Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-13 14:22:13 -04:00
Code Issues Projects Releases Packages Wiki Activity

comments

Browse source
This commit is contained in:
Patrick Schleizer 2024-02-22 15:07:53 -05:00
parent a1f898e3b3
commit d13d1aa7ec
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
1 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

19
usr/bin/remount-secure
View file

@ -1,11 +1,28 @@
#!/bin/bash #!/bin/bash
## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org> ## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions. ## See the file COPYING for copying conditions.
## features:
## - nodev,nosuid where appropriate
## - optional noexec for most except /home
## - optional noexec for all including /home
## - idempotent (script can be safely re-run)
## - can be run from:
## - systemd
## - dracut
## - manually from command line
## - can safely handle non-existing folders
## - error handling
## - log output:
## - shows each and every command executed
## - shows old mount options prior running remount-secure
## - shows new mount options after running remount-secure
## noexec in /tmp and/or /home can break some malware but also legitimate ## noexec in /tmp and/or /home can break some malware but also legitimate
## applications. ## applications.
## https://www.kicksecure.com/wiki/Noexec
## https://www.kicksecure.com/wiki/Dev/remount-secure ## https://www.kicksecure.com/wiki/Dev/remount-secure
## https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707 ## https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707