Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
358e4226f1
security-misc/debian/security-misc.maintscript

43 lines
1.8 KiB
Plaintext
Raw Normal View History

Update copyright
2023-03-30 02:08:47 -04:00
## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
rm_conffile /etc/sudoers.d/umask-security-misc
2019-09-06 09:00:20 -04:00
## See the file COPYING for copying conditions.
rm_conffile /etc/sudoers.d/umask-security-misc
allow loading unsigned modules due to issues https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
2019-09-07 01:39:56 -04:00
## https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
rm_conffile /etc/default/grub.d/40_only_allow_signed_modules.cfg
undo SysRq restrictions https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079
2019-09-10 12:35:42 -04:00
## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079
rm_conffile /etc/sysctl.d/sysrq.conf
rm_conffile /etc/apparmor.d/usr.lib.security-misc.pam_tally2-info rm_conffile /etc/apparmor.d/usr.lib.security-misc.permission-lockdown https://github.com/Whonix/security-misc/pull/45
2019-12-21 06:58:01 -05:00
## https://github.com/Whonix/security-misc/pull/45
rm_conffile /etc/apparmor.d/usr.lib.security-misc.pam_tally2-info
rm_conffile /etc/apparmor.d/usr.lib.security-misc.permission-lockdown
merge the many sysctl config files into 1 and use a name starting with double digits to make it easier to disable settings using a lexically higher config file
2020-01-24 04:26:36 -05:00
comment
2020-01-24 04:40:03 -05:00
## merged into 1 file /etc/sysctl.d/30_security-misc.conf
merge the many sysctl config files into 1 and use a name starting with double digits to make it easier to disable settings using a lexically higher config file
2020-01-24 04:26:36 -05:00
rm_conffile /etc/sysctl.d/fs_protected.conf
rm_conffile /etc/sysctl.d/kptr_restrict.conf
rm_conffile /etc/sysctl.d/suid_dumpable.conf
rm_conffile /etc/sysctl.d/harden_bpf.conf
rm_conffile /etc/sysctl.d/ptrace_scope.conf
rm_conffile /etc/sysctl.d/tcp_timestamps.conf
rm_conffile /etc/sysctl.d/mmap_aslr.conf
rm_conffile /etc/sysctl.d/dmesg_restrict.conf
rm_conffile /etc/sysctl.d/coredumps.conf
rm_conffile /etc/sysctl.d/kexec.conf
rm_conffile /etc/sysctl.d/tcp_hardening.conf
rm_conffile /etc/sysctl.d/tcp_sack.conf
merge the many modprobe.d config files into 1 and use a name starting with double digits to make it easier to disable settings using a lexically higher config file
2020-01-24 04:30:36 -05:00
comment
2020-01-24 04:40:03 -05:00
## merged into 1 file /etc/modprobe.d/30_security-misc.conf
merge the many modprobe.d config files into 1 and use a name starting with double digits to make it easier to disable settings using a lexically higher config file
2020-01-24 04:30:36 -05:00
rm_conffile /etc/modprobe.d/uncommon-network-protocols.conf
rm_conffile /etc/modprobe.d/blacklist-bluetooth.conf
rm_conffile /etc/modprobe.d/vivid.conf
rm_conffile /etc/modprobe.d/blacklist-dma.conf
rm_conffile /etc/modprobe.d/msr.conf
rm_conffile /etc/modprobe.d/30_nf_conntrack_helper_disable.conf
add digits to drop-in file names
2020-01-24 04:39:06 -05:00
## renamed to /etc/security/limits.d/30_security-misc.conf
rm_conffile /etc/security/limits.d/disable-coredumps.conf
migrate to ram-wipe package
2023-01-09 06:23:00 -05:00
## moved to separate package ram-wipe
fix
2023-01-09 07:05:06 -05:00
rm_conffile /etc/default/grub.d/40_cold_boot_attack_defense.cfg
Reference in New Issue Copy Permalink