From 6dd6530fa539a55feecc28cecdc812b787b555a6 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Fri, 20 Dec 2019 05:32:26 -0500 Subject: [PATCH] remove hardening-enable please invent package security-paranoid instead https://forums.whonix.org/t/security-hardening-tool-usr-bin-hardening-enable-by-security-misc/8609 --- debian/rules | 4 -- man/hardening-enable.8.ronn | 16 ------- usr/bin/hardening-enable | 91 ------------------------------------- 3 files changed, 111 deletions(-) delete mode 100644 man/hardening-enable.8.ronn delete mode 100755 usr/bin/hardening-enable diff --git a/debian/rules b/debian/rules index e29c0d4..963b738 100755 --- a/debian/rules +++ b/debian/rules @@ -8,10 +8,6 @@ %: dh $@ --with=config-package -override_dh_installman: - make manpages - dh_installman $(CURDIR)/debian/tmp-man/* - override_dh_installchangelogs: dh_installchangelogs changelog.upstream upstream diff --git a/man/hardening-enable.8.ronn b/man/hardening-enable.8.ronn deleted file mode 100644 index 2763db5..0000000 --- a/man/hardening-enable.8.ronn +++ /dev/null @@ -1,16 +0,0 @@ -hardening-enable(8) -- enable all hardening by security-misc -============================================= - - -# Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP -# See the file COPYING for copying conditions. - - -## SYNOPSIS -`hardening-enable` - -## Description -Enables all hardening by security-misc. - -## AUTHOR -This man page has been written by Patrick Schleizer (adrelanos@riseup.net). diff --git a/usr/bin/hardening-enable b/usr/bin/hardening-enable deleted file mode 100755 index 469364a..0000000 --- a/usr/bin/hardening-enable +++ /dev/null @@ -1,91 +0,0 @@ -#!/bin/bash - -## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP -## See the file COPYING for copying conditions. - -set -e - -if [ -f /usr/lib/helper-scripts/pre.bsh ]; then - source /usr/lib/helper-scripts/pre.bsh -fi - -## Thanks to: -## http://mywiki.wooledge.org/BashFAQ/035 - -while : -do - case $1 in - --ssh) - ssh=true - shift - ;; - --nossh) - ssh=false - shift - ;; - --) - shift - break - ;; - -*) - echo "$0 unknown option: $1" >&2 - exit 2 - ;; - *) - break - ;; - esac -done - -## If there are input files (for example) that follow the options, they -## will remain in the "$@" positional parameters. - -if [ "$ssh" = "" ]; then - echo "${red}ERROR${reset}: must use either --ssh or --nossh. For example:" >&2 - echo "$0 --nossh" >&2 - exit 2 -fi - -echo "${bold}[Hide Hardware Info]${reset}" -echo "Enabling enable hide-hardware-info.service by running 'systemctl enable hide-hardware-info.service'..." - -systemctl enable hide-hardware-info.service - -echo "${green}Success.${reset}" -echo "" - -echo "${bold}[NOEXEC]${reset}" -echo "Enabling noexec by creating file /etc/noexec ..." - -touch /etc/noexec - -echo "${green}Success.${reset}" -echo "" - -echo "${bold}[LKRG - Linux Kernel Runtime Guard]${reset}" -echo "LKRG hardening by creating /etc/sysctl.d/40-security-misc-autogenerated.conf ..." - -mkdir -p /etc/sysctl.d - -echo "\ -## This is an automatically generated file. -## This file was automatically generated by: -## $0 -## Edits may be lost! - -## https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Configuration -lkrg.ci_panic=1 -lkrg.umh_lock=1" > /etc/sysctl.d/40-security-misc-autogenerated.conf - -echo "${green}Success.${reset}" -echo "" - -if [ "$ssh" = "false" ]; then - echo "${bold}[Console Lockdown]${reset}" - echo "Enabling Console Lockdown by removing user 'user' from group 'ssh'." - - delgroup user ssh &>/dev/null || true - - echo "${green}Success.${reset}" - echo "" -fi