From 55cedcc3a9bd24b4f635b35913b44f4c87cc3ff9 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Wed, 3 Mar 2021 12:15:58 -0500
Subject: [PATCH] docs

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index d99a238..252331c 100644
--- a/README.md
+++ b/README.md
@@ -518,6 +518,7 @@ See the [Mistborn Network Security](https://gitlab.com/cyber5k/mistborn/-/wikis/
 - The generated TLS certificate has an RSA modulus of 4096 bits, is signed with SHA-256, and is good for 397 days. The certificate is checked daily and will regenerate when expiration is within 30 days.
 - Outbound UDP on port 53 is blocked. All DNS requests should be handled by the dnscrypt_proxy service and if any client, service, etc. tries to circumvent that it is blocked.
 - Unattended upgrades are set to automatically install operating system security updates.
+- Ownership of mistborn files is set to the system mistborn user and access to environment variables is disabled for users other than the owner.
 
 # Roadmap (not necessarily in order)
 Many features and refinements are in the works at various stages including: