Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-04-28 02:36:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

run permission hardener when new packages are install files to /usr or /opt

Browse Source 
(basically anywhere)

fixes https://github.com/Kicksecure/security-misc/issues/189
This commit is contained in:
Patrick Schleizer 2024-01-17 13:23:20 -05:00
parent 66e6371221
commit 18a06935e0
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
2 changed files with 6 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
debian/security-misc.postinst vendored
View File

@ -33,17 +33,16 @@ permission_hardening_legacy_config_folder() {
} }
permission_hardening() { permission_hardening() {
echo ""
echo "Running SUID Disabler and Permission Hardener... See also:" echo "Running SUID Disabler and Permission Hardener... See also:"
echo "https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener" echo "https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener"
echo ""
echo "$0: INFO: running: permission-hardener enable" echo "$0: INFO: running: permission-hardener enable"
echo ""
if ! permission-hardener enable ; then if ! permission-hardener enable ; then
echo "$0: ERROR: Permission hardening failed." >&2 echo "$0: ERROR: Permission hardening failed." >&2
return 0 return 0
fi fi
echo "$0: INFO: Permission hardening success."
echo "" echo ""
echo "$0: INFO: Permission hardening success."
} }
case "$1" in case "$1" in
@ -64,6 +63,7 @@ case "$1" in
echo "INFO: triggered $DPKG_MAINTSCRIPT_PACKAGE: '$DPKG_MAINTSCRIPT_PACKAGE' $DPKG_MAINTSCRIPT_PACKAGE DPKG_MAINTSCRIPT_NAME: '$DPKG_MAINTSCRIPT_NAME' $\@: '$@' 2: '$2'" echo "INFO: triggered $DPKG_MAINTSCRIPT_PACKAGE: '$DPKG_MAINTSCRIPT_PACKAGE' $DPKG_MAINTSCRIPT_PACKAGE DPKG_MAINTSCRIPT_NAME: '$DPKG_MAINTSCRIPT_NAME' $\@: '$@' 2: '$2'"
/usr/share/security-misc/lkrg/lkrg-virtualbox || true /usr/share/security-misc/lkrg/lkrg-virtualbox || true
/usr/libexec/security-misc/mmap-rnd-bits || true /usr/libexec/security-misc/mmap-rnd-bits || true
permission_hardening
exit 0 exit 0
;; ;;

26
debian/security-misc.triggers vendored
View File

@ -1,25 +1,5 @@
## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org> ## Copyright (C) 2024 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions. ## See the file COPYING for copying conditions.
#### meta start interest-await /usr
#### project Kicksecure interest-await /opt
#### category security
#### description
## Trigger 'activate-noawait update-initramfs' also works with both,
## initramfs-tools as well as dracut.
## - Activate initramfs hook that sets the sysctl values before init is executed.
## - dracut module 20remount-secure
activate-noawait update-initramfs
## LKRG /usr/share/security-misc/lkrg/lkrg-virtualbox
interest-noawait /usr/bin/vboxmanage
## /usr/libexec/security-misc/mmap-rnd-bits
## auto generates:
## /etc/sysctl.d/30_security-misc_aslr-mmap.conf
## sets:
## vm.mmap_rnd_bits
interest-noawait /boot
#### meta end