Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-03 17:54:53 -04:00
Code Issues Projects Releases Packages Wiki Activity

Rename file permission hardening script

Browse source 
Hardener as the script is the agent that is hardening the file
permissions.
This commit is contained in:
Ben Grande 2024-01-02 13:34:29 +01:00
parent f138cf0f78
commit abf72c2ee4
No known key found for this signature in database
GPG key ID: 00C64E14F51F9E56
24 changed files with 54 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

9
usr/bin/permission-hardening → usr/bin/permission-hardener
View file

@ -6,13 +6,10 @@
## https://forums.whonix.org/t/disable-suid-binaries/7706
## https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
## To undo:
## sudo permission-hardening disable
set -o errexit -o nounset -o pipefail
exit_code=0
store_dir="/var/lib/permission-hardening"
store_dir="/var/lib/permission-hardener"
dpkg_admindir_parameter_existing_mode="--admindir ${store_dir}/existing_mode"
dpkg_admindir_parameter_new_mode="--admindir ${store_dir}/new_mode"
@ -507,6 +504,8 @@ parse_config_folder() {
shopt -s nullglob
for config_file in \
/etc/permission-hardener.d/*.conf \
/usr/local/etc/permission-hardener.d/*.conf \
/etc/permission-hardening.d/*.conf \
/usr/local/etc/permission-hardening.d/*.conf
do
@ -620,7 +619,7 @@ spare() {
To remove all:
$0 disable all
This change might not be permanent (because of the permission-hardening.service systemd unit). For full instructions, see:
This change might not be permanent (because of the permission-hardener.service systemd unit). For full instructions, see:
https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener
To view list of changed by SUID Disabler and Permission Hardener: