Commit Graph

1452 Commits

Author SHA1 Message Date
Patrick Schleizer
24cc8e380d
comment out proc-hidepid.service hardening for now
since broken in Qubes Debian AppVMs

https://forums.whonix.org/t/kernel-hardening/7296/104
2019-07-01 03:43:02 -04:00
Patrick Schleizer
0bffc7a930
Merge remote-tracking branch 'origin/master' 2019-07-01 03:08:26 -04:00
Patrick Schleizer
3c176ce158
allow permissions openat mkdir
since required in Qubes Debian templates
2019-07-01 03:07:14 -04:00
Patrick Schleizer
344d009032
Merge pull request #19 from madaidan/patch-15
Add licensing to proc-hidepid.service
2019-07-01 06:39:28 +00:00
madaidan
b8f2aee905
Add licensing 2019-06-30 13:22:43 +00:00
madaidan
cfaafe400c
Update control 2019-06-30 13:16:12 +00:00
madaidan
eedeaa0e7f
Update common-session-noninteractive 2019-06-30 13:12:59 +00:00
madaidan
a9af85f585
Update common-session 2019-06-30 13:12:16 +00:00
madaidan
1e1d29cfde
Create common-session-noninteractive 2019-06-30 13:11:31 +00:00
madaidan
501901f7c0
Change default umask to 006 2019-06-30 13:10:54 +00:00
madaidan
09a5c27f47
Create common-session 2019-06-30 13:10:29 +00:00
madaidan
a319333493
Create login.defs 2019-06-30 13:09:51 +00:00
Patrick Schleizer
f26ad14d4c
bumped changelog version 2019-06-30 07:21:58 -04:00
Patrick Schleizer
b8ace6e3f6
bump 2019-06-30 07:21:31 -04:00
Patrick Schleizer
f3a4800987
bumped changelog version 2019-06-30 08:23:51 +00:00
Patrick Schleizer
85f61758c5
fix package description 2019-06-30 04:11:38 -04:00
Patrick Schleizer
e473397061
Merge remote-tracking branch 'origin/master' 2019-06-30 04:11:12 -04:00
Patrick Schleizer
ec78a3e42e
Merge pull request #17 from madaidan/patch-13
Disable coredumps
2019-06-30 08:10:28 +00:00
Patrick Schleizer
67de5247c8
Merge branch 'master' into patch-13 2019-06-30 08:10:04 +00:00
Patrick Schleizer
9525ff87c6
Merge pull request #16 from madaidan/patch-12
Mount /proc with hidepid=2
2019-06-30 08:09:23 +00:00
madaidan
dbfb9e1cdf
Update control 2019-06-30 00:21:46 +00:00
madaidan
024a698249
Update control 2019-06-30 00:20:38 +00:00
madaidan
230ef34db4
Create disable-coredumps.conf 2019-06-30 00:19:04 +00:00
madaidan
1bf802f846
Create coredumps.conf 2019-06-30 00:16:50 +00:00
madaidan
f040081a59
Prevent setuid processes from creating coredumps. 2019-06-30 00:13:52 +00:00
madaidan
c6b669f1a5
Create disable-coredumps.conf 2019-06-30 00:11:13 +00:00
madaidan
22267c895b
Update control 2019-06-29 22:30:41 +00:00
madaidan
a2c676ed48
Update proc-hidepid.service 2019-06-29 22:28:41 +00:00
madaidan
dcf57bebf0
Create proc-hidepid.service 2019-06-29 22:27:24 +00:00
Patrick Schleizer
24b19c5976
bumped changelog version 2019-06-29 10:35:13 +00:00
Patrick Schleizer
befa03fea8
fix lintian warning 2019-06-29 10:34:48 +00:00
Patrick Schleizer
250919b821
Merge remote-tracking branch 'origin/master' 2019-06-29 06:06:02 -04:00
Patrick Schleizer
60e6dfcbff
Merge pull request #15 from madaidan/patch-11
Update control
2019-06-29 10:05:34 +00:00
madaidan
9e9c854d27
Update control 2019-06-28 11:34:35 +00:00
madaidan
b26d861dff
Update control 2019-06-28 11:33:48 +00:00
Patrick Schleizer
ecf5d80fdf
bumped changelog version 2019-06-28 07:20:53 +00:00
Patrick Schleizer
36c2b1d283
fix lintian warning 2019-06-28 07:18:30 +00:00
Patrick Schleizer
a978fe1000
chmod +x usr/lib/security-misc/remove-system.map 2019-06-28 07:17:35 +00:00
Patrick Schleizer
fe69dc6173
bumped changelog version 2019-06-28 07:09:35 +00:00
Patrick Schleizer
6a6afc347a
update files list 2019-06-28 03:02:49 -04:00
Patrick Schleizer
ccb89cfd55
Merge remote-tracking branch 'origin/master' 2019-06-28 03:00:21 -04:00
Patrick Schleizer
ab312235ba
Merge pull request #14 from madaidan/patch-10
Add some hardening for other distributions
2019-06-28 06:59:16 +00:00
Patrick Schleizer
5e02100e34
Merge pull request #13 from madaidan/patch-9
Remove System.map and restrict the SysRq key.
2019-06-28 06:58:32 +00:00
Patrick Schleizer
7e12e16dc0
Merge pull request #11 from madaidan/patch-7
Protect against DMA attacks
2019-06-28 06:57:42 +00:00
madaidan
3801a53a9e
Update tcp_hardening.conf 2019-06-27 18:17:58 +00:00
madaidan
c54125270b
Create dmesg_restrict.conf 2019-06-27 18:15:57 +00:00
madaidan
b809185008
Update remove-system-map.service 2019-06-27 16:09:52 +00:00
madaidan
9392c8deb2
Update remove-system.map 2019-06-26 15:03:54 +00:00
madaidan
8ef0db17e6
Use a for loop to detect if System.map exists 2019-06-26 12:59:45 +00:00
madaidan
3116a56f13
Create remove-system-map.service 2019-06-25 19:25:32 +00:00