security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00

Author	SHA1	Message	Date
Patrick Schleizer	0326cd5ee9	bumped changelog version	2019-12-24 08:07:55 -05:00
Patrick Schleizer	7a80837b4f	bumped changelog version	2019-12-23 08:48:04 -05:00
Patrick Schleizer	bef41a38c2	bumped changelog version	2019-12-23 03:58:00 -05:00
Patrick Schleizer	9ec5b0ee82	description: lockdown not enabled yet	2019-12-23 03:38:49 -05:00
Patrick Schleizer	1ff51ee061	merge	2019-12-23 03:37:28 -05:00
Patrick Schleizer	42ff53e9ad	bumped changelog version	2019-12-23 02:42:07 -05:00
Patrick Schleizer	175d1c2845	bumped changelog version	2019-12-23 02:13:13 -05:00
Patrick Schleizer	3670fcf48b	depend on libcap2-bin for setcap / getcap / capsh	2019-12-23 00:49:33 -05:00
Patrick Schleizer	bce02ffdc0	Merge pull request #47 from madaidan/msr Blacklist CPU MSRs	2019-12-22 15:26:07 +00:00
madaidan	8f11a520f4	Update control	2019-12-22 13:54:16 +00:00
Patrick Schleizer	008ce4817c	bumped changelog version	2019-12-21 14:55:03 -05:00
Patrick Schleizer	1213415ce6	bumped changelog version	2019-12-21 14:23:35 -05:00
Patrick Schleizer	1c99b56c9b	bumped changelog version	2019-12-21 07:49:55 -05:00
Patrick Schleizer	b74e5ca972	comment	2019-12-21 07:47:00 -05:00
Patrick Schleizer	0c4db8c2b0	bumped changelog version	2019-12-21 07:38:25 -05:00
Patrick Schleizer	af8b04b73d	rm_conffile /etc/apparmor.d/usr.lib.security-misc.pam_tally2-info rm_conffile /etc/apparmor.d/usr.lib.security-misc.permission-lockdown https://github.com/Whonix/security-misc/pull/45	2019-12-21 06:58:01 -05:00
Patrick Schleizer	fac17a963d	bumped changelog version	2019-12-21 06:28:19 -05:00
Patrick Schleizer	78d33d8b57	bumped changelog version	2019-12-21 06:12:20 -05:00
Patrick Schleizer	ff48b672a8	bumped changelog version	2019-12-21 06:00:17 -05:00
Patrick Schleizer	65b5adb2d7	bumped changelog version	2019-12-21 05:38:39 -05:00
Patrick Schleizer	2b5a49a61b	bumped changelog version	2019-12-21 05:31:55 -05:00
Patrick Schleizer	ed20980f4c	refactoring	2019-12-21 05:07:10 -05:00
Patrick Schleizer	89be5f2ecb	bumped changelog version	2019-12-21 02:05:39 -05:00
Patrick Schleizer	1cd5fb6a00	bumped changelog version	2019-12-20 11:50:25 -05:00
Patrick Schleizer	28d12c3966	bumped changelog version	2019-12-20 11:09:22 -05:00
Patrick Schleizer	c0ddb76d74	bumped changelog version	2019-12-20 10:50:51 -05:00
Patrick Schleizer	089c40135f	bumped changelog version	2019-12-20 08:15:00 -05:00
Patrick Schleizer	ddc0eec63d	bumped changelog version	2019-12-20 07:12:36 -05:00
Patrick Schleizer	8e112c3423	description	2019-12-20 06:53:24 -05:00
Patrick Schleizer	24ea70384b	description	2019-12-20 06:53:03 -05:00
Patrick Schleizer	6dd6530fa5	remove hardening-enable please invent package security-paranoid instead https://forums.whonix.org/t/security-hardening-tool-usr-bin-hardening-enable-by-security-misc/8609	2019-12-20 05:32:26 -05:00
Patrick Schleizer	62eb462920	skip console_users_check for Qubes users	2019-12-16 06:46:48 -05:00
Patrick Schleizer	ab68182e11	bumped changelog version	2019-12-16 06:27:51 -05:00
Patrick Schleizer	2c4170e6f3	description	2019-12-12 09:47:58 -05:00
Patrick Schleizer	2d5ef378f3	description	2019-12-12 09:39:39 -05:00
Patrick Schleizer	a10597de92	bumped changelog version	2019-12-12 09:04:15 -05:00
Patrick Schleizer	729fa26eca	use pam_acccess only for /etc/pam.d/login remove "Allow members of group 'ssh' to login." remove "+:ssh:ALL EXCEPT LOCAL"	2019-12-12 09:00:08 -05:00
Patrick Schleizer	22b6480bc4	bumped changelog version	2019-12-10 11:44:02 -05:00
Patrick Schleizer	88bea2a6ef	comment	2019-12-10 03:53:10 -05:00
Patrick Schleizer	7d8001ddc9	refactoring	2019-12-10 03:51:39 -05:00
Patrick Schleizer	d2f6ac0491	fix, do user/group modifications in preinst rather than postinst	2019-12-10 03:50:23 -05:00
Patrick Schleizer	64ae53edb9	bumped changelog version	2019-12-09 08:25:30 -05:00
Patrick Schleizer	6f944234a9	bumped changelog version	2019-12-08 05:26:29 -05:00
Patrick Schleizer	c192644ee3	security-misc `/usr/share/pam-configs/permission-lockdown-security-misc` is no longer required, removed. Thereby fix apparmor issue. > Dec 08 09:47:50 host audit[3232]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=3232 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 > Dec 08 09:47:50 host sudo[3232]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied It is no longer required, because... existing linux user accounts: * Get permission lock down because security-misc `debian/security-misc.postinst` calls `/usr/lib/security-misc/permission-lockdown`. new linux user accounts (created at first boot): * security-misc `/usr/share/pam-configs/mkhomedir-security-misc` pam mkhomedir sets secure permissions using `umask=027`.	2019-12-08 05:21:35 -05:00
Patrick Schleizer	edcc2de71d	bumped changelog version	2019-12-08 04:38:33 -05:00
Patrick Schleizer	17d81d0083	bumped changelog version	2019-12-08 04:27:01 -05:00
Patrick Schleizer	ebae9eef38	skip sudo_users_check in Qubes Qubes users can use dom0 to get a root terminal emulator. For example: qvm-run -u root debian-10 xterm	2019-12-08 04:25:19 -05:00
Patrick Schleizer	53e4717c62	bumped changelog version	2019-12-08 04:05:29 -05:00
Patrick Schleizer	a345a0fb64	abort installation if ssh.service is enabled but no user is member of group ssh	2019-12-08 03:27:12 -05:00
Patrick Schleizer	cea598dc1a	refactoring	2019-12-08 02:43:05 -05:00

1 2 3 4 5 ...

333 Commits