mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-04-28 17:06:11 -04:00
set default umask to 027
using package libpam-umask https://www.debian.org/doc/manuals/securing-debian-manual/ch04s11.en.html#id-1.5.14.19 https://github.com/Kicksecure/security-misc/pull/151
This commit is contained in:
Patrick Schleizer
parent
a768f1f1eb
commit
cd216095eb
2
debian/control
vendored
2
debian/control
vendored
@ -14,7 +14,7 @@ Rules-Requires-Root: no
|
|||||||
|
|
||||||
Package: security-misc
|
Package: security-misc
|
||||||
Architecture: all
|
Architecture: all
|
||||||
Depends: python3, libglib2.0-bin, libpam-runtime, sudo, adduser, libcap2-bin,
|
Depends: python3, libglib2.0-bin, libpam-runtime, libpam-umask, sudo, adduser, libcap2-bin,
|
||||||
apparmor-profile-dist, helper-scripts, libpam-modules-bin,
|
apparmor-profile-dist, helper-scripts, libpam-modules-bin,
|
||||||
secure-delete, dmsetup, ${misc:Depends}
|
secure-delete, dmsetup, ${misc:Depends}
|
||||||
Replaces: tcp-timestamps-disable, anon-gpg-tweaks, swappiness-lowest
|
Replaces: tcp-timestamps-disable, anon-gpg-tweaks, swappiness-lowest
|
||||||
|
|||||||
7
usr/share/pam-configs/umask-security-misc
Normal file
7
usr/share/pam-configs/umask-security-misc
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
Name: Restrict umask to 027 (by package security-misc)
|
||||||
|
Default: yes
|
||||||
|
Priority: 100
|
||||||
|
Session-Type: Additional
|
||||||
|
Session-Interactive-Only: yes
|
||||||
|
Session:
|
||||||
|
optional pam_umask.so umask=027
|
||||||
Loading…
x
Reference in New Issue
Block a user