mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-10-01 08:25:45 -04:00
readme
This commit is contained in:
parent
01b3a0bfae
commit
2875adb722
14
README.md
14
README.md
@ -40,6 +40,9 @@ KASLR effectiveness.
|
|||||||
* The SysRq key is restricted to only allow shutdowns/reboots.
|
* The SysRq key is restricted to only allow shutdowns/reboots.
|
||||||
A systemd service clears System.map on boot as these contain kernel symbols
|
A systemd service clears System.map on boot as these contain kernel symbols
|
||||||
that could be useful to an attacker.
|
that could be useful to an attacker.
|
||||||
|
/etc/kernel/postinst.d/30_remove-system-map
|
||||||
|
/lib/systemd/system/remove-system-map.service
|
||||||
|
/usr/lib/security-misc/remove-system.map
|
||||||
|
|
||||||
* Coredumps are disabled as they may contain important information such as
|
* Coredumps are disabled as they may contain important information such as
|
||||||
encryption keys or passwords.
|
encryption keys or passwords.
|
||||||
@ -116,6 +119,7 @@ access rights restrictions:
|
|||||||
* The default umask is changed to 006. This allows only the owner and group
|
* The default umask is changed to 006. This allows only the owner and group
|
||||||
to read and write to newly created files.
|
to read and write to newly created files.
|
||||||
/etc/login.defs.security-misc
|
/etc/login.defs.security-misc
|
||||||
|
/usr/share/pam-configs/usergroups-security-misc
|
||||||
|
|
||||||
* Enables pam_umask.so usergroups so group permissions are same as user
|
* Enables pam_umask.so usergroups so group permissions are same as user
|
||||||
permissions. Debian by default uses User Private Groups (UPG).
|
permissions. Debian by default uses User Private Groups (UPG).
|
||||||
@ -129,12 +133,14 @@ pam_mkhomedir.so umask=006
|
|||||||
* Removes read, write and execute access for others for all users who have
|
* Removes read, write and execute access for others for all users who have
|
||||||
home folders under folder /home by running for example
|
home folders under folder /home by running for example
|
||||||
"chmod o-rwx /home/user"
|
"chmod o-rwx /home/user"
|
||||||
during package installation or upgrade. This will be done only once per folder
|
during package installation, upgrade or pam. This will be done only once per
|
||||||
in folder /home so users who wish to relax file permissions are free to do so.
|
folder in folder /home so users who wish to relax file permissions are free to
|
||||||
This is to protect previously created files in user home folder which were
|
do so. This is to protect previously created files in user home folder which
|
||||||
previously created with lax file permissions prior installation of this
|
were previously created with lax file permissions prior installation of this
|
||||||
package.
|
package.
|
||||||
debian/security-misc.postinst
|
debian/security-misc.postinst
|
||||||
|
/usr/share/pam-configs/permission-lockdown-security-misc
|
||||||
|
/usr/lib/security-misc/permission-lockdown
|
||||||
|
|
||||||
access rights relaxations:
|
access rights relaxations:
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user