security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-12-17 14:33:58 -05:00

Author	SHA1	Message	Date
Aaron Rainbolt	135ee80450	Move kernel.panic=-1 setting to sysctl, allow turning panic-on-oops off with systemctl	2025-12-11 18:47:42 -06:00
Aaron Rainbolt	5f34b4146e	Merge remote-tracking branch 'raja/docs' into arraybolt3/trixie	2025-11-30 00:12:18 -06:00
Aaron Rainbolt	2c253b1312	Merge remote-tracking branch 'raja/vsyscall32' into arraybolt3/trixie	2025-11-29 21:01:51 -06:00
Aaron Rainbolt	84e193c44e	Merge remote-tracking branch 'raja/stop_tw_reuse' into arraybolt3/trixie	2025-11-28 14:21:59 -06:00
Aaron Rainbolt	65c45fc3d7	Minor fixes to NMI panic docs	2025-11-28 00:13:45 -06:00
raja-grewal	ebc011e67b	Typo	2025-11-19 11:35:04 +11:00
raja-grewal	d891313d57	Provide options to panic upon receiving NMIs	2025-11-11 11:39:21 +00:00
raja-grewal	0b9b9ffb1e	Improve clarity for panic on OOM	2025-11-11 11:32:47 +00:00
raja-grewal	5ac02d2d52	Set `net.ipv4.tcp_tw_reuse=0`	2025-11-10 06:13:35 +00:00
raja-grewal	b89aaea61e	Add docs on logging martian packets	2025-11-10 06:03:33 +00:00
raja-grewal	a3830db09e	Update docs relating to panic on OOM	2025-11-09 13:42:31 +00:00
raja-grewal	0aa0b67df6	Merge branch 'master' into docs	2025-11-10 00:20:48 +11:00
Patrick Schleizer	0391411885	revert Force immediate kernel panic on OOM. https://github.com/Kicksecure/security-misc/issues/324#issuecomment-3507949741	2025-11-09 05:47:00 -05:00
raja-grewal	c5f91eb33a	Add another method to disable 32-bit legacy vsyscalls	2025-11-02 06:15:06 +00:00
raja-grewal	9f7480e20a	Make terminology consistent	2025-10-19 01:41:58 +00:00
raja-grewal	f2c3eba4f0	Merge branch 'Kicksecure:master' into docs	2025-10-19 12:23:13 +11:00
Aaron Rainbolt	29639fe69e	Merge remote-tracking branch 'raja/bad_ipv6_ra' into arraybolt3/trixie	2025-10-15 19:01:08 -05:00
Aaron Rainbolt	026d55ac41	Typo fixes	2025-10-15 18:30:52 -05:00
Aaron Rainbolt	35fce26476	Merge remote-tracking branch 'raja/stop_ptrace' into arraybolt3/trixie	2025-10-15 18:18:33 -05:00
raja-grewal	f690b58870	Add docs relating to panic on OOM	2025-10-13 02:08:44 +00:00
raja-grewal	2304174171	Insert empty new line	2025-10-12 02:32:45 +00:00
raja-grewal	7161430a60	Seperate `ptrace()` disabling into own file	2025-10-12 02:27:48 +00:00
Patrick Schleizer	968de33c65	Force immediate kernel panic on OOM. This is to avoid security features such as the screen locker, kloak, emerg-shutdown from being arbitrarily terminated when the system starts running out of memory. https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14 https://github.com/Kicksecure/security-misc/issues/324 `vm.panic_on_oom=2` implements https://github.com/Kicksecure/security-misc/issues/324	2025-10-10 08:03:03 -04:00
raja-grewal	0c8f2f1b44	Add docs about the risks associated with IPv6 RAs	2025-10-02 07:05:00 +00:00
raja-grewal	194b8fce4e	Disable the usage of `ptrace()` by all processes	2025-09-28 03:20:24 +00:00
Aaron Rainbolt	2a39d5997c	security-misc split string changes	2025-09-21 16:06:11 -05:00
Patrick Schleizer	f70550d015	Split the `security-misc` into `security-misc-shared`, `security-misc-desktop` and `security-misc-server`: rename files https://github.com/Kicksecure/security-misc/issues/187	2025-09-17 14:49:28 -04:00
raja-grewal	e48897cc44	Merge branch 'master' into panic_limits	2025-08-21 10:27:44 +10:00
raja-grewal	add054933b	Update docs on instant reboot when kernel panic	2025-08-21 00:24:28 +00:00
raja-grewal	a471069378	Remove link	2025-08-19 11:03:05 +10:00
Aaron Rainbolt	b5a36e02f1	Merge remote-tracking branch 'raja/panic_limits' into arraybolt3/trixie	2025-08-17 13:52:01 -05:00
raja-grewal	247015bcc6	Set `sysctl kernel.panic=-1`	2025-08-17 06:27:44 +00:00
raja-grewal	c33f7d04e2	Remove duplicate comment	2025-08-16 03:32:48 +00:00
raja-grewal	498551536c	Update docs	2025-08-06 03:12:06 +00:00
raja-grewal	45d20dd972	Upgrade sysctls and docs on kernel panics	2025-08-06 02:35:15 +00:00
raja-grewal	4314b1e85b	Add comment	2025-07-01 13:36:39 +10:00
raja-grewal	dd0b55cc45	Add reference	2025-06-03 12:32:17 +10:00
raja-grewal	ce4b57d1cb	Update docs on kernel panics	2025-02-03 00:31:45 +00:00
Patrick Schleizer	1b33e83529	Merge pull request #291 from raja-grewal/drop_gratuitous_arp Drop gratuitous ARP packets	2025-01-10 10:29:30 -05:00
Patrick Schleizer	486757bfae	Merge pull request #290 from raja-grewal/arp_ignore Respond to ARP requests only if the target IP address is on-link	2025-01-10 10:29:12 -05:00
Patrick Schleizer	17ff249150	Merge pull request #289 from raja-grewal/arp_filter Enable ARP filtering	2025-01-10 10:28:48 -05:00
Patrick Schleizer	27d19ba568	Merge pull request #288 from raja-grewal/shared_media Deny sending and receiving shared media redirects	2025-01-10 10:28:05 -05:00
raja-grewal	1f8eee4720	Add missing sentence full stop	2025-01-08 18:36:00 +11:00
Patrick Schleizer	33114f771a	copyright	2024-12-31 13:26:21 -05:00
raja-grewal	2e6e1701a0	Set `net.ipv4.conf.*.drop_gratuitous_arp=1`	2024-12-19 10:35:08 +00:00
raja-grewal	c37f4efadf	Set `net.ipv4.conf.*.arp_ignore=2`	2024-12-19 10:33:49 +00:00
raja-grewal	af1d06973b	Set `net.ipv4.conf.*.arp_filter=1`	2024-12-19 10:31:43 +00:00
raja-grewal	750367a906	Set `net.ipv4.conf.*.shared_media=0`	2024-12-19 10:29:56 +00:00
Patrick Schleizer	c7f7196471	Merge pull request #287 from raja-grewal/patch Refactor and add two CPU mitigations	2024-12-19 00:31:25 -05:00
raja-grewal	3749f8ff09	Update presentation on user namespaces	2024-12-18 03:36:09 +00:00

1 2 3

146 commits