noah/videopc-infra: an IaC solution for seamless projector control in production environments

an IaC solution for seamless projector control in production environments

Noah Vogt a1b04e4df1 add scripts to enable and disable hid modules		1 年間前
dot-config	b4b41812eb replace kitty with foot	1 年間前
local-bin	7e4d27ac4d replace mpv config with cmdline args + lower mpv sleep to 0.1 sec + add root autologin before stage2 + remove hardcoded /dev/sda2 + use linux-hardened kernel pkg	1 年間前
LICENSE	2017c36f62 clean history commit	1 年間前
README.md	4df57cabf8 add security considerations + remove unused code made for hid interaction	1 年間前
apply-dotfiles	ac46dc345d migrate dotfiles here	1 年間前
chroot.sh	a1d02e5df5 remove error testing	1 年間前
disable-hid	a1b04e4df1 add scripts to enable and disable hid modules	1 年間前
enable-hid	a1b04e4df1 add scripts to enable and disable hid modules	1 年間前
stage1.sh	44b00f4edc remove a mkinitcpio -P cmd + revert back to linux pkg + test out chroot.sh error_exit	1 年間前
stage2.sh	b4b41812eb replace kitty with foot	1 年間前

		
				README.md
			
				Security Considerations

boot security

add BIOS password
use motherboard with TPM2.0 and BIOS password not stored in volatile memory
use secure boot
use full disk encryption with TPM keys
disable unneeded device ports in BIOS
prevent user input

blacklist all HID modules

usb
serial decies /dev/tty* (or more fine-grained) using a udev rule
disable unneeded device ports in software
prevent leakage through network

use https

use a self-signed certificate as to not worry about expiration
use firewall to block all ports except the two needed
vulnerabilty exploits

reduce software stack
apply some hardening
add update schedule