Patrick Schleizer 2019-09-07 05:39:56 +00:00
parent 9ee9309f54
commit 661bcd8603
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
3 changed files with 3 additions and 9 deletions

5
debian/control vendored
View File

@ -80,11 +80,6 @@ Description: enhances misc security settings
* Bluetooth is blacklisted to reduce attack surface. Bluetooth also has
a history of security concerns.
https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns
.
* Requires every module to be signed before being loaded. Any module that is
unsigned or signed with an invalid key cannot be loaded. This makes it harder
to load a malicious module.
/etc/default/grub.d/40_only_allow_signed_modules.cfg
.
Uncommon network protocols are blacklisted:
These are rarely used and may have unknown vulnerabilities.

View File

@ -2,3 +2,6 @@
## See the file COPYING for copying conditions.
rm_conffile /etc/sudoers.d/umask-security-misc
## https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
rm_conffile /etc/default/grub.d/40_only_allow_signed_modules.cfg

View File

@ -1,4 +0,0 @@
## Requires every module to be signed before being loaded.
## Any module that is unsigned or signed with an invalid key cannot be loaded.
## This makes it harder to load a malicious module.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX module.sig_enforce=1"