70 lines
1.2 KiB
Markdown
70 lines
1.2 KiB
Markdown
# Objectives
|
|
|
|
1. To have a secure, private workstation with protection from:
|
|
1. accidental deletion
|
|
2. loss
|
|
3. theft
|
|
4. remote attacks
|
|
5. software exploits
|
|
6. malware
|
|
|
|
2. To have a secure gaming machine with emphasis on performance
|
|
|
|
3. To have a secure, private storage server with protection from:
|
|
1. accidental deletion
|
|
2. theft
|
|
3. remote attacks
|
|
4. software exploits
|
|
5. malware
|
|
|
|
4. To have a secure, private hosting solution with emphasis on:
|
|
1. reliability
|
|
2. ease-of-backup
|
|
3. ease-of-restore
|
|
|
|
## Workstation
|
|
|
|
<https://wiki.archlinux.org/title/security>
|
|
|
|
It will use Arch linux.
|
|
|
|
It must support podman and qemu/kvm.
|
|
|
|
It will use the standard linux kernel.
|
|
|
|
1. accidental deletion
|
|
|
|
- BTRFS with snapshots
|
|
|
|
2. loss
|
|
|
|
- BTRFS with backups
|
|
|
|
3. theft
|
|
|
|
- luks encryption with tpm2 decryption + secure boot
|
|
|
|
4. remote attacks
|
|
|
|
- UFW firewall
|
|
|
|
5. software exploits
|
|
|
|
- apparmor with custom profiles
|
|
|
|
6. malware
|
|
|
|
- ClamAV with periodic scans
|
|
|
|
## Gaming
|
|
|
|
Arch will be used as the starting point with the default linux kernel.
|
|
|
|
## Storage
|
|
|
|
Truenas will handle storage with encrypted partitions.
|
|
|
|
## Hosting
|
|
|
|
K3S installed on Arch will be the hosting solution starting point.
|