Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-27 20:17:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

enable SUID Disabler and Permission Hardener by default

Browse Source 
https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener

https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706
This commit is contained in:
Patrick Schleizer 2023-10-26 12:20:48 -04:00
parent e5d989af5a
commit 5f4222c1c3
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
debian/security-misc.postinst vendored
View File

@ -15,6 +15,20 @@ true "
##################################################################### #####################################################################
" "
permission_hardening() {
echo ""
echo "Running SUID Disabler and Permission Hardener... See also:"
echo "https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener"
echo ""
echo "$0: INFO: run: /usr/libexec/security-misc/permission-hardening"
if ! /usr/libexec/security-misc/permission-hardening ; then
echo "$0: ERROR: Permission hardening failed." >&2
return 0
fi
echo "$0: INFO: Permission hardening success."
echo ""
}
case "$1" in case "$1" in
configure) configure)
if [ -d /etc/skel/.gnupg ]; then if [ -d /etc/skel/.gnupg ]; then
@ -45,6 +59,7 @@ esac
pam-auth-update --package pam-auth-update --package
/usr/libexec/security-misc/permission-lockdown /usr/libexec/security-misc/permission-lockdown
permission_hardening
## https://phabricator.whonix.org/T377 ## https://phabricator.whonix.org/T377
## Debian has no update-grub trigger yet: ## Debian has no update-grub trigger yet: