Is there some sort of comprehensive guide on hardening RHEL clones like Alma and Rocky?
I have read Madaidan’s blog, and I plan to go through CIS policies, Alma and Rocky documentation and other general stuff like KSPP, musl, LibreSSL, hardened_malloc etc.
But I feel like this is not enough and I will likely face problems that I cannot solve. Instead of trying to reinvent the wheel by myself, I thought I’d ask if anyone has done this before so I can use their guide as a baseline. Maybe there’s a community guide on hardening either of these two? I’d contribute to its maintenance if there is one.
Thanks.
Is desktop linux more insecure than Windows? I know it’s less targeted, bit is it technically more insecure? Are secureblue and grapheneos more secure than a hardened OSX / Windows?
This is an impossible question to answer without more information. Depends on your threat model, how you use the computer, your distro, etc.
In which threat models are Windows & OSX more secure than Linux?
A threat model in which you don’t trust the Linux Foundation and volunteers but do trust Microsoft.
Its all about what you want to protect. If a security breach is worse for you on Linux than it is on Windows because of which party has the data, then for you, Windows might be more secure.
Some people get confused because they think there is some objective measurable security rating one can apply to a system for every person. There isn’t. We may use the same systems but have different threat models and thus rate the security different.