ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > Fedora 40 waxay qorsheyneysaa inay suurtageliso go'doominta adeegga nidaamka

Fedora 40 waxay qorsheyneysaa inay suurtageliso go'doominta adeegga nidaamka

Siidaynta Fedora 40 waxay soo jeedinaysaa awood u yeelashada goobaha go'doominta ee adeegyada nidaamka habaysan ee si toos ah u shaqeeya, iyo sidoo kale adeegyada leh codsiyada muhiimka ah sida PostgreSQL, Apache httpd, Nginx, iyo MariaDB. Waxaa la filayaa in isbeddelku uu si weyn u kordhin doono amniga qaybinta qaabeynta caadiga ah waxayna suurtogal ka dhigi doontaa in la xannibo dayacanka aan la garanayn ee adeegyada nidaamka. Soo jeedinta weli lama tixgelin FEsco (Guddiga Hogaaminta Injineerinka Fedora), kaas oo mas'uul ka ah qaybta farsamada ee horumarinta qaybinta Fedora. Soo jeedin sidoo kale waa la diidi karaa inta lagu jiro nidaamka dib u eegista bulshada.

Dejinta lagu taliyay in la awood siiyo:

  • PrivateTmp=haa - bixinta hageyaal gaar ah oo wata faylal ku meel gaar ah.
  • ProtectSystem = haa/buuxa/ adag - Ku dheji nidaamka faylka qaab-akhris-kaliya (qaabka β€œbuuxa” - / iwm/, qaab adag - dhammaan nidaamyada faylka marka laga reebo / dev/, /proc/ iyo / sys/).
  • ProtectHome=haa β€” diido gelitaanka hagayaasha guriga isticmaalaha.
  • PrivateDevices=haa - ka tagitaanka gelitaanka kaliya /dev/null, /dev/eber iyo /dev/ random
  • ProtectKernelTunables=haa - akhri-kaliya gelitaanka /proc/sys/, /sys/, /proc/acpi, /proc/fs, /proc/irq, iwm.
  • ProtectKernelModules=haa - Mamnuuc rarida unugyada kernel-ka.
  • ProtectKernelLogs=haa - waxa ay mamnuucday gelitaanka kaydka kaydka kaydka
  • ProtectControlGroups=haa - akhri-kaliya gelitaanka /sys/fs/cgroup/
  • NoNewPrivileges=haa - mamnuucida sare u qaadida mudnaanta iyada oo loo marayo calannada setuid, setgid iyo awoodaha.
  • Shabakadda Gaarka ah=haa - meelaynta meel magac gaar ah oo ka mid ah xidhmada shabakada
  • ProtectClock=haa β€” mamnuuc in wakhtiga la beddelo.
  • ProtectHostname=haa - waxay mamnuucday beddelka magaca martida loo yahay.
  • ProtectProc=aan la arki karin - qarinta hababka dadka kale gudaha /proc.
  • Isticmaale= - beddel isticmaale

Intaa waxaa dheer, waxaa laga yaabaa inaad tixgeliso inaad awood u yeelato dejinta soo socota:

  • CapabilityBoundingSet=
  • DevicePolicy=waa xiran
  • KeyringMode=gaar ah
  • LockPersonality=haa
  • MemoryDenyWriteExecute=haa
  • Isticmaalayaasha gaarka ah=haa
  • RemoveIPC=haa
  • RestrictAddressFamilies=
  • RestrictNamespaces=haa
  • RestrictRealtime=haa
  • RestrictSUIDSGID=haa
  • SystemCallFilter=
  • SystemCallArchitectures=dhalad

Source: opennet.ru

Add a comment