diff --git a/COPYING b/COPYING index 2a78337..808999e 100644 --- a/COPYING +++ b/COPYING @@ -1,7 +1,7 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Files: * -Copyright: 2012 - 2023 ENCRYPTED SUPPORT LP +Copyright: 2012 - 2024 ENCRYPTED SUPPORT LP License: AGPL-3+ License: AGPL-3+ diff --git a/README.md b/README.md index e47754f..d5cc076 100644 --- a/README.md +++ b/README.md @@ -52,12 +52,12 @@ configuration file. - TCP timestamps are disabled as it can allow detecting the system time. -- Enforces the logging of martian packets, those with a source address which - is blatantly wrong. - - Set coredump file name based on core_pattern value instead of the default of naming it 'core'. +- Will disable `io_uring` interface for performing asynchronous I/O as it has + historically been a significant attack surface. + ### mmap ASLR - The bits of entropy used for mmap ASLR are maxed out via @@ -89,7 +89,7 @@ Boot parameters are outlined in configuration files located in the - Enables randomisation of the kernel stack offset on syscall entries. -- All mitigations for known CPU vulnerabilities are enabled and SMT is +- Mitigations for known CPU vulnerabilities are enabled and SMT is disabled. - IOMMU is enabled to prevent DMA attacks along with strict enforcement of @@ -169,6 +169,9 @@ surface via the `/etc/modprobe.d/30_security-misc.conf` configuration file. Engine (ME)](https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html) and the OS. +- Disables several kernel modules responsible for GPS such as GNSS (Global + Navigation Satellite System). + - Incorporates much of [Ubuntu's](https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d?h=ubuntu/disco) default blacklist of modules to be blocked from automatically loading. diff --git a/debian/control b/debian/control index 77d5704..4909511 100644 --- a/debian/control +++ b/debian/control @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. Source: security-misc diff --git a/debian/copyright b/debian/copyright index 2a78337..808999e 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,7 +1,7 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Files: * -Copyright: 2012 - 2023 ENCRYPTED SUPPORT LP +Copyright: 2012 - 2024 ENCRYPTED SUPPORT LP License: AGPL-3+ License: AGPL-3+ diff --git a/debian/make-helper-overrides.bsh b/debian/make-helper-overrides.bsh index c43ca87..ca24e42 100755 --- a/debian/make-helper-overrides.bsh +++ b/debian/make-helper-overrides.bsh @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2021 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2021 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/24 diff --git a/debian/rules b/debian/rules index a1570ba..60f46e0 100755 --- a/debian/rules +++ b/debian/rules @@ -1,6 +1,6 @@ #!/usr/bin/make -f -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. #export DH_VERBOSE=1 diff --git a/debian/security-misc.displace b/debian/security-misc.displace index d80a247..29392d5 100644 --- a/debian/security-misc.displace +++ b/debian/security-misc.displace @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. /etc/securetty.security-misc diff --git a/debian/security-misc.install b/debian/security-misc.install index 9cea19c..51e61ce 100644 --- a/debian/security-misc.install +++ b/debian/security-misc.install @@ -1,4 +1,4 @@ -## Copyright (C) 2020 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2020 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## This file was generated using 'genmkfile debinstfile'. diff --git a/debian/security-misc.maintscript b/debian/security-misc.maintscript index 7e44c41..f64e762 100644 --- a/debian/security-misc.maintscript +++ b/debian/security-misc.maintscript @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. rm_conffile /etc/sudoers.d/umask-security-misc diff --git a/debian/security-misc.postinst b/debian/security-misc.postinst index b3aaae8..6dd7738 100644 --- a/debian/security-misc.postinst +++ b/debian/security-misc.postinst @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. if [ -f /usr/libexec/helper-scripts/pre.bsh ]; then diff --git a/debian/security-misc.postrm b/debian/security-misc.postrm index c40721f..d474547 100644 --- a/debian/security-misc.postrm +++ b/debian/security-misc.postrm @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. if [ -f /usr/libexec/helper-scripts/pre.bsh ]; then diff --git a/debian/security-misc.preinst b/debian/security-misc.preinst index 4b6a4d7..f10ff11 100644 --- a/debian/security-misc.preinst +++ b/debian/security-misc.preinst @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. if [ -f /usr/libexec/helper-scripts/pre.bsh ]; then diff --git a/debian/security-misc.prerm b/debian/security-misc.prerm index 78d5f3a..b1f7db3 100644 --- a/debian/security-misc.prerm +++ b/debian/security-misc.prerm @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. if [ -f /usr/libexec/helper-scripts/pre.bsh ]; then diff --git a/debian/security-misc.undisplace b/debian/security-misc.undisplace index 4aed27c..6db9354 100644 --- a/debian/security-misc.undisplace +++ b/debian/security-misc.undisplace @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. /etc/login.defs.security-misc diff --git a/debian/watch b/debian/watch index 4a80d35..e38736e 100644 --- a/debian/watch +++ b/debian/watch @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. version=4 diff --git a/etc/apparmor.d/tunables/home.d/security-misc b/etc/apparmor.d/tunables/home.d/security-misc index b1aad3d..92faf91 100644 --- a/etc/apparmor.d/tunables/home.d/security-misc +++ b/etc/apparmor.d/tunables/home.d/security-misc @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. alias /etc/pam.d/common-session -> /etc/pam.d//etc/pam.d/common-session.security-misc, diff --git a/etc/apt/apt.conf.d/40error-on-any b/etc/apt/apt.conf.d/40error-on-any index fbde1db..85de3be 100644 --- a/etc/apt/apt.conf.d/40error-on-any +++ b/etc/apt/apt.conf.d/40error-on-any @@ -1,4 +1,4 @@ -## Copyright (C) 2021 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2021 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Make "sudo apt-get update" exit non-zero for transient failures. diff --git a/etc/apt/apt.conf.d/40sandbox b/etc/apt/apt.conf.d/40sandbox index eb7ef7a..e8025ac 100644 --- a/etc/apt/apt.conf.d/40sandbox +++ b/etc/apt/apt.conf.d/40sandbox @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## https://forums.whonix.org/t/apt-seccomp-bpf-sandboxing/7702 diff --git a/etc/default/grub.d/40_cpu_mitigations.cfg b/etc/default/grub.d/40_cpu_mitigations.cfg index fd997e4..99582ae 100644 --- a/etc/default/grub.d/40_cpu_mitigations.cfg +++ b/etc/default/grub.d/40_cpu_mitigations.cfg @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Enables known mitigations for CPU vulnerabilities. diff --git a/etc/default/grub.d/40_distrust_bootloader.cfg b/etc/default/grub.d/40_distrust_bootloader.cfg index 36ce183..eb26262 100644 --- a/etc/default/grub.d/40_distrust_bootloader.cfg +++ b/etc/default/grub.d/40_distrust_bootloader.cfg @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Distrusts the bootloader for initial entropy at boot. diff --git a/etc/default/grub.d/40_distrust_cpu.cfg b/etc/default/grub.d/40_distrust_cpu.cfg index 107b717..5cfaba9 100644 --- a/etc/default/grub.d/40_distrust_cpu.cfg +++ b/etc/default/grub.d/40_distrust_cpu.cfg @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Distrusts the CPU for initial entropy at boot as it is not possible to diff --git a/etc/default/grub.d/40_enable_iommu.cfg b/etc/default/grub.d/40_enable_iommu.cfg index 10a82fd..898e500 100644 --- a/etc/default/grub.d/40_enable_iommu.cfg +++ b/etc/default/grub.d/40_enable_iommu.cfg @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Enables IOMMU to prevent DMA attacks. diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg index 9b7b53b..4c70928 100644 --- a/etc/default/grub.d/40_kernel_hardening.cfg +++ b/etc/default/grub.d/40_kernel_hardening.cfg @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. kpkg="linux-image-$(dpkg --print-architecture)" || true diff --git a/etc/default/grub.d/40_remmount-secure.cfg b/etc/default/grub.d/40_remmount-secure.cfg index 845ca46..4bdc3a9 100644 --- a/etc/default/grub.d/40_remmount-secure.cfg +++ b/etc/default/grub.d/40_remmount-secure.cfg @@ -1,4 +1,4 @@ -## Copyright (C) 2023 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2023 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## https://www.kicksecure.com/wiki/Security-misc#Remount_Secure diff --git a/etc/default/grub.d/41_quiet.cfg b/etc/default/grub.d/41_quiet.cfg index b863029..ecb268b 100644 --- a/etc/default/grub.d/41_quiet.cfg +++ b/etc/default/grub.d/41_quiet.cfg @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Prevent kernel info leaks in console during boot. diff --git a/etc/hide-hardware-info.d/30_default.conf b/etc/hide-hardware-info.d/30_default.conf index ffda4de..07e1c7e 100644 --- a/etc/hide-hardware-info.d/30_default.conf +++ b/etc/hide-hardware-info.d/30_default.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Disable the /sys whitelist. diff --git a/etc/initramfs-tools/hooks/sysctl-initramfs b/etc/initramfs-tools/hooks/sysctl-initramfs index 1a80c8f..22ceaf1 100755 --- a/etc/initramfs-tools/hooks/sysctl-initramfs +++ b/etc/initramfs-tools/hooks/sysctl-initramfs @@ -1,6 +1,6 @@ #!/bin/sh -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. set -e diff --git a/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs b/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs index d932fc1..88d0162 100755 --- a/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs +++ b/etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs @@ -1,6 +1,6 @@ #!/bin/sh -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. PREREQ="" diff --git a/etc/kernel/postinst.d/30_remove-system-map b/etc/kernel/postinst.d/30_remove-system-map index 14ac9b6..f5e3d96 100755 --- a/etc/kernel/postinst.d/30_remove-system-map +++ b/etc/kernel/postinst.d/30_remove-system-map @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. if test -x /usr/libexec/security-misc/remove-system.map ; then diff --git a/etc/modprobe.d/30_security-misc.conf b/etc/modprobe.d/30_security-misc.conf index 421c8be..0e4b0f2 100644 --- a/etc/modprobe.d/30_security-misc.conf +++ b/etc/modprobe.d/30_security-misc.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## See the following links for a community discussion and overview regarding the selections diff --git a/etc/permission-hardener.d/25_default_passwd.conf b/etc/permission-hardener.d/25_default_passwd.conf index dcd403f..6313e15 100644 --- a/etc/permission-hardener.d/25_default_passwd.conf +++ b/etc/permission-hardener.d/25_default_passwd.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_sudo.conf b/etc/permission-hardener.d/25_default_sudo.conf index 6a1cf21..ee46b0e 100644 --- a/etc/permission-hardener.d/25_default_sudo.conf +++ b/etc/permission-hardener.d/25_default_sudo.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_bubblewrap.conf b/etc/permission-hardener.d/25_default_whitelist_bubblewrap.conf index 071e724..57ad396 100644 --- a/etc/permission-hardener.d/25_default_whitelist_bubblewrap.conf +++ b/etc/permission-hardener.d/25_default_whitelist_bubblewrap.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_chromium.conf b/etc/permission-hardener.d/25_default_whitelist_chromium.conf index db6f8ea..68f54ed 100644 --- a/etc/permission-hardener.d/25_default_whitelist_chromium.conf +++ b/etc/permission-hardener.d/25_default_whitelist_chromium.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_dbus.conf b/etc/permission-hardener.d/25_default_whitelist_dbus.conf index 2997915..4c185ca 100644 --- a/etc/permission-hardener.d/25_default_whitelist_dbus.conf +++ b/etc/permission-hardener.d/25_default_whitelist_dbus.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_firejail.conf b/etc/permission-hardener.d/25_default_whitelist_firejail.conf index a56cb23..fbece5c 100644 --- a/etc/permission-hardener.d/25_default_whitelist_firejail.conf +++ b/etc/permission-hardener.d/25_default_whitelist_firejail.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_fuse.conf b/etc/permission-hardener.d/25_default_whitelist_fuse.conf index 4affc6a..a8b41b1 100644 --- a/etc/permission-hardener.d/25_default_whitelist_fuse.conf +++ b/etc/permission-hardener.d/25_default_whitelist_fuse.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_hardened_malloc.conf b/etc/permission-hardener.d/25_default_whitelist_hardened_malloc.conf index 6cc01fe..5437436 100644 --- a/etc/permission-hardener.d/25_default_whitelist_hardened_malloc.conf +++ b/etc/permission-hardener.d/25_default_whitelist_hardened_malloc.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_mount.conf b/etc/permission-hardener.d/25_default_whitelist_mount.conf index ce7d014..54b22a6 100644 --- a/etc/permission-hardener.d/25_default_whitelist_mount.conf +++ b/etc/permission-hardener.d/25_default_whitelist_mount.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_pam.conf b/etc/permission-hardener.d/25_default_whitelist_pam.conf index 7348e0c..f9d8a08 100644 --- a/etc/permission-hardener.d/25_default_whitelist_pam.conf +++ b/etc/permission-hardener.d/25_default_whitelist_pam.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_policykit.conf b/etc/permission-hardener.d/25_default_whitelist_policykit.conf index 032c6b2..227b5fc 100644 --- a/etc/permission-hardener.d/25_default_whitelist_policykit.conf +++ b/etc/permission-hardener.d/25_default_whitelist_policykit.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_qubes.conf b/etc/permission-hardener.d/25_default_whitelist_qubes.conf index ad8592a..ec84733 100644 --- a/etc/permission-hardener.d/25_default_whitelist_qubes.conf +++ b/etc/permission-hardener.d/25_default_whitelist_qubes.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_selinux.conf b/etc/permission-hardener.d/25_default_whitelist_selinux.conf index 2a5686a..0259ef1 100644 --- a/etc/permission-hardener.d/25_default_whitelist_selinux.conf +++ b/etc/permission-hardener.d/25_default_whitelist_selinux.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_spice.conf b/etc/permission-hardener.d/25_default_whitelist_spice.conf index a8b7f7a..85e0197 100644 --- a/etc/permission-hardener.d/25_default_whitelist_spice.conf +++ b/etc/permission-hardener.d/25_default_whitelist_spice.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_ssh.conf b/etc/permission-hardener.d/25_default_whitelist_ssh.conf index f7ef445..8d9eba5 100644 --- a/etc/permission-hardener.d/25_default_whitelist_ssh.conf +++ b/etc/permission-hardener.d/25_default_whitelist_ssh.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2023 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2023 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_sudo.conf b/etc/permission-hardener.d/25_default_whitelist_sudo.conf index a7b0fd2..7003861 100644 --- a/etc/permission-hardener.d/25_default_whitelist_sudo.conf +++ b/etc/permission-hardener.d/25_default_whitelist_sudo.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_unix_chkpwd.conf b/etc/permission-hardener.d/25_default_whitelist_unix_chkpwd.conf index dc1fb5a..5953d85 100644 --- a/etc/permission-hardener.d/25_default_whitelist_unix_chkpwd.conf +++ b/etc/permission-hardener.d/25_default_whitelist_unix_chkpwd.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/permission-hardener.d/25_default_whitelist_virtualbox.conf b/etc/permission-hardener.d/25_default_whitelist_virtualbox.conf index 17701d9..d9c68bc 100644 --- a/etc/permission-hardener.d/25_default_whitelist_virtualbox.conf +++ b/etc/permission-hardener.d/25_default_whitelist_virtualbox.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Please use "/etc/permission-hardener.d/20_user.conf" or diff --git a/etc/profile.d/30_security-misc.sh b/etc/profile.d/30_security-misc.sh index 2ab169d..41aa6ac 100755 --- a/etc/profile.d/30_security-misc.sh +++ b/etc/profile.d/30_security-misc.sh @@ -1,6 +1,6 @@ #!/bin/sh -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. if [ -z "$XDG_CONFIG_DIRS" ]; then diff --git a/etc/security/access-security-misc.conf b/etc/security/access-security-misc.conf index 248335c..a78abd1 100644 --- a/etc/security/access-security-misc.conf +++ b/etc/security/access-security-misc.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## To enable root login, see: diff --git a/etc/security/limits.d/30_security-misc.conf b/etc/security/limits.d/30_security-misc.conf index bbbe31d..91a08a3 100644 --- a/etc/security/limits.d/30_security-misc.conf +++ b/etc/security/limits.d/30_security-misc.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Disable coredumps. diff --git a/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml b/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml index fa9d01d..0f588ae 100644 --- a/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml +++ b/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml @@ -1,6 +1,6 @@ - + diff --git a/etc/sudoers.d/pkexec-security-misc b/etc/sudoers.d/pkexec-security-misc index db5f32f..bd78bde 100644 --- a/etc/sudoers.d/pkexec-security-misc +++ b/etc/sudoers.d/pkexec-security-misc @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## REVIEW: is it ok that users can find out the PATH setting of root? diff --git a/etc/sudoers.d/security-misc b/etc/sudoers.d/security-misc index fd9b7fc..7084b1f 100644 --- a/etc/sudoers.d/security-misc +++ b/etc/sudoers.d/security-misc @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. user ALL=NOPASSWD: /usr/libexec/security-misc/panic-on-oops diff --git a/etc/sudoers.d/xfce-security-misc b/etc/sudoers.d/xfce-security-misc index be92ce9..3d26d7b 100644 --- a/etc/sudoers.d/xfce-security-misc +++ b/etc/sudoers.d/xfce-security-misc @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## https://forums.whonix.org/t/xfce4-power-manager-xfpm-power-backlight-helper-pkexec-lxsudo-popup/8764 diff --git a/etc/thunderbird/pref/40_security-misc.js b/etc/thunderbird/pref/40_security-misc.js index b0586e8..49df52d 100644 --- a/etc/thunderbird/pref/40_security-misc.js +++ b/etc/thunderbird/pref/40_security-misc.js @@ -1,4 +1,4 @@ -//#### Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +//#### Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP //#### See the file COPYING for copying conditions. //#### meta start diff --git a/usr/bin/disabled-bluetooth-by-security-misc b/usr/bin/disabled-bluetooth-by-security-misc index 55b1e63..8091b45 100755 --- a/usr/bin/disabled-bluetooth-by-security-misc +++ b/usr/bin/disabled-bluetooth-by-security-misc @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Alerts the user that a kernel module failed to load due to it being blacklisted by default. diff --git a/usr/bin/disabled-cdrom-by-security-misc b/usr/bin/disabled-cdrom-by-security-misc index 9efd765..13e4592 100755 --- a/usr/bin/disabled-cdrom-by-security-misc +++ b/usr/bin/disabled-cdrom-by-security-misc @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Alerts the user that a kernel module failed to load due to it being blacklisted by default. diff --git a/usr/bin/disabled-filesys-by-security-misc b/usr/bin/disabled-filesys-by-security-misc index 50dd638..b5b2426 100755 --- a/usr/bin/disabled-filesys-by-security-misc +++ b/usr/bin/disabled-filesys-by-security-misc @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Alerts the user that a kernel module failed to load due to it being blacklisted by default. diff --git a/usr/bin/disabled-firewire-by-security-misc b/usr/bin/disabled-firewire-by-security-misc index ca04ab1..dbcc7ce 100755 --- a/usr/bin/disabled-firewire-by-security-misc +++ b/usr/bin/disabled-firewire-by-security-misc @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Alerts the user that a kernel module failed to load due to it being blacklisted by default. diff --git a/usr/bin/disabled-gps-by-security-misc b/usr/bin/disabled-gps-by-security-misc index 460e39c..90b7076 100755 --- a/usr/bin/disabled-gps-by-security-misc +++ b/usr/bin/disabled-gps-by-security-misc @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Alerts the user that a kernel module failed to load due to it being blacklisted by default. diff --git a/usr/bin/disabled-intelme-by-security-misc b/usr/bin/disabled-intelme-by-security-misc index 108cc81..47bdcb1 100755 --- a/usr/bin/disabled-intelme-by-security-misc +++ b/usr/bin/disabled-intelme-by-security-misc @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Alerts the user that a kernel module failed to load due to it being blacklisted by default. diff --git a/usr/bin/disabled-netfilesys-by-security-misc b/usr/bin/disabled-netfilesys-by-security-misc index 5c15b39..e62f0c0 100755 --- a/usr/bin/disabled-netfilesys-by-security-misc +++ b/usr/bin/disabled-netfilesys-by-security-misc @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Alerts the user that a kernel module failed to load due to it being blacklisted by default. diff --git a/usr/bin/disabled-network-by-security-misc b/usr/bin/disabled-network-by-security-misc index d2ae58c..f00086e 100755 --- a/usr/bin/disabled-network-by-security-misc +++ b/usr/bin/disabled-network-by-security-misc @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Alerts the user that a kernel module failed to load due to it being blacklisted by default. diff --git a/usr/bin/disabled-thunderbolt-by-security-misc b/usr/bin/disabled-thunderbolt-by-security-misc index e086d4a..d153ceb 100755 --- a/usr/bin/disabled-thunderbolt-by-security-misc +++ b/usr/bin/disabled-thunderbolt-by-security-misc @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Alerts the user that a kernel module failed to load due to it being blacklisted by default. diff --git a/usr/bin/disabled-vivid-by-security-misc b/usr/bin/disabled-vivid-by-security-misc index ed1487f..aa7c639 100755 --- a/usr/bin/disabled-vivid-by-security-misc +++ b/usr/bin/disabled-vivid-by-security-misc @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Alerts the user that a kernel module failed to load due to it being blacklisted by default. diff --git a/usr/bin/pkexec.security-misc b/usr/bin/pkexec.security-misc index cb57c9a..be8fddd 100755 --- a/usr/bin/pkexec.security-misc +++ b/usr/bin/pkexec.security-misc @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with diff --git a/usr/lib/dracut/modules.d-disabled/20remount-secure/module-setup.sh b/usr/lib/dracut/modules.d-disabled/20remount-secure/module-setup.sh index ce0a67b..e5a4188 100755 --- a/usr/lib/dracut/modules.d-disabled/20remount-secure/module-setup.sh +++ b/usr/lib/dracut/modules.d-disabled/20remount-secure/module-setup.sh @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2023 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2023 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. # called by dracut diff --git a/usr/lib/dracut/modules.d-disabled/20remount-secure/remount-secure.sh b/usr/lib/dracut/modules.d-disabled/20remount-secure/remount-secure.sh index b742dda..de44d46 100755 --- a/usr/lib/dracut/modules.d-disabled/20remount-secure/remount-secure.sh +++ b/usr/lib/dracut/modules.d-disabled/20remount-secure/remount-secure.sh @@ -1,6 +1,6 @@ #!/bin/sh -## Copyright (C) 2023 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2023 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## This script is intended to remount specified mount points with more secure diff --git a/usr/lib/modules-load.d/30_security-misc.conf b/usr/lib/modules-load.d/30_security-misc.conf index 072c9b0..08ee22a 100644 --- a/usr/lib/modules-load.d/30_security-misc.conf +++ b/usr/lib/modules-load.d/30_security-misc.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## https://www.whonix.org/wiki/Dev/Entropy diff --git a/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf b/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf index 5cca304..bbdf5ea 100644 --- a/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf +++ b/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Quote https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html diff --git a/usr/lib/sysctl.d/30_silent-kernel-printk.conf b/usr/lib/sysctl.d/30_silent-kernel-printk.conf index e99f0b5..b76a4b3 100644 --- a/usr/lib/sysctl.d/30_silent-kernel-printk.conf +++ b/usr/lib/sysctl.d/30_silent-kernel-printk.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Prevent kernel info leaks in console during boot. diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf index 9f2736e..371c265 100644 --- a/usr/lib/sysctl.d/990-security-misc.conf +++ b/usr/lib/sysctl.d/990-security-misc.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## NOTE: diff --git a/usr/lib/systemd/system-preset/50-security-misc.preset b/usr/lib/systemd/system-preset/50-security-misc.preset index a852419..37374b3 100644 --- a/usr/lib/systemd/system-preset/50-security-misc.preset +++ b/usr/lib/systemd/system-preset/50-security-misc.preset @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618 diff --git a/usr/lib/systemd/system/haveged.service.d/30_security-misc.conf b/usr/lib/systemd/system/haveged.service.d/30_security-misc.conf index fd79dc8..97d4688 100644 --- a/usr/lib/systemd/system/haveged.service.d/30_security-misc.conf +++ b/usr/lib/systemd/system/haveged.service.d/30_security-misc.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2021 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2021 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. [Service] diff --git a/usr/lib/systemd/system/hide-hardware-info.service b/usr/lib/systemd/system/hide-hardware-info.service index 68d7401..6d39335 100644 --- a/usr/lib/systemd/system/hide-hardware-info.service +++ b/usr/lib/systemd/system/hide-hardware-info.service @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. [Unit] diff --git a/usr/lib/systemd/system/permission-hardener.service b/usr/lib/systemd/system/permission-hardener.service index 94ddd6b..99d4c37 100644 --- a/usr/lib/systemd/system/permission-hardener.service +++ b/usr/lib/systemd/system/permission-hardener.service @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. [Unit] diff --git a/usr/lib/systemd/system/proc-hidepid.service b/usr/lib/systemd/system/proc-hidepid.service index 2ec1858..f48211d 100644 --- a/usr/lib/systemd/system/proc-hidepid.service +++ b/usr/lib/systemd/system/proc-hidepid.service @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. [Unit] diff --git a/usr/lib/systemd/system/remount-secure.service b/usr/lib/systemd/system/remount-secure.service index 8797b9c..414bba6 100644 --- a/usr/lib/systemd/system/remount-secure.service +++ b/usr/lib/systemd/system/remount-secure.service @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. [Unit] diff --git a/usr/lib/systemd/system/remove-system-map.service b/usr/lib/systemd/system/remove-system-map.service index c6eb17b..51041f2 100644 --- a/usr/lib/systemd/system/remove-system-map.service +++ b/usr/lib/systemd/system/remove-system-map.service @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. [Unit] diff --git a/usr/libexec/security-misc/apt-get-update b/usr/libexec/security-misc/apt-get-update index 39afd9c..9c5dde1 100755 --- a/usr/libexec/security-misc/apt-get-update +++ b/usr/libexec/security-misc/apt-get-update @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. sigterm_trap() { diff --git a/usr/libexec/security-misc/apt-get-update-sanity-test b/usr/libexec/security-misc/apt-get-update-sanity-test index d71e680..a363fae 100755 --- a/usr/libexec/security-misc/apt-get-update-sanity-test +++ b/usr/libexec/security-misc/apt-get-update-sanity-test @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. set -x diff --git a/usr/libexec/security-misc/askpass b/usr/libexec/security-misc/askpass index 73f7d40..c3bb41a 100755 --- a/usr/libexec/security-misc/askpass +++ b/usr/libexec/security-misc/askpass @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. set -e diff --git a/usr/libexec/security-misc/echo-path b/usr/libexec/security-misc/echo-path index 9231d85..4a82272 100755 --- a/usr/libexec/security-misc/echo-path +++ b/usr/libexec/security-misc/echo-path @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. set -e diff --git a/usr/libexec/security-misc/hide-hardware-info b/usr/libexec/security-misc/hide-hardware-info index d250a6a..f6a963b 100755 --- a/usr/libexec/security-misc/hide-hardware-info +++ b/usr/libexec/security-misc/hide-hardware-info @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. set -e diff --git a/usr/libexec/security-misc/mmap-rnd-bits b/usr/libexec/security-misc/mmap-rnd-bits index 17482bf..74078fa 100755 --- a/usr/libexec/security-misc/mmap-rnd-bits +++ b/usr/libexec/security-misc/mmap-rnd-bits @@ -1,6 +1,6 @@ #!/usr/bin/env bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## This script enforces the maximum ASLR hardening settings for mmap, given the @@ -56,7 +56,7 @@ fi ## Generate a sysctl.d conf file. SYSCTL="\ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## This file is automatically generated by: diff --git a/usr/libexec/security-misc/pam-abort-on-locked-password b/usr/libexec/security-misc/pam-abort-on-locked-password index 8e2a575..bb1a3ee 100755 --- a/usr/libexec/security-misc/pam-abort-on-locked-password +++ b/usr/libexec/security-misc/pam-abort-on-locked-password @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## This is only a usability feature to avoid needlessly bumping pam_faillock diff --git a/usr/libexec/security-misc/pam-info b/usr/libexec/security-misc/pam-info index de6a3e0..aa730de 100755 --- a/usr/libexec/security-misc/pam-info +++ b/usr/libexec/security-misc/pam-info @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## To enable debug log, run: diff --git a/usr/libexec/security-misc/pam_faillock_not_if_x b/usr/libexec/security-misc/pam_faillock_not_if_x index 3fcf10f..edfa35d 100755 --- a/usr/libexec/security-misc/pam_faillock_not_if_x +++ b/usr/libexec/security-misc/pam_faillock_not_if_x @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## https://serverfault.com/questions/134471/success-n-control-syntax-in-pam-conf-pam-d-files diff --git a/usr/libexec/security-misc/pam_only_if_login b/usr/libexec/security-misc/pam_only_if_login index 11f56d4..f81592e 100755 --- a/usr/libexec/security-misc/pam_only_if_login +++ b/usr/libexec/security-misc/pam_only_if_login @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## https://serverfault.com/questions/134471/success-n-control-syntax-in-pam-conf-pam-d-files diff --git a/usr/libexec/security-misc/panic-on-oops b/usr/libexec/security-misc/panic-on-oops index 20365df..907ee69 100755 --- a/usr/libexec/security-misc/panic-on-oops +++ b/usr/libexec/security-misc/panic-on-oops @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. set -e diff --git a/usr/libexec/security-misc/permission-lockdown b/usr/libexec/security-misc/permission-lockdown index 973c70d..a5623b2 100755 --- a/usr/libexec/security-misc/permission-lockdown +++ b/usr/libexec/security-misc/permission-lockdown @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## Doing this for all users would create many issues. diff --git a/usr/libexec/security-misc/remove-system.map b/usr/libexec/security-misc/remove-system.map index a541222..5341844 100755 --- a/usr/libexec/security-misc/remove-system.map +++ b/usr/libexec/security-misc/remove-system.map @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. if [ -f /usr/libexec/helper-scripts/pre.bsh ]; then diff --git a/usr/libexec/security-misc/virusforget b/usr/libexec/security-misc/virusforget index 785d026..5a2c5d7 100755 --- a/usr/libexec/security-misc/virusforget +++ b/usr/libexec/security-misc/virusforget @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## VirusForget is inspired by Christopher Laprise. diff --git a/usr/share/lintian/overrides/security-misc b/usr/share/lintian/overrides/security-misc index 69081ee..0a24ab0 100644 --- a/usr/share/lintian/overrides/security-misc +++ b/usr/share/lintian/overrides/security-misc @@ -1,4 +1,4 @@ -## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## The whole point of the package. diff --git a/usr/share/security-misc/dolphinrc b/usr/share/security-misc/dolphinrc index 0d4b739..682401d 100644 --- a/usr/share/security-misc/dolphinrc +++ b/usr/share/security-misc/dolphinrc @@ -1,4 +1,4 @@ -## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions [PreviewSettings] diff --git a/usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf b/usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf index c94e65e..e1485b6 100644 --- a/usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf +++ b/usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf @@ -1,4 +1,4 @@ -## Copyright (C) 2021 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2021 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## LKRG VirtualBox host configuration diff --git a/usr/share/security-misc/lkrg/lkrg-virtualbox b/usr/share/security-misc/lkrg/lkrg-virtualbox index 545a694..3b4a061 100755 --- a/usr/share/security-misc/lkrg/lkrg-virtualbox +++ b/usr/share/security-misc/lkrg/lkrg-virtualbox @@ -1,6 +1,6 @@ #!/bin/bash -## Copyright (C) 2021 - 2023 ENCRYPTED SUPPORT LP +## Copyright (C) 2021 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. #set -x