Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-08-01 15:06:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

Rename file permission hardening script

Browse source 
Hardener as the script is the agent that is hardening the file
permissions.
This commit is contained in:
Ben Grande 2024-01-02 13:34:29 +01:00
parent f138cf0f78
commit abf72c2ee4
No known key found for this signature in database
GPG key ID: 00C64E14F51F9E56
24 changed files with 54 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -430,23 +430,23 @@ include but are not limited to:
- Protecting the information of sudoers from others.
- Protecting various system relevant files and modules.
##### permission-hardening #####
##### permission-hardener #####
`permission-hardener` removes SUID / SGID bits from non-essential binaries as
these are often used in privilege escalation attacks. It runs at package
installation and upgrade time.
There is also an optional systemd unit which does the same at boot time that
can be enabled by running `systemctl enable permission-hardening.service` as
can be enabled by running `systemctl enable permission-hardener.service` as
root. The hardening at boot time is not the default because this slows down
the boot too much.
See:
* `/usr/bin/permission-hardening`
* `/usr/bin/permission-hardener`
* `debian/security-misc.postinst`
* `/lib/systemd/system/permission-hardening.service`
* `/etc/permission-hardening.d`
* `/lib/systemd/system/permission-hardener.service`
* `/etc/permission-hardener.d`
* https://forums.whonix.org/t/disable-suid-binaries/7706
* https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener