From 2cab38a8b3f7423f8956c72f1bf6c399ea70c495 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 16 Dec 2019 06:24:14 -0500 Subject: [PATCH] readme --- README.md | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index ad71b4e..cec94be 100644 --- a/README.md +++ b/README.md @@ -160,17 +160,13 @@ prevented by shipping an existing and empty /etc/securetty. /etc/securetty.security-misc * Console Lockdown. -Allow members of group 'console' to use console and members of group 'ssh' -to receive incoming SSH connections. Everyone else except members of group +Allow members of group 'console' to use console. +Everyone else except members of group 'console-unrestricted' are restricted from using console using ancient, unpopular login methods such as using /bin/login over networks, which might be exploitable. (CVE-2001-0797) Using pam_access. Not enabled by default in this package since this package does not know which -users shall be added to group 'console' and/or 'ssh' and would break console, -X Window System and ssh login since files in -/usr/share/pam-configs/console-lockdown-security-misc result in modifications -of /etc/pam.d/common-account file which not only applies to /etc/pam.d/login -but also all other services such as /etc/pam.d/ssh. +users shall be added to group 'console' and would break console. /usr/share/pam-configs/console-lockdown-security-misc /etc/security/access-security-misc.conf @@ -272,6 +268,21 @@ Application specific hardening: to make phising attacks more difficult. Fixing URL not showing real Domain Name (Homograph attack). +Want more? Look into these: + +* Linux Kernel Runtime Guard (LKRG). Kills whole Classes of Kernel Exploits. +* tirdad - TCP ISN CPU Information Leak Protection. +* Whonix ™ - Anonymous Operating System +* Kicksecure ™ - A Security-hardened, Non-anonymous Linux Distribution +* SecBrowser ™ - A Security-hardened, Non-anonymous Browser +* And more. +* https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG +* https://github.com/Whonix/tirdad +* https://www.whonix.org +* https://www.whonix.org/wiki/Kicksecure +* https://www.whonix.org/wiki/SecBrowser +* https://github.com/Whonix + Discussion: Happening primarily in Whonix forums.