aryan-gupta/security-audit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
security-audit/notes/main.md
Aryan Gupta 04729272cd expand scope of project
2025-12-03 21:57:32 -05:00

1.5 KiB
Raw Permalink Blame History

manual install base

pacstrap: pacstrap -K /mnt base base-devel linux-lts linux-firmware iwd vim e2fsprogs openssh git efibootmgr linux-lts-headers wpa_supplicant zsh command: find /mnt -print0 | xargs -0 sha256sum | tee base-image.sha256sum

  • issues faced
    • /etc/kernel/cmdline:rd.luks.name=UUID=name -- BOOT ERROR -- UUID is of superblock not LUKS container, should be correct in ansible
    • efibootmgr * --loader "PATH" -- PATH INVALID ERROR -- PATH doesnt require mount name, oops, should be correct in ansible history:
  • me, a data horder? psshhh, nahhh

manual install compare-to

  • issues faced
    • forgot to add user to sudoers, should be correct in ansible
  • post gui (gnome + firefox)
    • bitwarden
    • gnome dark mode

ansible install compare-three

secrets

- bitwarden
    - [x] complex password
    - [ ] fingerprint / biometric phone login (==GOOGLE== make enough money for GrapheneOS)
    - [ ] email (==GOOGLE EDUCATION -- UNCC email== this will be pain, make enough money for ProtonMail)
- gpg git repo
    - encrypted using GPG key, commited into private git repo
- ansible_vault
    - double check that default password file I created wasnt accidentally commited anywhere
    - use gitBFG

secureboot

- OEM Micro$oft leaked (lol) keys
    - hashes:
- personal key
    - fingerprint:

luks / dm-crypt

- password
- backup encryption keyfile

GPG key package signing

other

  • nebula
  • pia_vpn
Reference in New Issue View Git Blame Copy Permalink