sys/setcap fayiloli kuma ana iya daskare shi daga yin canje-canje har zuwa sake kunnawa na gaba.
A cikin yanayin al'ada, CAP_CHOWN(0), CAP_DAC_OVERRIDE(1), CAP_DAC_READ_SEARCH(2), CAP_FOWNER(3) da 21(CAP_SYS_ADMIN) ba a kashe su a cikin tsarin. Ana mayar da tsarin zuwa matsayinsa na yau da kullun ta amfani da umarnin tinyware-beforeadmin (hawa da iyawa). Dangane da tsarin, zaku iya haɓaka kayan doki masu tsaro. - Babban facin PROC_RESTRICT_ACCESS. Wannan zaɓi yana iyakance samun dama ga kundayen adireshi / proc/pid a cikin /proc tsarin fayil daga 555 zuwa 750, yayin da ƙungiyar duk kundayen adireshi aka sanya tushen. Saboda haka, masu amfani suna ganin tsarin su kawai tare da umarnin "ps". Tushen har yanzu yana ganin duk matakai a cikin tsarin.
- CONFIG_FS_ADVANCED_CHOWN kernel patch don bawa masu amfani da su damar canza ikon mallakar fayiloli da kundin adireshi a cikin kundin adireshi.
- Wasu canje-canje zuwa saitunan tsoho (misali UMASK saita zuwa 077).
source: budenet.ru