I just found out about the brace toolkit. Has anyone here tried it? How did it work for you? Should PrivacyGuides mention it in an advanced section like Arkenfox?
Looking at the repo I’m not sure of how the installation process works, if I can skip certain modifications, etc. I’m currently on Fedora 40 and have implemented various security tweaks I’d like to keep for usability, for example. But it looks really interesting, so I wanted to ask the community.
One of our fellow forum members @SkewedZeppelin maintains Brace. I haven’t personally used it, but it looks interesting, and I’ve been meaning to at least try it out in a VM.
no, brace is purely configurations, but I offer an unofficial optimized hardened_malloc package too, linked above
both it and my packaged firejail include workarounds to make it easy to use systemwide.
So are users able to install specific configuration scripts from the contents section of the readme? Sorry for the basic questions, but I couldn’t find a wiki or installation process anywhere
sudo dnf install https://divested.dev/rpm/fedora/divested-release-20240607-1.noarch.rpm
sudo dnf install brace
#the next steps are optional but recommended
sudo brace-enable-rpmfusion #if you want foss but patent encumbered codecs
sudo dnf swap mesa-va-drivers mesa-va-drivers-freeworld --allowerasing #to fix hardware video acceleration
sudo brace-installer #to install recommended programs
sudo brace-supplemental-changes #for additional global changes
brace-supplemental-changes #for additional user changes
sudo dnf install firejail hardened_malloc && sudo firecfg #for extra security
sudo brace-enable-fapolicyd #to enable application allowlisting and binary verification
note adding the repo automatically pulls in real-ucode
the list of packages divested-release can provide is also hardcoded to prevent any other replacements
you can then run brace-audit to verify it is running