Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

readme

Browse Source
This commit is contained in:
Patrick Schleizer 2023-11-05 14:54:05 -05:00
parent 55ba5d4832
commit 42be631023
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -228,10 +228,20 @@ vulnerabilities such as CVE-2019-14899.
* In addition, we deny the capability to track the originating device in the network at all, by using randomized MAC addresses per connection per default.
See:
* `/usr/lib/NetworkManager/conf.d/80_ipv6-privacy.conf`
* `/usr/lib/NetworkManager/conf.d/80_randomize-mac.conf`
* `/usr/lib/systemd/networkd.conf.d/80_ipv6-privacy-extensions.conf`
## Network & Bluetooth hardening
* Not done yet, pending, see: https://github.com/Kicksecure/security-misc/pull/145
* planned: Bluetooth is left enabled but users are highly discouraged from ever turning it on, due to its history of numerous security vulnerabilities. Unlike the default settings, we start the system with bluetooth turned off. We also enforce private addresses and strict timeout settings for discoverability and visibility.
* Bluetooth is left enabled but users are highly discouraged from ever turning it on, due to its history of numerous security vulnerabilities. Unlike the default settings, we start the system with bluetooth turned off. We also enforce private addresses and strict timeout settings for discoverability and visibility.
See:
* `/etc/bluetooth/30_security-misc.conf`
* https://github.com/Kicksecure/security-misc/pull/145
## Entropy collection improvements