mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-05-03 04:24:51 -04:00
Console Lockdown.
Allow members of group 'console' to use tty1 to tty7. Everyone else except members of group 'console-unrestricted' are restricted from using console using ancient, unpopular login methods such as using /bin/login over networks, which might be exploitable. (CVE-2001-0797) Not enabled by default in this package since this package does not know which users shall be added to group 'console'. In new Whonix builds, user 'user" will be added to group 'console' and pam console-lockdown enabled by package anon-base-files. /usr/share/pam-configs/console-lockdown /etc/security/access-security-misc.conf https://forums.whonix.org/t/etc-security-hardening/8592
This commit is contained in:
Patrick Schleizer
parent
52934c9288
commit
6479c883bf
4 changed files with 41 additions and 0 deletions
4
debian/security-misc.postinst
vendored
4
debian/security-misc.postinst
vendored
|
|
@ -32,6 +32,10 @@ esac
|
|||
addgroup root sudo
|
||||
addgroup --system sysfs
|
||||
addgroup --system cpuinfo
|
||||
addgroup --system console
|
||||
addgroup --system console-unrestricted
|
||||
|
||||
addgroup root console
|
||||
|
||||
pam-auth-update --package
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue