security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-25 13:06:50 -05:00

Author	SHA1	Message	Date
Patrick Schleizer	9622f28e25	skip counting failed login attempts from dovecot Failed dovecot logins should not result in account getting locked. revert "use pam_tally2 only for login"	2021-01-27 05:49:34 -05:00
Patrick Schleizer	480f74cab6	bumped changelog version	2021-01-24 05:10:36 -05:00
Patrick Schleizer	6757104aa4	use pam_tally2 only for login to skip counting failed login attempts over ssh and mail login	2021-01-24 05:04:48 -05:00
Patrick Schleizer	126c31c37d	bumped changelog version	2021-01-19 19:41:43 -05:00
Patrick Schleizer	14d13fb03e	readme	2021-01-19 19:41:42 -05:00
Patrick Schleizer	611fbe2c61	description	2021-01-18 05:39:34 -05:00
Patrick Schleizer	0e8ea5eb72	bumped changelog version	2021-01-14 02:36:49 -05:00
Patrick Schleizer	ddd62c1eef	readme	2021-01-12 03:24:11 -05:00
Patrick Schleizer	468d8b600d	readme	2021-01-12 03:20:58 -05:00
Patrick Schleizer	b5cee63999	new file: README_generic.md	2021-01-12 03:19:31 -05:00
Patrick Schleizer	94627f0875	Merge remote-tracking branch 'github/master'	2021-01-12 03:18:41 -05:00
Patrick Schleizer	79876f7b12	Merge pull request #99 from madaidan/docs Overhaul documentation	2021-01-12 08:17:04 +00:00
madaidan	3066b5ad97	Overhaul documentation	2021-01-12 02:17:13 +00:00
Patrick Schleizer	353e74fb5f	bumped changelog version	2021-01-05 08:30:37 -05:00
Patrick Schleizer	a258f35f38	comment	2021-01-05 02:11:08 -05:00
Patrick Schleizer	a4d7e46141	bumped changelog version	2020-12-10 05:20:57 -05:00
Patrick Schleizer	c5097ed599	comment	2020-12-06 04:23:09 -05:00
Patrick Schleizer	b2b614ed2a	cover more folders in /usr/local	2020-12-06 04:15:52 -05:00
Patrick Schleizer	5bd267d774	refactoring	2020-12-06 04:10:50 -05:00
Patrick Schleizer	11cdce02a0	refactoring	2020-12-06 04:10:10 -05:00
Patrick Schleizer	f73c55f16c	/opt https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706/68	2020-12-06 04:08:58 -05:00
Patrick Schleizer	261ef85c14	bumped changelog version	2020-12-01 05:53:06 -05:00
Patrick Schleizer	c031f22995	SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists `whitelists_disable_all=true`	2020-12-01 05:14:48 -05:00
Patrick Schleizer	b09cc0de6a	Revert "SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists" This reverts commit `36a471ebce`.	2020-12-01 05:10:26 -05:00
Patrick Schleizer	704f0500ba	fix, rename 40_default_whitelist_[...].conf to 25_default_whitelist_[...].conf since whitelist needs to be defined before SUID removal commands	2020-12-01 05:03:16 -05:00
Patrick Schleizer	36a471ebce	SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists `whitelists_disable_all=true`	2020-12-01 05:02:34 -05:00
Patrick Schleizer	318ab570aa	simplify disabling of SUID Disabler and Permission Hardener whitelist split `/etc/permission-hardening.d/30_default.conf` into multiple files `/etc/permission-hardening.d/40_default_whitelist_[...].conf` therefore make it easier to delete any whitelisted SUID binaries	2020-12-01 04:28:15 -05:00
Patrick Schleizer	cf07e977bd	add `/bin/pkexec exactwhitelist` for consistency since there is already `/usr/bin/pkexec exactwhitelist`	2020-11-29 09:09:42 -05:00
Patrick Schleizer	fe27483886	bumped changelog version	2020-11-28 06:08:10 -05:00
Patrick Schleizer	28a326a8a1	add feature `/usr/lib/security-misc/permission-hardening-undo /path/to/filename` to allow removing 1 SUID fix, show INFO message if file does not exist during removal rather than ERROR	2020-11-28 05:31:12 -05:00
Patrick Schleizer	0ef35f8770	bumped changelog version	2020-11-06 10:18:09 -05:00
Patrick Schleizer	abae787186	usability: pam abort when attempting to login to root when root password is locked	2020-11-05 06:47:16 -05:00
Patrick Schleizer	581e31af81	comment	2020-11-05 06:46:57 -05:00
Patrick Schleizer	dfe9b0f6c7	fix, no longer unconditionally abort pam for user accounts with locked passwords as locked user accounts might have valid sudoers exceptions Thanks to @mimp for the bug report! https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521	2020-11-05 06:42:47 -05:00
Patrick Schleizer	211769dc65	comment	2020-11-05 06:41:51 -05:00
Patrick Schleizer	7952139731	comment	2020-11-05 06:39:32 -05:00
Patrick Schleizer	bb72c1278d	copyright	2020-11-05 06:36:39 -05:00
Patrick Schleizer	f4843b1deb	bumped changelog version	2020-10-31 06:29:25 -04:00
Patrick Schleizer	c1e0bb8310	shebang	2020-10-31 06:11:49 -04:00
Patrick Schleizer	b06d4ca299	bumped changelog version	2020-10-31 06:09:22 -04:00
Patrick Schleizer	3f656be574	chmod +x /etc/X11/Xsession.d/50panic_on_oops chmod +x /etc/X11/Xsession.d/50security-misc	2020-10-31 05:48:10 -04:00
Patrick Schleizer	881d695bff	bumped changelog version	2020-10-05 07:03:37 -04:00
Patrick Schleizer	3adb2c92d9	Merge remote-tracking branch 'github/master'	2020-10-03 14:10:32 -04:00
Patrick Schleizer	58560138cd	Merge pull request #77 from madaidan/debugfs Restrict access to debugfs	2020-10-03 18:09:07 +00:00
madaidan	06ffd5d220	Restrict access to debugfs	2020-09-28 19:21:20 +00:00
Patrick Schleizer	feb7cea4c5	bumped changelog version	2020-09-28 10:30:42 -04:00
Patrick Schleizer	da1ac48cde	unblacklist squashfs as this would likely break Whonix-Host ISO https://github.com/Whonix/security-misc/pull/75#issuecomment-700044182	2020-09-28 10:29:50 -04:00
Patrick Schleizer	4070133ed6	unblacklist vfat https://github.com/Whonix/security-misc/pull/75#issuecomment-695201068	2020-09-28 10:25:57 -04:00
Patrick Schleizer	77d461ec08	Merge remote-tracking branch 'github/master'	2020-09-28 10:24:59 -04:00
Patrick Schleizer	3684ab585e	Merge pull request #75 from flawedworld/patch-1 Blacklist more modules (based on OpenSCAP for RHEL 8)	2020-09-28 14:24:15 +00:00

... 2 3 4 5 6 ...

1366 Commits