mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-28 13:59:23 -05:00
add usr/bin/hardening-enable
This commit is contained in:
parent
19cc6d7555
commit
1dbca1ea2d
3
debian/control
vendored
3
debian/control
vendored
@ -5,7 +5,8 @@ Source: security-misc
|
||||
Section: misc
|
||||
Priority: optional
|
||||
Maintainer: Patrick Schleizer <adrelanos@riseup.net>
|
||||
Build-Depends: debhelper (>= 12), genmkfile, config-package-dev, dh-apparmor
|
||||
Build-Depends: debhelper (>= 12), genmkfile, config-package-dev, dh-apparmor,
|
||||
ronn
|
||||
Homepage: https://github.com/Whonix/security-misc
|
||||
Vcs-Browser: https://github.com/Whonix/security-misc
|
||||
Vcs-Git: https://github.com/Whonix/security-misc.git
|
||||
|
6
debian/rules
vendored
6
debian/rules
vendored
@ -8,9 +8,13 @@
|
||||
%:
|
||||
dh $@ --with=config-package
|
||||
|
||||
override_dh_installman:
|
||||
make manpages
|
||||
dh_installman $(CURDIR)/debian/tmp-man/*
|
||||
|
||||
override_dh_installchangelogs:
|
||||
dh_installchangelogs changelog.upstream upstream
|
||||
|
||||
|
||||
override_dh_install:
|
||||
dh_apparmor --profile-name='usr.lib.security-misc.pam_tally2-info'
|
||||
dh_apparmor --profile-name='usr.lib.security-misc.permission-lockdown'
|
||||
|
16
man/hardening-enable.8.ronn
Normal file
16
man/hardening-enable.8.ronn
Normal file
@ -0,0 +1,16 @@
|
||||
hardening-enable(8) -- enable all hardening by security-misc
|
||||
=============================================
|
||||
|
||||
<span class="comment">
|
||||
# Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
||||
# See the file COPYING for copying conditions.
|
||||
</span>
|
||||
|
||||
## SYNOPSIS
|
||||
`hardening-enable`
|
||||
|
||||
## Description
|
||||
Enables all hardening by security-misc.
|
||||
|
||||
## AUTHOR
|
||||
This man page has been written by Patrick Schleizer (adrelanos@riseup.net).
|
25
usr/bin/hardening-enable
Executable file
25
usr/bin/hardening-enable
Executable file
@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
|
||||
## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
||||
## See the file COPYING for copying conditions.
|
||||
|
||||
set -x
|
||||
set -e
|
||||
|
||||
systemctl enable hide-hardware-info.service
|
||||
|
||||
touch /etc/noexec
|
||||
|
||||
mkdir -p /etc/sysctl.d
|
||||
|
||||
echo "\
|
||||
## This is an automatically generated file.
|
||||
## This file was automatically generated by:
|
||||
## $0
|
||||
## Edits may be lost!
|
||||
|
||||
## https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Configuration
|
||||
lkrg.ci_panic=1
|
||||
lkrg.umh_lock=1" > /etc/sysctl.d/40-security-misc-autogenerated.conf
|
||||
|
||||
pam-auth-update --enable console-lockdown-security-misc
|
Loading…
Reference in New Issue
Block a user