security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-13 09:31:25 -05:00

Author	SHA1	Message	Date
Patrick Schleizer	40b23cfad4	bumped changelog version	2024-12-31 18:42:01 +00:00
Patrick Schleizer	33114f771a	copyright	2024-12-31 13:26:21 -05:00
Patrick Schleizer	bb24bff296	bumped changelog version	2024-12-31 14:09:34 +00:00
Patrick Schleizer	0640964c35	readme	2024-12-31 06:14:29 -05:00
Aaron Rainbolt	717e6fcfbe	Post-review improvements to permission-hardener	2024-12-30 21:34:23 -06:00
Aaron Rainbolt	dbcb612517	Polish permission-hardener refactor	2024-12-26 00:43:26 -06:00
Patrick Schleizer	397b476a82	bumped changelog version	2024-12-26 04:12:02 +00:00
Patrick Schleizer	66f8c18c65	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint'	2024-12-25 22:43:04 -05:00
Aaron Rainbolt	83d3867959	Refactor permission-hardener to be more idempotent	2024-12-25 16:53:55 -06:00
Aaron Rainbolt	6602fb102d	Adjust pam-info messaging for sysmaint mode	2024-12-24 20:52:34 -06:00
Patrick Schleizer	aa82202e70	bumped changelog version	2024-12-24 05:16:22 +00:00
Patrick Schleizer	27d015d58e	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint'	2024-12-24 00:08:58 -05:00
Aaron Rainbolt	2f3a2bce77	Add warning about using non-sysmaint accounts in sysmaint mode	2024-12-20 11:04:22 -06:00
Patrick Schleizer	3c73c0cd3a	bumped changelog version	2024-12-20 06:01:27 +00:00
Patrick Schleizer	a4c76c617a	syntax fix	2024-12-20 01:01:13 -05:00
Patrick Schleizer	b40bc0a2c9	bumped changelog version	2024-12-20 05:58:24 +00:00
Patrick Schleizer	b21c394ea5	Trigger permission hardener when new configuration files are being installed.	2024-12-20 00:56:20 -05:00
Patrick Schleizer	cd027b86e7	bumped changelog version	2024-12-20 05:48:48 +00:00
Patrick Schleizer	ad6e1f5ad4	move from `/etc/permission-hardener.d` to `/usr/lib/permission-hardener.d`	2024-12-20 00:41:06 -05:00
Patrick Schleizer	a2c1e8c218	clean up old files in `/etc/permission-hardener.d` because will be moved to `/usr/lib/permission-hardener.d`	2024-12-20 00:39:51 -05:00
Patrick Schleizer	6de5d2d076	permission hardener: also parse `/usr/lib/permission-hardener.d/*.conf` folder	2024-12-20 00:37:44 -05:00
Patrick Schleizer	721b100fb6	bumped changelog version	2024-12-19 10:58:50 +00:00
raja-grewal	642b4eeedc	Add link to tabular comparison of CPU mitigations	2024-12-19 21:57:25 +11:00
Patrick Schleizer	175b442d5b	use long option name	2024-12-19 05:56:50 -05:00
Patrick Schleizer	c99021bb0c	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint'	2024-12-19 05:56:01 -05:00
raja-grewal	2e6e1701a0	Set `net.ipv4.conf.*.drop_gratuitous_arp=1`	2024-12-19 10:35:08 +00:00
raja-grewal	c37f4efadf	Set `net.ipv4.conf.*.arp_ignore=2`	2024-12-19 10:33:49 +00:00
raja-grewal	af1d06973b	Set `net.ipv4.conf.*.arp_filter=1`	2024-12-19 10:31:43 +00:00
raja-grewal	750367a906	Set `net.ipv4.conf.*.shared_media=0`	2024-12-19 10:29:56 +00:00
Patrick Schleizer	95b535764c	bumped changelog version	2024-12-19 09:43:26 +00:00
Patrick Schleizer	daf0a0900b	fix apt-get-update for non-English locale https://forums.kicksecure.com/t/systemcheck-reports-warning-debian-package-update-check-result-apt-get-reports-that-packages-can-be-updated-but-system-is-already-fully-upgraded/785	2024-12-19 04:39:34 -05:00
Patrick Schleizer	e9a5b14a0d	bumped changelog version	2024-12-19 06:57:42 +00:00
Patrick Schleizer	3135a03e21	Merge remote-tracking branch 'github-kicksecure/master'	2024-12-19 00:34:56 -05:00
Patrick Schleizer	c7f7196471	Merge pull request #287 from raja-grewal/patch Refactor and add two CPU mitigations	2024-12-19 00:31:25 -05:00
Patrick Schleizer	f0c611d9ed	comment	2024-12-19 00:18:25 -05:00
Patrick Schleizer	4f681be774	Merge remote-tracking branch 'github-kicksecure/master'	2024-12-19 00:17:44 -05:00
Patrick Schleizer	e5b67e044b	Merge pull request #279 from raja-grewal/arp Provide network-related hardening options via `sysctl`'s	2024-12-19 00:15:02 -05:00
Patrick Schleizer	4cf5757575	Merge pull request #282 from ArrayBolt3/arraybolt3/umask Enable umask hardening	2024-12-19 00:08:56 -05:00
Aaron Rainbolt	9d69cd1912	Add sysmaint account lock detection	2024-12-18 21:34:37 -06:00
raja-grewal	3749f8ff09	Update presentation on user namespaces	2024-12-18 03:36:09 +00:00
raja-grewal	0dff2cd28f	Minor additions	2024-12-18 03:32:35 +00:00
raja-grewal	3e96fdd9cc	Enable `kvm.mitigate_smt_rsb=1`	2024-12-17 11:44:11 +00:00
raja-grewal	45355aabdc	Enable `kvm-intel.vmentry_l1d_flush=always`	2024-12-17 11:42:52 +00:00
raja-grewal	defba1f245	Refactor CPU mitigations	2024-12-17 11:42:03 +00:00
raja-grewal	943c421889	Minor refactoring	2024-12-17 11:40:38 +00:00
raja-grewal	ca3a73ac13	Typo	2024-12-17 11:37:10 +00:00
Aaron Rainbolt	4c3ca68453	Disable unnecessary sudoers exceptions	2024-12-16 02:56:52 -05:00
Patrick Schleizer	9d06341c91	Merge pull request #285 from Kicksecure/permission-hardener-mount Permission Hardener: treat mount same as umount	2024-12-14 15:18:56 -05:00
raja-grewal	c116796854	`arp_ignore`: Add reference to 2024-12-10 Mullvad VPN audit details	2024-12-12 06:36:47 +00:00
Patrick Schleizer	a9dd592a8b	bumped changelog version	2024-12-10 19:19:10 +00:00

1 2 3 4 5 ...

2568 Commits