Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-09-21 04:54:49 -04:00
Code Issues Projects Releases Packages Wiki Activity

Split the security-misc into security-misc-shared, security-misc-desktop and security-misc-server: rename files

Browse source 
https://github.com/Kicksecure/security-misc/issues/187
This commit is contained in:
Patrick Schleizer 2025-09-17 14:49:28 -04:00
parent 2de10d5b7b
commit f70550d015
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
132 changed files with 35 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

35
README.md
View file

@ -814,6 +814,41 @@ default.
https://github.com/Kicksecure/security-misc/pull/167
## Package split
The `security-misc` source code repository builds three different software packages:
* `security-misc-shared`
* `security-misc-desktop`
* `security-misc-server`
The guiding principle has been: if there are no adverse effects, or if it is unclear whether a file belongs in the `desktop` or `server` package, then it will be placed in the `shared` package.
The hash symbol ("`#`") is used as a separator character.
Some clear examples where files belong only in `security-misc-desktop`:
* `/usr/lib/NetworkManager/conf.d/80_ipv6-privacy#security-misc-desktop.conf`
* `/usr/lib/NetworkManager/conf.d/80_randomize-mac#security-misc-desktop.conf`
* `./usr/lib/systemd/networkd.conf.d/80_ipv6-privacy-extensions.conf#security-misc-desktop`
This is because enabling IPv6 privacy extensions or MAC randomization on a server will not increase privacy but instead carries a high risk of breaking connectivity.
A less clear example is `/etc/bluetooth/30_security-misc.conf#security-misc-desktop`. Also refer to the above chapter "Bluetooth Hardening". A server usually doesn't have Bluetooth, so on a server it may instead be useful to fully disable Bluetooth.
Some clear examples where files belong only in `security-misc-shared`:
`/etc/profile.d/30_security-misc.sh#security-misc-shared` indeed belongs in `security-misc-shared` and not `security-misc-desktop`. For the reason, see below.
Other considerations have been:
* Just because it's a server, it does not follow that there is no GUI (graphical user interface) desktop environment.
* Just because it's a desktop computer, it doesn't mean it's a GUI and not a CLI (command line interface).
* Therefore, the split is between `security-misc-desktop` and `security-misc-server`.
* Therefore, the split is not between `security-misc-gui` and `security-misc-cli`.
\[1\] https://github.com/Kicksecure/security-misc/issues/187
## Related
- Linux Kernel Runtime Guard (LKRG)

0
etc/apparmor.d/tunables/home.d/security-misc → etc/apparmor.d/tunables/home.d/security-misc#security-misc-shared
View file

0
etc/apt/apt.conf.d/40error-on-any → etc/apt/apt.conf.d/40error-on-any#security-misc-shared
View file

0
etc/apt/apt.conf.d/40sandbox → etc/apt/apt.conf.d/40sandbox#security-misc-shared
View file

0
etc/bluetooth/30_security-misc.conf → etc/bluetooth/30_security-misc.conf#security-misc-desktop
View file

0
etc/default/grub.d/40_cpu_mitigations.cfg → etc/default/grub.d/40_cpu_mitigations.cfg#security-misc-shared
View file

0
etc/default/grub.d/40_kernel_hardening.cfg → etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
View file

0
etc/default/grub.d/40_remount_secure.cfg → etc/default/grub.d/40_remount_secure.cfg#security-misc-shared
View file

0
etc/default/grub.d/40_signed_modules.cfg → etc/default/grub.d/40_signed_modules.cfg#security-misc-shared
View file

0
etc/default/grub.d/41_quiet_boot.cfg → etc/default/grub.d/41_quiet_boot.cfg#security-misc-shared
View file

0
etc/default/grub.d/41_recovery_restrict.cfg → etc/default/grub.d/41_recovery_restrict.cfg#security-misc-shared
View file

0
etc/dracut.conf.d/30-security-misc.conf → etc/dracut.conf.d/30-security-misc.conf#security-misc-shared
View file

0
etc/gitconfig → etc/gitconfig#security-misc-shared
View file

0
etc/hide-hardware-info.d/30_default.conf → etc/hide-hardware-info.d/30_default.conf#security-misc-shared
View file

0
etc/kernel/postinst.d/30_remove-system-map → etc/kernel/postinst.d/30_remove-system-map#security-misc-shared
View file

0
etc/modprobe.d/30_security-misc_blacklist.conf → etc/modprobe.d/30_security-misc_blacklist.conf#security-misc-shared
View file

0
etc/modprobe.d/30_security-misc_conntrack.conf → etc/modprobe.d/30_security-misc_conntrack.conf#security-misc-shared
View file

0
etc/modprobe.d/30_security-misc_disable.conf → etc/modprobe.d/30_security-misc_disable.conf#security-misc-shared
View file

0
etc/profile.d/30_security-misc.sh → etc/profile.d/30_security-misc.sh#security-misc-shared
View file

0
etc/securetty.security-misc → etc/securetty.security-misc#security-misc-shared
View file

0
etc/security-misc/emerg-shutdown/30_security_misc.conf → etc/security-misc/emerg-shutdown/30_security_misc.conf#security-misc-shared
View file

0
etc/security/access-security-misc.conf → etc/security/access-security-misc.conf#security-misc-shared
View file

0
etc/security/faillock.conf.security-misc → etc/security/faillock.conf.security-misc#security-misc-shared
View file

0
etc/security/limits.d/30_security-misc.conf → etc/security/limits.d/30_security-misc.conf#security-misc-shared
View file

0
etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml → etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml#security-misc-shared
View file

0
etc/skel/.gnupg/gpg.conf → etc/skel/.gnupg/gpg.conf#security-misc-shared
View file

0
etc/ssh/ssh_config.d/30_security-misc.conf → etc/ssh/ssh_config.d/30_security-misc.conf#security-misc-shared
View file

0
etc/ssh/sshd_config.d/30_security-misc.conf → etc/ssh/sshd_config.d/30_security-misc.conf#security-misc-shared
View file

0
etc/sudoers.d/security-misc → etc/sudoers.d/security-misc#security-misc-shared
View file

0
etc/systemd/system/emergency.service.d/override.conf → etc/systemd/system/emergency.service.d/override.conf#security-misc-shared
View file

0
etc/systemd/system/rescue.service.d/override.conf → etc/systemd/system/rescue.service.d/override.conf#security-misc-shared
View file

0
etc/usbguard/IPCAccessControl.d/:sudo → etc/usbguard/IPCAccessControl.d/:sudo#security-misc-shared
View file

0
etc/usbguard/rules.d/30_security-misc.conf → etc/usbguard/rules.d/30_security-misc.conf#security-misc-shared
View file

0
etc/usbguard/usbguard-daemon.conf.security-misc → etc/usbguard/usbguard-daemon.conf.security-misc#security-misc-shared
View file

0
usr/bin/disabled-bluetooth-by-security-misc → usr/bin/disabled-bluetooth-by-security-misc#security-misc-shared
View file

0
usr/bin/disabled-cdrom-by-security-misc → usr/bin/disabled-cdrom-by-security-misc#security-misc-shared
View file

0
usr/bin/disabled-filesys-by-security-misc → usr/bin/disabled-filesys-by-security-misc#security-misc-shared
View file

0
usr/bin/disabled-firewire-by-security-misc → usr/bin/disabled-firewire-by-security-misc#security-misc-shared
View file

0
usr/bin/disabled-framebuffer-by-security-misc → usr/bin/disabled-framebuffer-by-security-misc#security-misc-shared
View file

0
usr/bin/disabled-gps-by-security-misc → usr/bin/disabled-gps-by-security-misc#security-misc-shared
View file

0
usr/bin/disabled-intelme-by-security-misc → usr/bin/disabled-intelme-by-security-misc#security-misc-shared
View file

0
usr/bin/disabled-intelpmt-by-security-misc → usr/bin/disabled-intelpmt-by-security-misc#security-misc-shared
View file

0
usr/bin/disabled-miscellaneous-by-security-misc → usr/bin/disabled-miscellaneous-by-security-misc#security-misc-shared
View file

0
usr/bin/disabled-netfilesys-by-security-misc → usr/bin/disabled-netfilesys-by-security-misc#security-misc-shared
View file

0
usr/bin/disabled-network-by-security-misc → usr/bin/disabled-network-by-security-misc#security-misc-shared
View file

0
usr/bin/disabled-thunderbolt-by-security-misc → usr/bin/disabled-thunderbolt-by-security-misc#security-misc-shared
View file

0
usr/bin/permission-hardener → usr/bin/permission-hardener#security-misc-shared
View file

0
usr/bin/remount-secure → usr/bin/remount-secure#security-misc-shared
View file

0
usr/lib/NetworkManager/conf.d/80_ipv6-privacy.conf → usr/lib/NetworkManager/conf.d/80_ipv6-privacy.conf#security-misc-desktop
View file

0
usr/lib/NetworkManager/conf.d/80_randomize-mac.conf → usr/lib/NetworkManager/conf.d/80_randomize-mac.conf#security-misc-desktop
View file

0
usr/lib/dracut/modules.d-disabled/20remount-secure/module-setup.sh → usr/lib/dracut/modules.d-disabled/20remount-secure/module-setup.sh#security-misc-shared
View file

0
usr/lib/dracut/modules.d-disabled/20remount-secure/remount-secure.sh → usr/lib/dracut/modules.d-disabled/20remount-secure/remount-secure.sh#security-misc-shared
View file

0
usr/lib/dracut/modules.d/99emerg-shutdown/module-setup.sh → usr/lib/dracut/modules.d/99emerg-shutdown/module-setup.sh#security-misc-shared
View file

0
usr/lib/issue.d/20_security-misc.issue → usr/lib/issue.d/20_security-misc.issue#security-misc-shared
View file

0
usr/lib/modules-load.d/30_security-misc.conf → usr/lib/modules-load.d/30_security-misc.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_bubblewrap.conf → usr/lib/permission-hardener.d/25_default_whitelist_bubblewrap.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_chromium.conf → usr/lib/permission-hardener.d/25_default_whitelist_chromium.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_dbus.conf → usr/lib/permission-hardener.d/25_default_whitelist_dbus.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_firejail.conf → usr/lib/permission-hardener.d/25_default_whitelist_firejail.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_fuse.conf → usr/lib/permission-hardener.d/25_default_whitelist_fuse.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_hardened_malloc.conf → usr/lib/permission-hardener.d/25_default_whitelist_hardened_malloc.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_mount.conf → usr/lib/permission-hardener.d/25_default_whitelist_mount.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_pam.conf → usr/lib/permission-hardener.d/25_default_whitelist_pam.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_passwd.conf → usr/lib/permission-hardener.d/25_default_whitelist_passwd.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_policykit.conf → usr/lib/permission-hardener.d/25_default_whitelist_policykit.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_postfix.conf → usr/lib/permission-hardener.d/25_default_whitelist_postfix.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_qubes.conf → usr/lib/permission-hardener.d/25_default_whitelist_qubes.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_selinux.conf → usr/lib/permission-hardener.d/25_default_whitelist_selinux.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_spice.conf → usr/lib/permission-hardener.d/25_default_whitelist_spice.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_ssh.conf → usr/lib/permission-hardener.d/25_default_whitelist_ssh.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_sudo.conf → usr/lib/permission-hardener.d/25_default_whitelist_sudo.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_unix_chkpwd.conf → usr/lib/permission-hardener.d/25_default_whitelist_unix_chkpwd.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/25_default_whitelist_virtualbox.conf → usr/lib/permission-hardener.d/25_default_whitelist_virtualbox.conf#security-misc-shared
View file

0
usr/lib/permission-hardener.d/30_default.conf → usr/lib/permission-hardener.d/30_default.conf#security-misc-shared
View file

0
usr/lib/sysctl.d/30_security-misc_kexec-disable.conf → usr/lib/sysctl.d/30_security-misc_kexec-disable.conf#security-misc-shared
View file

0
usr/lib/sysctl.d/30_silent-kernel-printk.conf → usr/lib/sysctl.d/30_silent-kernel-printk.conf#security-misc-shared
View file

0
usr/lib/sysctl.d/990-security-misc.conf → usr/lib/sysctl.d/990-security-misc.conf#security-misc-shared
View file

0
usr/lib/systemd/coredump.conf.d/30_security-misc.conf → usr/lib/systemd/coredump.conf.d/30_security-misc.conf#security-misc-shared
View file

0
usr/lib/systemd/networkd.conf.d/80_ipv6-privacy-extensions.conf → usr/lib/systemd/networkd.conf.d/80_ipv6-privacy-extensions.conf#security-misc-desktop
View file

0
usr/lib/systemd/pstore.conf.d/30_security-misc.conf → usr/lib/systemd/pstore.conf.d/30_security-misc.conf#security-misc-shared
View file

0
usr/lib/systemd/system-preset/50-security-misc.preset → usr/lib/systemd/system-preset/50-security-misc.preset#security-misc-shared
View file

0
usr/lib/systemd/system/block-shutdown.service → usr/lib/systemd/system/block-shutdown.service#security-misc-shared
View file

0
usr/lib/systemd/system/emerg-shutdown.service → usr/lib/systemd/system/emerg-shutdown.service#security-misc-shared
View file

0
usr/lib/systemd/system/ensure-shutdown-trigger.service → usr/lib/systemd/system/ensure-shutdown-trigger.service#security-misc-shared
View file

0
usr/lib/systemd/system/ensure-shutdown.service → usr/lib/systemd/system/ensure-shutdown.service#security-misc-shared
View file

0
usr/lib/systemd/system/harden-module-loading.service → usr/lib/systemd/system/harden-module-loading.service#security-misc-shared
View file

0
usr/lib/systemd/system/haveged.service.d/30_security-misc.conf → usr/lib/systemd/system/haveged.service.d/30_security-misc.conf#security-misc-shared
View file

0
usr/lib/systemd/system/hide-hardware-info.service → usr/lib/systemd/system/hide-hardware-info.service#security-misc-shared
View file

0
usr/lib/systemd/system/panic-on-oops.service → usr/lib/systemd/system/panic-on-oops.service#security-misc-shared
View file

0
usr/lib/systemd/system/permission-hardener.service → usr/lib/systemd/system/permission-hardener.service#security-misc-shared
View file

0
usr/lib/systemd/system/proc-hidepid.service → usr/lib/systemd/system/proc-hidepid.service#security-misc-shared
View file

0
usr/lib/systemd/system/remount-secure.service → usr/lib/systemd/system/remount-secure.service#security-misc-shared
View file

0
usr/lib/systemd/system/remove-system-map.service → usr/lib/systemd/system/remove-system-map.service#security-misc-shared
View file

0
usr/lib/systemd/system/sysinit-post.target → usr/lib/systemd/system/sysinit-post.target#security-misc-shared
View file

0
usr/lib/systemd/system/usbguard.service.d/30_security-misc.conf → usr/lib/systemd/system/usbguard.service.d/30_security-misc.conf#security-misc-shared
View file

0
usr/lib/systemd/system/user@.service.d/sysfs.conf → usr/lib/systemd/system/user@.service.d/sysfs.conf#security-misc-shared
View file

0
usr/lib/udev/rules.d/95-emerg-shutdown.rules → usr/lib/udev/rules.d/95-emerg-shutdown.rules#security-misc-shared
View file

0
usr/libexec/security-misc/askpass → usr/libexec/security-misc/askpass#security-misc-shared
View file

0
usr/libexec/security-misc/disable-kernel-module-loading → usr/libexec/security-misc/disable-kernel-module-loading#security-misc-shared
View file

0
usr/libexec/security-misc/echo-path → usr/libexec/security-misc/echo-path#security-misc-shared
View file

Some files were not shown because too many files have changed in this diff Show more