Raja Grewal
|
1bb843ec38
|
Update Copyright (C) to 2024
|
2024-05-11 13:18:36 +10:00 |
|
Patrick Schleizer
|
ecaa024f22
|
lower debugging
|
2024-03-18 11:01:56 -04:00 |
|
Patrick Schleizer
|
3048e0ac76
|
usrmerge
https://github.com/Kicksecure/security-misc/issues/190
|
2024-01-17 13:54:07 -05:00 |
|
Patrick Schleizer
|
0efee2f50f
|
usrmerge
fixes https://github.com/Kicksecure/security-misc/issues/190
|
2024-01-17 13:39:56 -05:00 |
|
Patrick Schleizer
|
86f91e3030
|
revert umask 027 by default
because broken because this also happens for root while it should not
https://github.com/Kicksecure/security-misc/issues/185
|
2024-01-06 09:11:54 -05:00 |
|
Patrick Schleizer
|
5b36599c0c
|
/dev/, /dev/shm, /tmp
https://github.com/Kicksecure/security-misc/issues/157#issuecomment-1869073716
|
2023-12-29 14:57:38 -05:00 |
|
Patrick Schleizer
|
c86c83cef7
|
formatting
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 10:31:58 -05:00 |
|
Patrick Schleizer
|
971ff687b1
|
do not mount /dev/cdrom by default
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 10:30:35 -05:00 |
|
Patrick Schleizer
|
9fce67fcd9
|
remove superfluous, broken remount mount option
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 10:28:47 -05:00 |
|
Patrick Schleizer
|
40fd8cb608
|
no nofail mount option to avoid breaking the boot of a system
unit testing belongs elsewhere
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:51:09 -05:00 |
|
Patrick Schleizer
|
4aa645f29f
|
comment
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:46:33 -05:00 |
|
Patrick Schleizer
|
2b7aeedb4a
|
mount /dev/cdrom to /mnt/cdrom (instead of /mnt/cdrom0) and
nodev,nosuid,noexec
as per:
https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:44:51 -05:00 |
|
Patrick Schleizer
|
0d9e9780da
|
formatting
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:37:14 -05:00 |
|
Patrick Schleizer
|
00f9ab4394
|
/dev devtmpfs
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:36:05 -05:00 |
|
Patrick Schleizer
|
55709b3aa0
|
/tmp tmpfs
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:30:57 -05:00 |
|
Patrick Schleizer
|
b0dd967611
|
usrmerge
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:28:08 -05:00 |
|
Patrick Schleizer
|
269fada14a
|
combine bind lines
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:25:14 -05:00 |
|
Patrick Schleizer
|
039de1dc9b
|
add hardened fstab /usr/share/doc/security-misc/fstab-vm
to the documentation folder as an example
not directly used by security-misc
will later be used by Kicksecure VM build process
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-12 11:50:11 -05:00 |
|
Patrick Schleizer
|
3bc831a1f7
|
lintian
|
2023-11-06 16:27:29 -05:00 |
|
Patrick Schleizer
|
b85d48eb83
|
do not change default umask for root
since this causes permission issues in `/etc/`
https://github.com/Kicksecure/security-misc/pull/151
|
2023-11-03 10:31:59 -04:00 |
|
Patrick Schleizer
|
07540db90d
|
Revert "Revert "set default umask to 027""
This reverts commit f8913ceb2e .
|
2023-11-03 09:45:12 -04:00 |
|
Patrick Schleizer
|
f8913ceb2e
|
Revert "set default umask to 027"
This reverts commit cd216095eb .
|
2023-11-03 09:43:44 -04:00 |
|
Patrick Schleizer
|
cd216095eb
|
set default umask to 027
using package libpam-umask
https://www.debian.org/doc/manuals/securing-debian-manual/ch04s11.en.html#id-1.5.14.19
https://github.com/Kicksecure/security-misc/pull/151
|
2023-11-03 09:12:24 -04:00 |
|
Patrick Schleizer
|
a7629b98cf
|
fix
|
2023-10-22 15:40:49 -04:00 |
|
Patrick Schleizer
|
25760f7024
|
bookworm
|
2023-06-13 08:34:41 +00:00 |
|
Raja Grewal
|
7a4212dd76
|
Update copyright
|
2023-03-30 17:08:47 +11:00 |
|
Patrick Schleizer
|
b87d9eb865
|
lintian
|
2023-01-24 07:08:13 -05:00 |
|
Patrick Schleizer
|
d31c17ea04
|
fix
|
2023-01-07 14:31:14 -05:00 |
|
Patrick Schleizer
|
41d116aa2f
|
lintian
|
2023-01-07 14:30:12 -05:00 |
|
Patrick Schleizer
|
8b584c570a
|
lintian
|
2022-06-29 16:06:22 -04:00 |
|
Patrick Schleizer
|
1c51d15649
|
lintian
|
2022-06-29 15:23:53 -04:00 |
|
Patrick Schleizer
|
6eba53767f
|
lintian
|
2022-06-29 14:17:52 -04:00 |
|
Patrick Schleizer
|
cfae7de6a8
|
lintian
|
2022-06-29 09:58:37 -04:00 |
|
Patrick Schleizer
|
2d37e3a1af
|
copyright
|
2022-05-20 14:46:38 -04:00 |
|
Patrick Schleizer
|
be8c10496f
|
fix faillock implementation
dovecot / ssh are exempted
|
2021-09-01 15:55:53 -04:00 |
|
Patrick Schleizer
|
582492d6d8
|
port from pam_tally2 to pam_faillock
since pam_tally2 was deprecated upstream
|
2021-08-10 17:13:00 -04:00 |
|
Patrick Schleizer
|
2bf0e7471c
|
port from pam_tally2 to pam_faillock
since pam_tally2 was deprecated upstream
|
2021-08-10 15:11:01 -04:00 |
|
Patrick Schleizer
|
2aea74bd71
|
renamed: usr/libexec/security-misc/pam_tally2-info -> usr/libexec/security-misc/pam-info
renamed: usr/libexec/security-misc/pam_tally2_not_if_x -> usr/libexec/security-misc/pam_faillock_not_if_x
renamed: usr/share/pam-configs/tally2-security-misc -> usr/share/pam-configs/faillock-security-misc
|
2021-08-10 15:06:04 -04:00 |
|
Patrick Schleizer
|
50bdd097df
|
move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS
|
2021-08-03 12:56:31 -04:00 |
|
Patrick Schleizer
|
8eae635668
|
update lintian tag name
|
2021-08-03 11:51:31 -04:00 |
|
Patrick Schleizer
|
b3e34f7f43
|
comment
|
2021-07-25 11:27:07 -04:00 |
|
Patrick Schleizer
|
7e128636b3
|
improve LKRG VirtualBox host configuration
as per https://github.com/openwall/lkrg/issues/82#issuecomment-886188999
|
2021-07-25 11:26:20 -04:00 |
|
Patrick Schleizer
|
257cef24ba
|
add LKRG compatibility settings automation for VirtualBox hosts
https://github.com/openwall/lkrg/issues/82
|
2021-07-24 18:03:40 -04:00 |
|
Patrick Schleizer
|
a67007f4b7
|
copyright
|
2021-03-17 09:45:21 -04:00 |
|
Patrick Schleizer
|
9622f28e25
|
skip counting failed login attempts from dovecot
Failed dovecot logins should not result in account getting locked.
revert "use pam_tally2 only for login"
|
2021-01-27 05:49:34 -05:00 |
|
Patrick Schleizer
|
6757104aa4
|
use pam_tally2 only for login
to skip counting failed login attempts over ssh and mail login
|
2021-01-24 05:04:48 -05:00 |
|
Patrick Schleizer
|
5c81e1f23f
|
import from anon-gpg-conf
|
2020-04-06 09:25:45 -04:00 |
|
Patrick Schleizer
|
2ceea8d1fe
|
update copyright year
|
2020-04-01 08:49:59 -04:00 |
|
Patrick Schleizer
|
300f010fc2
|
increase priority of pam-abort-on-locked-password-security-misc
since it has its own user help output
so it shows before pam tally2 info
to avoid duplicate non-applicable help text
|
2019-12-12 09:29:00 -05:00 |
|
Patrick Schleizer
|
729fa26eca
|
use pam_acccess only for /etc/pam.d/login
remove "Allow members of group 'ssh' to login."
remove "+:ssh:ALL EXCEPT LOCAL"
|
2019-12-12 09:00:08 -05:00 |
|