Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-08-01 17:56:03 -04:00
Code Issues Projects Releases Packages Wiki Activity

Console Lockdown.

Browse source 
Allow members of group 'console' to use tty1 to tty7. Everyone else except
members of group 'console-unrestricted' are restricted from using console
using ancient, unpopular login methods such as using /bin/login over networks,
which might be exploitable. (CVE-2001-0797)

Not enabled by default in this package since this package does not know which
users shall be added to group 'console'.

In new Whonix builds, user 'user" will be added to group 'console' and
pam console-lockdown enabled by package anon-base-files.

/usr/share/pam-configs/console-lockdown

/etc/security/access-security-misc.conf

https://forums.whonix.org/t/etc-security-hardening/8592
This commit is contained in:
Patrick Schleizer 2019-12-07 05:40:20 -05:00
parent 52934c9288
commit 6479c883bf
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
4 changed files with 41 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
usr/share/pam-configs/console-lockdown Normal file
View file

@ -0,0 +1,6 @@
Name: allow only members of group console to login (by package security-misc)
Default: no
Priority: 280
Account-Type: Primary
Account:
required pam_access.so accessfile=/etc/security/access-security-misc.conf debug