Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-22 14:01:02 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,377 Commits 2 Branches 291 Tags 8.2 MiB
0762794ff6
Commit Graph

211 Commits

Author SHA1 Message Date
Raja Grewal
c4965ed838
Disable legacy framebuffer drivers 
These were all previously blacklisted for over 2 years.
 2024-07-20 14:55:10 +10:00
Patrick Schleizer
9f53a0182b
undo io_uring related changes 
as these should be done in a separate pull request (if apprpriate)

https://github.com/Kicksecure/security-misc/pull/244#issuecomment-2238889062
 2024-07-19 07:20:59 -04:00
Raja Grewal
95286df502
Update README.md regarding secure ICMP redirects 2024-07-18 15:28:31 +10:00
Raja Grewal
13cc1f0986
Clarify (future) disabling of io_uring 2024-07-18 12:25:00 +10:00
Raja Grewal
9e6facda70
Update module disabling presentation 2024-07-18 12:21:37 +10:00
Raja Grewal
faa9181a6c
Typos 2024-07-18 12:19:27 +10:00
Raja Grewal
6d211faf59
Restrict unprivileged user namespaces 2024-07-18 11:04:54 +10:00
Patrick Schleizer
5cec685cf9
spelling 2024-07-17 10:49:21 -04:00
Patrick Schleizer
821a416fe3
spelling 2024-07-17 10:43:16 -04:00
Patrick Schleizer
0da22c2031
minor 2024-07-17 09:07:31 -04:00
Patrick Schleizer
df80385289
Merge pull request #237 from raja-grewal/intel_pmt 
Disable some Intel PMT kernel modules
 2024-07-17 09:04:18 -04:00
Patrick Schleizer
afe3c25a49
update readme 
https://github.com/Kicksecure/security-misc/issues/239
 2024-07-17 08:58:00 -04:00
Patrick Schleizer
f7772fb85a
minor 2024-07-17 08:57:35 -04:00
Patrick Schleizer
a2802f352f
Merge remote-tracking branch 'raja/kargs' 2024-07-17 08:38:23 -04:00
Patrick Schleizer
070bb46a08
Merge remote-tracking branch 'raja/sysctl' 2024-07-17 08:02:45 -04:00
Patrick Schleizer
cf5f0edbb8
Merge remote-tracking branch 'raja/sysctl' 2024-07-17 07:59:35 -04:00
Raja Grewal
25fd532ce6
Update README.md relating to sysctl's 2024-07-17 21:56:40 +10:00
Raja Grewal
d1119c38b6
Apply changes from code review 2024-07-17 00:31:23 +10:00
Raja Grewal
724435e56e
Disable some Intel Platform Monitoring Technology Telemetry (PMT) modules 2024-07-15 22:38:43 +10:00
Raja Grewal
8219a1e257
Update README.md relating to disabled miscellaneous modules 2024-07-15 21:02:10 +10:00
Raja Grewal
82c5a93f7c
Disable another GPS module 2024-07-15 20:53:07 +10:00
Raja Grewal
b2657bc61f
Improve docs 2024-07-15 15:05:00 +10:00
Raja Grewal
69c8e84927
Fix typos 2024-07-15 14:38:21 +10:00
Raja Grewal
48e1ac4163
Remove the optional slub_debug parameter since it is no longer recommended 2024-07-15 02:04:25 +10:00
Raja Grewal
99038c7a06
Add option to disable support for x86 processes and syscalls in the future 2024-07-15 02:02:01 +10:00
Raja Grewal
f550fbe07c
Add option to disable the entire IPv6 stack functionality 2024-07-15 01:59:04 +10:00
Raja Grewal
a33d4cd099
Refactor existing kernel parameters for clarity 2024-07-15 01:56:25 +10:00
Raja Grewal
acd60e45d8
Add comment about enabling core dump files 2024-07-14 20:07:31 +10:00
Raja Grewal
5cf9afc215
Include optional sysctl's in README.md 2024-07-14 17:05:49 +10:00
Raja Grewal
9f58266546
Move nf_conntrack_helper disabling into separate file 2024-07-13 23:32:01 +10:00
Raja Grewal
8f2ec75f81
Clarify README.mmd relating to module disabling 2024-07-13 23:30:55 +10:00
Raja Grewal
2de3a79599
Refactor existing sysctl for clarity 2024-07-13 22:41:40 +10:00
Raja Grewal
5f10cc8bcf
Update README.md relating to modprobe 2024-07-12 16:22:10 +10:00
Raja Grewal
b02230a783
Split modprobe into blacklisted and disabled configurations 2024-07-12 02:42:37 +10:00
Patrick Schleizer
c815304026
readme 2024-06-01 14:12:57 -04:00
raja-grewal
2f716050d1
Update README.md 2024-05-12 01:06:34 +00:00
Raja Grewal
dddac1dc40
Update README.md 2024-05-11 13:15:42 +10:00
Patrick Schleizer
0d78ecaee3
README 2024-01-16 09:26:21 -05:00
Patrick Schleizer
862bf6b5ab
Merge remote-tracking branch 'ben-grande/clean' 2024-01-16 08:19:28 -05:00
Patrick Schleizer
df0f9d3267
README 2024-01-06 09:19:57 -05:00
Patrick Schleizer
86f91e3030
revert umask 027 by default 
because broken because this also happens for root while it should not

https://github.com/Kicksecure/security-misc/issues/185
 2024-01-06 09:11:54 -05:00
Ben Grande
abf72c2ee4
Rename file permission hardening script 
Hardener as the script is the agent that is hardening the file
permissions.
 2024-01-02 13:34:29 +01:00
Patrick Schleizer
f64a869bfd
readme 2023-12-25 11:03:22 -05:00
Patrick Schleizer
0810c1ce3c
fix bluetooth in readme 
fixes https://github.com/Kicksecure/security-misc/issues/180
 2023-12-25 09:10:31 -05:00
Patrick Schleizer
37b4ab15a8
readme 2023-12-25 09:04:10 -05:00
Patrick Schleizer
79f398d219
formatting 2023-12-25 08:45:20 -05:00
Patrick Schleizer
c90ada3c39
pandoc -f markdown -t markdown --wrap=auto --columns=80 README.md -o README.md 2023-12-25 08:37:23 -05:00
Patrick Schleizer
34bf297bd1
formatting 2023-12-25 08:32:34 -05:00
Patrick Schleizer
d5fc9f6201
improve bluetooth in readme 
as suggested by @monsieuremre

https://github.com/Kicksecure/security-misc/issues/180
 2023-12-25 08:26:03 -05:00
Patrick Schleizer
5a73817a95
move to /usr/lib/issue.d/20_security-misc.issue 
https://github.com/Kicksecure/security-misc/pull/167
 2023-12-04 11:38:49 -05:00
Patrick Schleizer
c4e21ca5f4
added development philosophy 
https://github.com/Kicksecure/security-misc/issues/154
 2023-12-04 10:58:16 -05:00
Patrick Schleizer
feab1432f9
clarify scope 
https://github.com/Kicksecure/security-misc/issues/154
 2023-12-04 10:48:27 -05:00
Patrick Schleizer
2de5ab4120
clarify scope of application specific hardening 
fixes https://github.com/Kicksecure/security-misc/issues/154
 2023-11-06 13:47:30 -05:00
Patrick Schleizer
ad079ac5cc
readme 
https://github.com/Kicksecure/security-misc/pull/152
 2023-11-05 20:55:55 -05:00
Patrick Schleizer
be023c7722
readme 
https://github.com/Kicksecure/security-misc/issues/159
 2023-11-05 20:54:43 -05:00
Patrick Schleizer
42be631023
readme 2023-11-05 14:54:05 -05:00
Patrick Schleizer
93437952b4
readme 2023-11-05 14:41:01 -05:00
monsieuremre
fbd9e5d017
README.md 2023-11-04 14:33:35 +00:00
Patrick Schleizer
97054b2b10
revert enabling kernel module signature enforcement 
due to issues

https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/63

https://github.com/dell/dkms/issues/359
 2023-11-03 15:55:17 -04:00
Patrick Schleizer
978e3e4abd
readme 2023-11-03 14:53:40 -04:00
Patrick Schleizer
c33a3d9aad
readme 2023-11-03 10:44:48 -04:00
Raja Grewal
cf003dfad8
Update comments 2023-05-16 02:11:44 +10:00
Jeremy Rand
9d23717b6d
README: Document mmap-rnd-bits 2023-05-08 13:45:18 +00:00
Patrick Schleizer
6faa050dd8
migrate ram-wipe to dedicated package 2023-01-09 06:54:04 -05:00
Raja Grewal
d500205f55
Update README.md 2022-08-21 23:03:13 +10:00
Raja Grewal
c4a1094760
Merge branch 'Kicksecure:master' into harden 2022-07-18 13:36:23 +00:00
Raja Grewal
2b237039cf
Update README.md 2022-07-13 22:25:53 +10:00
Raja Grewal
fe0cc10890
Updated README.md 2022-07-12 17:18:47 +10:00
Patrick Schleizer
26b2c9727f
not blacklist CD-ROM / DVD yet 
https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
 2022-07-07 15:39:40 -04:00
Patrick Schleizer
d5c1650341
shuffle 2022-07-07 15:28:09 -04:00
raja-grewal
28381e81d4
Update README.md 2022-07-07 09:28:30 +00:00
Patrick Schleizer
92ff868ece
readme 2022-07-05 11:05:36 -04:00
Patrick Schleizer
b8ba608535
readme 2022-07-05 10:57:28 -04:00
Patrick Schleizer
949edf3e17
readme 2022-07-05 10:48:58 -04:00
Patrick Schleizer
8f03ce049a
readme 2022-07-05 10:41:55 -04:00
Patrick Schleizer
d7dd188651
remove unicode 2022-06-08 09:27:02 -04:00
Patrick Schleizer
55d16e1602
remove unicode 2022-06-08 09:04:03 -04:00
Patrick Schleizer
4a3ed17160
readme 2022-05-19 17:25:58 -04:00
Patrick Schleizer
a4e18a2ae8
dracut reproducible=yes 2021-09-04 18:28:37 -04:00
Patrick Schleizer
08adf4a07d
readme 2021-08-17 15:23:49 -04:00
Patrick Schleizer
2bf0e7471c
port from pam_tally2 to pam_faillock 
since pam_tally2 was deprecated upstream
 2021-08-10 15:11:01 -04:00
Patrick Schleizer
50bdd097df
move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS 2021-08-03 12:56:31 -04:00
Patrick Schleizer
0492f28aa1
enable "apt-get --error-on=any" by default 
makes apt exit non-zero for transient failures

`/etc/apt/apt.conf.d/40error-on-any`

https://forums.whonix.org/t/debian-bullseye-apt-get-error-on-any/12068
 2021-08-03 12:37:39 -04:00
Patrick Schleizer
ddd62c1eef
readme 2021-01-12 03:24:11 -05:00
madaidan
3066b5ad97
Overhaul documentation 2021-01-12 02:17:13 +00:00
Patrick Schleizer
ac8bc4f006
readme 2020-07-29 06:30:07 -04:00
Patrick Schleizer
cb51847085
readme 2020-04-15 14:05:37 -04:00
Patrick Schleizer
e0b8640fb9
readme 2020-04-13 06:56:34 -04:00
Patrick Schleizer
67b9d06b25
readme 2020-04-09 09:45:29 +00:00
Patrick Schleizer
0441f2ed7a
readme 2020-04-08 12:30:05 +00:00
Patrick Schleizer
350a15dfbf
readme 2020-04-06 13:22:32 -04:00
Patrick Schleizer
ae8c5fff3c
readme 2020-04-02 07:22:47 -04:00
Patrick Schleizer
76eb9579a3
readme 2020-03-05 08:33:00 -05:00
Patrick Schleizer
1dea4dbcf6
readme 2020-03-03 09:18:38 -05:00
Patrick Schleizer
201d6b5efc
readme 2020-03-03 09:07:42 -05:00
Patrick Schleizer
32269d32b6
description 2020-02-29 04:59:15 -05:00
Patrick Schleizer
d04d4bf095
description 2020-02-25 02:08:10 -05:00
Patrick Schleizer
3df008f0b9
readme 2020-02-15 15:28:30 -05:00
Patrick Schleizer
d1fa191bc0
readme 2020-02-13 13:38:21 -05:00
Patrick Schleizer
4df0d6c01c
readme 2020-01-30 01:22:06 -05:00