NEW -

DCG real-ucode

Actually provides the latest CPU microcode for AMD and Intel

Version: 2025-04-25
Release: 1

updated ucode for amd and intel with that one !

https://github.com/divestedcg/real-ucode/

#divested
#DivestedComputingGroup

#fsf #FUTO #Fedora #alpinelinux #hardening #linuxtech #cybersec #cybersecurity #infosec #foss
#hackernews #opensource #android #skynet #linuxsecurity #ucode #vulnerabilities #vulnerability #freeyourmind

NEW -

DCG rpm-hardened_malloc available

pkgver = 2025/04/04
pkgrel = 1

Release Note = more coverage

Compatibility:
- Fedora 39/40/etc.
- Arch Linux

Hardened allocator designed for modern systems

https://codeberg.org/divested/rpm-hardened_malloc

#divested #DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #hardened_malloc #hardenedmalloc #linuxtech #cybersec #cybersecurity #antivirus #hackernews
#opensource #android #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #hardening #foss #infosec #freeyourmind

NEW -

DCG Brace Build 2025/04/04 - 1

Release Note: Fix bluetooth on F42

Toolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.

Compatibility:
Arch Linux
CentOS 9/Stream
Debian 12
Fedora 39/40/41 (preferred)
openSUSE Tumbleweed

https://codeberg.org/divested/brace

#divested
#DivestedComputingGroup

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #skynet #foss #freeyourmind

NEW -

DCG Domain Blocklist available - last updated 2025/04/01

1688453 - Domains blocked with that build !

Supercharging your content blocker to increase privacy and security.

All available lists:
- uBlockOrigin
- Hosts format & Hosts format with wildcards
- dnsmasq with wildcards

Ready to use lists combined from many permissively licensed sources.

https://divested.dev/pages/dnsbl

#divested #DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus #hackernews
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #foss #freeyourmind

NEW -

D-WRT builds available: 2025-03-26
update to kernel 6.6.84

https://divested.dev/unofficial-openwrt-builds/mvebu-linksys

https://codeberg.org/divested/Divested-WRT

#divested
#DivestedComputingGroup

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus #hackernews
#opensource #android #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #foss #freeyourmind

Submitted my proposal for the @nluug conference in May! It is about #systemd and how to leverage it for improved #LinuxSecurity.

Do you also have something to share about #OpenSource, #OpenStandards or anything related? Submit your proposal: https://cfp.nluug.nl/nluug-voorjaarsconferentie-2025/

If you are a speaker at #FOSDEM or #cfgmgmtcamp, then most likely you are a good match

Any followers using #nixos as a public facing webserver? How do you perform auto-upgrades?

#Linux
#Security
#LinuxSecurity

"Linux Audit:

Linux security and system management blog

Linux Audit is one of the few blogs dedicated to Linux security. We aim for high-quality articles to explain security concepts and how they apply to Linux systems."

https://linux-audit.com/

Another improvement: on the command pages is now a list of tools that are related to the current command.

With this functionality you can find an alternative or a related tool that might just provide you with the right information or perform the task at hand. Also great for discovering additional tools for your #linux toolkit.

Example: https://linux-audit.com/system-administration/commands/capsh/

With #systemd extending the unit settings, I can't stay behind and add them to the blog. Updated list: https://linux-audit.com/systemd/settings/units/

This time the PrivatePIDs setting has been added. It allows a service to run in a separate PID namespace. Yes, including PID 1!

https://linux-audit.com/systemd/settings/units/privatepids/

When I got my hands on a #Linux system running 257, I will definitely be testing that. Shame it can't be added to services with the type of 'forking', but still, it might be useful for those others.

Using #nginx and #systemd on a system is more common nowadays. Did you already check out this #linuxsecurity hardening profile for nginx?

https://linux-audit.com/systemd/hardening-profiles/nginx/

It's a set of parameters that sandbox nginx. The best part of implementing is that you really start to learn what a process does or does not need very quickly. Good for your #linux knowledge

Also interesting, unit settings: https://linux-audit.com/systemd/settings/units/

If you implemented the profile, love to hear how you like it! Anything missing?

where can i know if my hardware is vulnerable to Spectre/Meltdown? if vulnerable, how at risk am i if i don't use software mitigation? #linux #infosec #cybersecurity #linuxsecurity

(EDIT: on #Nixpkgs, there's a package called spectre-meltdown-checker. use that if on #NixOS or using #Nix)

Does anyone have any handy guides for properly locking down a linux server used for hosting? I've been doing an okay job with mine but I think if anyone has a good guide about how to make sure I didn't miss anything, that would be nice!

It's primarily for web hosting, including fedi, and sometimes as a fallback matrix/chat thing. Boosts appreciated!

#linuxSecurity #linuxHelp #serverHosting #serverSecurity

Very very... scary news in #Linuxsecurity

Seems like the at least one of the devs that contributed to #xz in the last 2 years has intentionally placed a backdoor in the package, shipped on almost all Linux distros.

https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/

(seems like this is already blowing up on mstdn)