Qhov project sib dhos tau npaj , raws li 32-ntsis version ntawm Slackware-Tam sim no thiab xa nrog 32- thiab 64-ntsis variants ntawm Linux 4.19 kernel. Loj 800 MB.
ntsiab , piv rau thawj Slackware:
- Kev teeb tsa ntawm 4 partitions "/", "/boot", "/var" thiab "/home". Cov "/" thiab "/ khau raj" partitions yog mounted nyob rau hauv hom nyeem nkaus xwb, thiab "/home" thiab "/var" yog mounted nyob rau hauv noexec hom;
- Kernel thaj CONFIG_SETCAP. Lub setcap module tuaj yeem lov tes taw kev muaj peev xwm ua haujlwm lossis pab txhawb rau txhua tus neeg siv. Lub module tau teeb tsa los ntawm tus superuser thaum lub kaw lus tab tom khiav los ntawm sysctl interface lossis / proc / sys / setcap cov ntaub ntawv thiab tuaj yeem khov los ntawm kev hloov pauv kom txog thaum rov pib dua tom ntej.
Hauv hom qub, CAP_CHOWN(0), CAP_DAC_OVERRIDE(1), CAP_DAC_READ_SEARCH(2), CAP_FOWNER(3) thiab 21(CAP_SYS_ADMIN) yog neeg xiam nyob rau hauv lub kaw lus. Lub kaw lus rov qab mus rau nws lub xeev ib txwm siv cov lus txib me me-beforreadmin (mounting thiab muaj peev xwm). Raws li lub module, koj tuaj yeem tsim kho qhov ruaj ntseg harness. - Core thaj PROC_RESTRICT_ACCESS. Qhov kev xaiv no txwv tsis pub nkag mus rau /proc/pid directory hauv /proc cov ntaub ntawv los ntawm 555 txog 750, thaum pab pawg ntawm tag nrho cov npe tau muab rau hauv paus. Yog li ntawd, cov neeg siv tsuas pom lawv cov txheej txheem nrog "ps" hais kom ua. Hauv paus tseem pom tag nrho cov txheej txheem hauv qhov system.
- CONFIG_FS_ADVANCED_CHOWN kernel thaj kom tso cai rau cov neeg siv tsis tu ncua hloov cov tswv cuab ntawm cov ntaub ntawv thiab cov npe subdirectories hauv lawv cov npe.
- Qee qhov kev hloov pauv rau qhov chaw pib (xws li UMASK teeb tsa rau 077).
Tau qhov twg los: opennet.ru