Misonkhano ikuluikulu yakonzedwa , kutengera mtundu wa 32-bit wa Slackware-Current ndikutumizidwa ndi mitundu 32- ndi 64-bit ya Linux 4.19 kernel. Kukula kukula 800 MB.
waukulu , poyerekeza ndi Slackware yoyambirira:
- Kuyika pa magawo 4 "/", "/ boot", "/ var" ndi "/home". Magawo a "/" ndi "/ boot" amaikidwa mumayendedwe owerengera okha, ndipo "/home" ndi "/ var" amaikidwa mu noexec mode;
- Chigamba cha Kernel CONFIG_SETCAP. Setcap module imatha kuletsa kuthekera kwadongosolo kapena kuwathandiza ogwiritsa ntchito onse. Gawoli limakonzedwa ndi superuser pamene dongosolo likudutsa mu mawonekedwe a sysctl kapena / proc/sys/setcap mafayilo ndipo akhoza kuzizira kuti asasinthe mpaka kuyambiranso kotsatira.
Munthawi yabwinobwino, CAP_CHOWN(0), CAP_DAC_OVERRIDE(1), CAP_DAC_READ_SEARCH(2), CAP_FOWNER(3) ndi 21(CAP_SYS_ADMIN) ndizozimitsidwa mudongosolo. Dongosololi limabwezeredwa m'malo mwake pogwiritsa ntchito lamulo la tinyware-beforereadmin (kukweza ndi kuthekera). Kutengera ndi gawoli, mutha kupanga zomangira zachitetezo. - Chigamba chachikulu PROC_RESTRICT_ACCESS. Izi zimachepetsa mwayi wopeza /proc/pid mu /proc file system kuchokera ku 555 mpaka 750, pomwe gulu la maulalo onse lidapatsidwa mizu. Chifukwa chake, ogwiritsa ntchito amawona njira zawo zokha ndi lamulo la "ps". Root amawonabe njira zonse mudongosolo.
- CONFIG_FS_ADVANCED_CHOWN kernel chigamba chololeza ogwiritsa ntchito nthawi zonse kusintha umwini wa mafayilo ndi ma subdirectories mkati mwaakalozera awo.
- Zosintha zina pazikhazikiko zosasinthika (monga UMASK yokhazikitsidwa kukhala 077).
Source: opennet.ru