Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-05 15:14:57 -04:00
Code Issues Projects Releases Packages Wiki Activity

readme

Browse source
This commit is contained in:
Patrick Schleizer 2019-08-16 15:57:30 +00:00
parent 224f95799c
commit 6a68c3bd9c
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -55,7 +55,10 @@ for DMA (Direct Memory Access) attacks.
* The kernel now panics on oopses to prevent it from continuing running a
flawed process.
Requires every module to be signed before being loaded. Any module that is
* Bluetooth is blacklisted to reduce attack surface. Bluetooth also has
a history of [security concerns](https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns).
* Requires every module to be signed before being loaded. Any module that is
unsigned or signed with an invalid key cannot be loaded. This makes it harder
to load a malicious module.
/etc/default/grub.d/40_only_allow_signed_modules.cfg
@ -129,6 +132,7 @@ access rights restrictions:
to read and write to newly created files.
/etc/login.defs.security-misc
/usr/share/pam-configs/usergroups-security-misc
/etc/sudoers.d/umask-security-misc
* Enables pam_umask.so usergroups so group permissions are same as user
permissions. Debian by default uses User Private Groups (UPG).