Patrick Schleizer
|
0b873b765e
|
minor
|
2024-07-17 08:05:27 -04:00 |
|
Patrick Schleizer
|
070bb46a08
|
Merge remote-tracking branch 'raja/sysctl'
|
2024-07-17 08:02:45 -04:00 |
|
Patrick Schleizer
|
6d6e5473f2
|
minor
|
2024-07-17 08:00:24 -04:00 |
|
Patrick Schleizer
|
cf5f0edbb8
|
Merge remote-tracking branch 'raja/sysctl'
|
2024-07-17 07:59:35 -04:00 |
|
Raja Grewal
|
39fd125eb0
|
Provide explanation on the disabling of IPv6 Privacy Extensions
|
2024-07-17 21:44:44 +10:00 |
|
Raja Grewal
|
693b47e623
|
Clarify ICMP redirect acceptance and sending
|
2024-07-17 14:58:30 +10:00 |
|
Raja Grewal
|
824d9b82e5
|
Uncomment redundant disabling of TCP FACK`
|
2024-07-17 00:36:18 +10:00 |
|
Raja Grewal
|
d1119c38b6
|
Apply changes from code review
|
2024-07-17 00:31:23 +10:00 |
|
Patrick Schleizer
|
6e63fc8985
|
Merge remote-tracking branch 'ben-grande/fuzz'
|
2024-07-15 17:14:25 -04:00 |
|
Raja Grewal
|
a8bc1144c3
|
Updated wording of error files for disabled modules
|
2024-07-15 21:10:13 +10:00 |
|
Raja Grewal
|
fda3832eaf
|
Replace bash file presented for disabling of miscellaneous modules
|
2024-07-15 21:08:45 +10:00 |
|
Raja Grewal
|
c52b1a3fd2
|
Create disabled-miscellaneous-by-security-misc
|
2024-07-15 20:58:45 +10:00 |
|
Raja Grewal
|
1c2afc1f25
|
Update presentation of the kernel.printk sysctl
|
2024-07-15 15:01:48 +10:00 |
|
Raja Grewal
|
2b9e174c9d
|
Remove empty lines
|
2024-07-14 16:22:52 +10:00 |
|
Raja Grewal
|
dd1741c4a1
|
Some documentation additions and fixes
|
2024-07-14 13:40:53 +10:00 |
|
Raja Grewal
|
565597c9a2
|
Minor documentation changes and fixes
|
2024-07-14 01:21:24 +10:00 |
|
Raja Grewal
|
2de3a79599
|
Refactor existing sysctl for clarity
|
2024-07-13 22:41:40 +10:00 |
|
Raja Grewal
|
f31dc8aebc
|
Fix error in error script
|
2024-07-12 16:21:03 +10:00 |
|
Raja Grewal
|
b02230a783
|
Split modprobe into blacklisted and disabled configurations
|
2024-07-12 02:42:37 +10:00 |
|
Ben Grande
|
b7796a5334
|
Unify method to find SUID files
|
2024-07-11 11:04:22 +02:00 |
|
Raja Grewal
|
1bb843ec38
|
Update Copyright (C) to 2024
|
2024-05-11 13:18:36 +10:00 |
|
Patrick Schleizer
|
9b589bc311
|
comment
|
2024-05-10 06:49:34 -04:00 |
|
Patrick Schleizer
|
8d01fc2d35
|
chmod +x
|
2024-05-10 06:48:26 -04:00 |
|
Patrick Schleizer
|
547757f451
|
Merge pull request #220 from raja-grewal/block_gps
Block Several GPS-related Modules
|
2024-05-10 06:45:34 -04:00 |
|
raja-grewal
|
f3800a4e2b
|
Create disabled-gps-by-security-misc
|
2024-05-09 02:25:46 +00:00 |
|
raja-grewal
|
132b41ae73
|
Revert logging of martians
|
2024-05-09 02:16:50 +00:00 |
|
Patrick Schleizer
|
7dba3fb7be
|
no longer disable MSR by default
fixes https://github.com/Kicksecure/security-misc/issues/215
|
2024-04-01 02:56:27 -04:00 |
|
Patrick Schleizer
|
ecaa024f22
|
lower debugging
|
2024-03-18 11:01:56 -04:00 |
|
Patrick Schleizer
|
a5206bde33
|
proc-hidepid.service add gid=proc
This allows users that are a member of the `proc` group to be excluded from `hidepid` protections.
https://github.com/Kicksecure/security-misc/issues/208
|
2024-03-10 08:44:53 -04:00 |
|
Patrick Schleizer
|
6b76373395
|
fix panic-on-oops started every 10s in Qubes-Whonix
by changing from a /etc/profile.d etc. related mechanism to start to a systemd unit file based approach
Thanks to @marmarek for the bug report!
https://forums.whonix.org/t/panic-on-oops-started-every-10s/19450
|
2024-03-04 06:44:26 -05:00 |
|
Patrick Schleizer
|
808e72f24b
|
use long options
https://github.com/Kicksecure/security-misc/issues/172
|
2024-02-26 08:11:26 -05:00 |
|
Patrick Schleizer
|
2d1d1b246f
|
improve output
https://github.com/Kicksecure/security-misc/issues/172
|
2024-02-26 08:07:29 -05:00 |
|
Patrick Schleizer
|
d8f5376c4f
|
improve output
https://github.com/Kicksecure/security-misc/issues/172
|
2024-02-26 07:58:06 -05:00 |
|
Patrick Schleizer
|
cf84762a3a
|
improve output
https://github.com/Kicksecure/security-misc/issues/172
|
2024-02-26 07:52:41 -05:00 |
|
Patrick Schleizer
|
f2958bbfa5
|
comment
|
2024-02-26 07:49:30 -05:00 |
|
Patrick Schleizer
|
b23d167342
|
Merge pull request #204 from DanWin/sysfs-mount
Make /sys hardening optional and allow access to /sys/fs to make polkit work
|
2024-02-26 07:46:02 -05:00 |
|
Patrick Schleizer
|
d13d1aa7ec
|
comments
|
2024-02-22 15:07:53 -05:00 |
|
Patrick Schleizer
|
c3dd178b19
|
output
|
2024-02-22 14:57:50 -05:00 |
|
Daniel Winzen
|
ef44ecea44
|
Add option to disabe /sys hardening
|
2024-02-22 17:27:46 +01:00 |
|
Daniel Winzen
|
3bc1765dbb
|
Allow access to /sys/fs for polkit
|
2024-02-22 17:27:45 +01:00 |
|
Patrick Schleizer
|
37a7abdf0c
|
ConditionKernelCommandLine=!remountsecure=0
|
2024-02-22 11:07:01 -05:00 |
|
Patrick Schleizer
|
c0924321b8
|
fix systemd unit ExecStart
|
2024-02-22 09:52:36 -05:00 |
|
Patrick Schleizer
|
6d7cf3c12a
|
output
|
2024-02-22 09:49:48 -05:00 |
|
Patrick Schleizer
|
f7831db197
|
do not exit non-zero if folder does not exist
|
2024-02-22 09:17:41 -05:00 |
|
Patrick Schleizer
|
5bdd7b8475
|
output
|
2024-02-22 09:14:52 -05:00 |
|
Patrick Schleizer
|
44a15cd97d
|
mount --make-private
https://github.com/Kicksecure/security-misc/issues/172
|
2024-02-22 09:13:56 -05:00 |
|
Patrick Schleizer
|
c0f98b05b6
|
comment
https://github.com/Kicksecure/security-misc/pull/202
|
2024-02-22 06:03:59 -05:00 |
|
Patrick Schleizer
|
1e1613aa93
|
allow /opt exec as usually optional binaries are placed there such as firefox
https://github.com/Kicksecure/security-misc/pull/202
|
2024-02-22 06:02:28 -05:00 |
|
Patrick Schleizer
|
7c7b4b24b4
|
fix home_noexec_maybe -> most_noexec_maybe
https://github.com/Kicksecure/security-misc/pull/202
|
2024-02-22 06:02:00 -05:00 |
|
Patrick Schleizer
|
38783faf60
|
add more bind mounts of mount options hardening
as suggested in https://github.com/Kicksecure/security-misc/pull/202
|
2024-02-22 05:58:53 -05:00 |
|