diff --git a/examples/secure-terminals.txt b/examples/secure-terminals.txt
index 95e9b60..46d2c76 100644
--- a/examples/secure-terminals.txt
+++ b/examples/secure-terminals.txt
@@ -126,7 +126,10 @@ Chrome:
Right-click on the "login" keyring
Select "Change password"
Enter your old password and leave the new password blank
- Press ok
+ Press ok
+ You may want to remove Password and Keys from the menu,
+ E.g. see https://wiki.lxde.org/en/Main_Menu if using lxde:
+ - sudo mv seahorse.desktop /root; lxpanelctl restart
3. run keepass2;
create new password database in ~/keepass
@@ -137,15 +140,20 @@ Chrome:
sudo chown -R root:root ~/keepass
sudo chmod -R 0400 ~/keepass (change to 0600 if you want to change password, then back to 0400 when done)
-4. SECURITY - The easiest ways to learn about which policies can be modified are simply to unclick them in
- Tools -> Options -> Policy, and then look at the additions to in /usr/lib/keepass2/KeePass.config.xml
- after exiting the program; security changes don't apply until restarting the program. These policies can be added between
- in KeePass.config.enforced.xml. Independently of using KeePass.config.enforced.xml, the key database could be looked at,
- however, the owner (root), 0400 permissions, and KeePass.config.enforced.xml prevent the database from being copied anywhere,
- and the key file would be required as well to gain access. Secret tools only provides a low-level layer of security
- with a master password passed by stdin, and is optional (and maybe a liability on a public computer). Keepass has auditing capability
+4. SECURITY - The easiest ways to learn about the name of policies which can be disabled are simply
+ to unclick them in Tools -> Options -> Policy, and then look at the additions to in
+ /usr/lib/keepass2/KeePass.config.xml after exiting the program; security changes don't apply
+ until restarting the program. Caveat, make sure that the xml is properly formed.
+ These policies can be added between in KeePass.config.enforced.xml. Independently of
+ using KeePass.config.enforced.xml, the key database could be looked at, however,
+ the owner (root), 0400 permissions, and KeePass.config.enforced.xml prevent the database
+ from being copied anywhere, and the key file would be required as well to gain access.
+
+ Secret tools only provides a low-level layer of security with a master password passed by stdin,
+ and is optional (and may be a liability on a public computer). Keepass has auditing capability
via triggers, see https://keepass.info/help/kb/trigger_examples.html#audit, if your want to monitor events.
- It should be noted that keepassxc does not provide the rich set of policies that keepass does, which rules out this newer program.
+ It should be noted that keepassxc does not provide the rich set of policies that keepass does,
+ which rules out this newer program.
cd /usr/lib/keepass2; \
sudo touch KeePass.config.enforced.xml