Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-08-02 17:16:08 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'ben-grande/clean'

Browse source
This commit is contained in:
Patrick Schleizer 2024-01-16 08:19:28 -05:00
commit 862bf6b5ab
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
26 changed files with 731 additions and 715 deletions
Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -433,23 +433,23 @@ include but are not limited to:
- Protecting the information of sudoers from others.
- Protecting various system relevant files and modules.
##### permission-hardening #####
##### permission-hardener #####
`permission-hardener` removes SUID / SGID bits from non-essential binaries as
these are often used in privilege escalation attacks. It runs at package
installation and upgrade time.
There is also an optional systemd unit which does the same at boot time that
can be enabled by running `systemctl enable permission-hardening.service` as
can be enabled by running `systemctl enable permission-hardener.service` as
root. The hardening at boot time is not the default because this slows down
the boot too much.
See:
* `/usr/bin/permission-hardening`
* `/usr/bin/permission-hardener`
* `debian/security-misc.postinst`
* `/lib/systemd/system/permission-hardening.service`
* `/etc/permission-hardening.d`
* `/lib/systemd/system/permission-hardener.service`
* `/etc/permission-hardener.d`
* https://forums.whonix.org/t/disable-suid-binaries/7706
* https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener