Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-06 01:44:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

readme

Browse source
This commit is contained in:
Patrick Schleizer 2019-08-16 15:57:30 +00:00
parent 224f95799c
commit 6a68c3bd9c
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -55,7 +55,10 @@ for DMA (Direct Memory Access) attacks.
* The kernel now panics on oopses to prevent it from continuing running a * The kernel now panics on oopses to prevent it from continuing running a
flawed process. flawed process.
Requires every module to be signed before being loaded. Any module that is * Bluetooth is blacklisted to reduce attack surface. Bluetooth also has
a history of [security concerns](https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns).
* Requires every module to be signed before being loaded. Any module that is
unsigned or signed with an invalid key cannot be loaded. This makes it harder unsigned or signed with an invalid key cannot be loaded. This makes it harder
to load a malicious module. to load a malicious module.
/etc/default/grub.d/40_only_allow_signed_modules.cfg /etc/default/grub.d/40_only_allow_signed_modules.cfg
@ -129,6 +132,7 @@ access rights restrictions:
to read and write to newly created files. to read and write to newly created files.
/etc/login.defs.security-misc /etc/login.defs.security-misc
/usr/share/pam-configs/usergroups-security-misc /usr/share/pam-configs/usergroups-security-misc
/etc/sudoers.d/umask-security-misc
* Enables pam_umask.so usergroups so group permissions are same as user * Enables pam_umask.so usergroups so group permissions are same as user
permissions. Debian by default uses User Private Groups (UPG). permissions. Debian by default uses User Private Groups (UPG).