it looks ok upon a cursory skim, well documented too
Why are all hardening guides like this? Seems the end goal is to find every security knob, whether relevant or not, and crunk it to level 11.
Scarce information if any on what the knobs actually do and what they protect against. Zero mention about actual firmware protections like secure boot which have a much greater impact on thwarting malware.
Even funnier when you consider 100% of such guides would never have stopped something like the xz backdoor.
Harden guides need a different, more practical approach.
Zero mention about actual firmware protections like secure boot which have a much greater impact on thwarting malware.
You are the one supposed turning on Secureboot, right?
How do you suggest stopping a backdoor like xz?
I actually do use it. Wouldn’t have brought that up if I didn’t.
Exactly my point!
Because that is the fundamental limit of what you can achieve without serious change to modern Linux distros or recompiling the entirety of them.
So crank everything up and hope for the best. It is a sad state.