Commit Graph

1122 Commits

Author SHA1 Message Date
Patrick Schleizer
cb668459e8
port umask from /etc/pam.d to /usr/share/pam-configs implementation
https://forums.whonix.org/t/change-default-umask/7416
2019-07-13 10:35:10 -04:00
Patrick Schleizer
ac25733de8
remove etc/pam.d/common-password.security-misc rounds=65536
due to unclean implementation, see:

https://forums.whonix.org/t/restrict-root-access/7658/37
2019-07-13 14:01:53 +00:00
Patrick Schleizer
69b97981f3
convert etc/pam.d/su.security-misc to usr/share/pam-configs/wheel
https://forums.whonix.org/t/restrict-root-access/7658/32
2019-07-13 12:33:51 +00:00
Patrick Schleizer
4079632d1a
remove modifying to /etc/pam.d directly (unrelased)
config-package-dev displace /etc/securetty
remove trailing spaces

https://forums.whonix.org/t/restrict-root-access/7658/31
2019-07-13 11:41:37 +00:00
Patrick Schleizer
cdb7c6f7eb
bumped changelog version 2019-07-11 18:28:04 +00:00
Patrick Schleizer
aee6b34635
fix lintian warning 2019-07-11 18:26:17 +00:00
Patrick Schleizer
a40a04aaec
Merge remote-tracking branch 'origin/master' 2019-07-11 14:08:30 -04:00
Patrick Schleizer
93190ebf10
Merge pull request #25 from madaidan/patch-20
Improve documentation of blacklisting uncommon network protocols
2019-07-11 18:08:01 +00:00
madaidan
1aee08fa5e
Update control 2019-07-11 15:30:09 +00:00
madaidan
b63d4ccb41
Update uncommon-network-protocols.conf 2019-07-11 15:28:56 +00:00
madaidan
853c2eb377
Update control 2019-07-11 15:26:14 +00:00
Patrick Schleizer
f5356cee2c
bumped changelog version 2019-07-11 07:16:38 +00:00
Patrick Schleizer
bea98474ba
chmod +x usr/lib/security-misc/panic-on-oops 2019-07-11 07:07:21 +00:00
Patrick Schleizer
0057c0dd8c
fix lintian warning 2019-07-11 07:07:01 +00:00
Patrick Schleizer
2a893c0562
Merge remote-tracking branch 'origin/master' 2019-07-11 06:50:35 +00:00
Patrick Schleizer
a54500c6f1
Merge pull request #23 from madaidan/patch-18
Blacklist more uncommon network protocols
2019-07-11 06:41:37 +00:00
Patrick Schleizer
7d3a61564d
Merge pull request #24 from madaidan/patch-19
Move disable-coredumps.conf to correct position
2019-07-11 06:41:08 +00:00
madaidan
932524cbd1
Move disable-coredumps.conf to correct position 2019-07-10 15:28:48 +00:00
madaidan
1e4d349516
Update control 2019-07-10 14:28:39 +00:00
madaidan
4058e283a5
Blacklist more uncommon network protocols 2019-07-10 14:27:19 +00:00
madaidan
d70440aaed
Remove duplicate 2019-07-09 21:57:37 +00:00
madaidan
a8b44c75f9
Update control 2019-07-09 21:57:07 +00:00
madaidan
2d27bdd808
Blacklist more uncommon network protocols 2019-07-09 21:55:37 +00:00
Patrick Schleizer
3df6a44e98
also allow members of group sudo to run /usr/lib/security-misc/panic-on-oops 2019-07-09 06:56:23 -04:00
Patrick Schleizer
5fb500ac32
Merge remote-tracking branch 'origin/master' 2019-07-09 06:55:27 -04:00
Patrick Schleizer
e4bb77037e
Merge pull request #21 from madaidan/patch-16
Make the kernel panic on oopses
2019-07-09 10:54:48 +00:00
Patrick Schleizer
0f15303eb4
Merge branch 'master' into patch-16 2019-07-09 10:54:24 +00:00
Patrick Schleizer
8793708906
Merge remote-tracking branch 'origin/master' 2019-07-09 03:23:26 -04:00
Patrick Schleizer
a9441e7be4
Merge pull request #22 from madaidan/patch-17
Restrict access to the root account
2019-07-09 07:21:47 +00:00
madaidan
24b326d906
Update control 2019-07-08 23:24:41 +00:00
madaidan
24d9eadcb2
Use 65536 hashing rounds 2019-07-08 23:19:59 +00:00
madaidan
86117d9577
Create common-password.security-misc 2019-07-08 23:19:19 +00:00
madaidan
8ad9a54b09
Don't allow root login from a terminal 2019-07-08 23:17:17 +00:00
madaidan
890298a3c8
Restrict su to users in the root group 2019-07-08 23:15:56 +00:00
madaidan
38099a2a5d
Create su.security-misc 2019-07-08 23:11:17 +00:00
madaidan
45f8102d56
Update control 2019-07-08 23:04:47 +00:00
madaidan
2a17427055
Create security-misc 2019-07-08 23:01:30 +00:00
madaidan
4ac700ded0
Create 50panic_on_oops 2019-07-08 22:59:39 +00:00
madaidan
52c61011d4
Create panic-on-oops 2019-07-08 22:58:56 +00:00
Patrick Schleizer
50c00fcfa1
bumped changelog version 2019-07-08 00:23:52 +00:00
Patrick Schleizer
223b691833
add 'Depends: libpam-cgfs'
https://forums.whonix.org/t/change-default-umask/7416/30?u=patrick
2019-07-07 23:39:58 +00:00
Patrick Schleizer
d31a16f264
bumped changelog version 2019-07-07 23:00:27 +00:00
Patrick Schleizer
673aab6bc2
shut up pam-auth-update 2019-07-07 22:18:47 +00:00
Patrick Schleizer
67ff83262b
move to pam-auth-update --force
--package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.
2019-07-07 21:31:56 +00:00
Patrick Schleizer
8399a11367
bumped changelog version 2019-07-07 21:11:08 +00:00
Patrick Schleizer
d4c79cce69
add "Depends: libpam-runtime" so pam-auth-update is available
for Debian maintainer script
2019-07-07 21:09:26 +00:00
Patrick Schleizer
f68b96241c
comment 2019-07-07 21:08:28 +00:00
Patrick Schleizer
91fb21aafb
Due to error:
Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so

run:
pam-auth-update --package
from Debian maintainer scripts
2019-07-07 16:51:40 -04:00
Patrick Schleizer
e543c4bf82
apparmor fixes (this broke whonixcheck apparmor profile) 2019-07-07 16:37:46 -04:00
Patrick Schleizer
8f4a5f33b9
bumped changelog version 2019-07-07 09:39:12 +00:00