add objectives, podman, clamav, and other fixes

2023-08-24 01:08:14 -04:00
parent 5dca511841
commit 9b206f3a23
2 changed files with 106 additions and 21 deletions
--- a/objectives.md
+++ b/objectives.md
@@ -0,0 +1,69 @@
+# Objectives
+
+1. To have a secure, private workstation with protection from:
+   1. accidental deletion
+   2. loss
+   3. theft
+   4. remote attacks
+   5. software exploits
+   6. malware
+
+2. To have a secure gaming machine with emphasis on performance
+
+3. To have a secure, private storage server with protection from:
+   1. accidental deletion
+   2. theft
+   3. remote attacks
+   4. software exploits
+   5. malware
+
+4. To have a secure, private hosting solution with emphasis on:
+   1. reliability
+   2. ease-of-backup
+   3. ease-of-restore
+
+## Workstation
+
+<https://wiki.archlinux.org/title/security>
+
+It will use Arch linux.
+
+It must support podman and qemu/kvm.
+
+It will use the standard linux kernel.
+
+1. accidental deletion
+
+    - BTRFS with snapshots
+
+2. loss
+
+    - BTRFS with backups
+
+3. theft
+
+    - luks encryption with tpm2 decryption + secure boot
+
+4. remote attacks
+
+    - UFW firewall
+
+5. software exploits
+
+    - apparmor with custom profiles
+
+6. malware
+
+    - ClamAV with periodic scans
+
+## Gaming
+
+Arch will be used as the starting point with the default linux kernel.
+
+## Storage
+
+Truenas will handle storage with encrypted partitions.
+
+## Hosting
+
+K3S installed on Arch will be the hosting solution starting point.