Patrick Schleizer
14aa6c5077
comment
2019-12-07 06:26:23 -05:00
Patrick Schleizer
8b3f5a555b
add console lockdown to pam info output
2019-12-07 06:25:45 -05:00
Patrick Schleizer
5a4eda0d05
also support /usr/local/etc/remount-disable and /usr/local/etc/noexec
2019-12-07 01:53:33 -05:00
Patrick Schleizer
9b14f24d5e
refactoring
2019-12-06 11:17:32 -05:00
Patrick Schleizer
a6133f5912
output
2019-12-06 11:16:43 -05:00
Patrick Schleizer
c1ea35e2ef
output
2019-12-06 11:15:54 -05:00
Patrick Schleizer
4bec41379d
fix remount with noexec if /etc/noexec exists
2019-12-06 11:15:13 -05:00
Patrick Schleizer
470cad6e91
remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
...
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
2019-12-06 05:14:02 -05:00
Patrick Schleizer
aa5451c8cd
Lock user accounts after 50 rather than 100 failed login attempts.
...
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19
2019-11-25 01:39:53 -05:00
Patrick Schleizer
fe1f1b73a7
load jitterentropy_rng kernel module for better entropy collection
...
https://www.whonix.org/wiki/Dev/Entropy
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972
https://forums.whonix.org/t/jitterentropy-rngd/7204
2019-11-23 11:20:32 +00:00
Patrick Schleizer
74293bcd2f
output
2019-11-05 01:59:25 -05:00
Patrick Schleizer
2b5b06b602
output
2019-11-05 01:59:19 -05:00
Patrick Schleizer
d6977becba
refactoring
2019-11-05 01:51:14 -05:00
Patrick Schleizer
daf0006795
comment
2019-11-05 01:50:27 -05:00
Patrick Schleizer
203d5cfa68
copyright
2019-10-31 11:19:44 -04:00
Patrick Schleizer
d4e02de43a
set SUDO_ASKPASS for pkexec wrapper when using sudo --askpass
2019-10-22 09:04:44 -04:00
Patrick Schleizer
343d9cc916
fix
2019-10-21 09:53:55 +00:00
Patrick Schleizer
40707e70db
Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid.
...
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040
https://forums.whonix.org/t/cannot-use-pkexec/8129
Thanks to AnonymousUser for the bug report!
2019-10-21 05:46:49 -04:00
Patrick Schleizer
a5045dc26e
set -e
2019-10-17 06:18:32 -04:00
Patrick Schleizer
4aba027566
syntax check
2019-10-17 06:12:36 -04:00
Patrick Schleizer
8b9aa8841a
fix
2019-10-17 06:11:01 -04:00
Patrick Schleizer
cfbd77040a
set "shopt -s nullglob" to avoid failing when folder /etc/hide-hardware-info.d
...
does not exist or is empty
2019-10-17 06:10:29 -04:00
Patrick Schleizer
b05663c5f6
shuffle
...
https://forums.whonix.org/t/restrict-hardware-information-to-root/7329/80
2019-10-17 06:08:55 -04:00
Patrick Schleizer
28a440091d
code simplification
2019-10-17 06:08:16 -04:00
Patrick Schleizer
3c4e261c20
remove trailing spaces
2019-10-17 06:05:23 -04:00
Patrick Schleizer
8a42c5b023
Merge pull request #34 from madaidan/whitelist
...
Add a whitelist for /sys and /proc/cpuinfo
2019-10-17 09:59:12 +00:00
madaidan
61f742304d
return 0
2019-10-16 19:46:59 +00:00
madaidan
ffba0e0179
Elaborate
2019-10-16 19:04:15 +00:00
madaidan
f08c03ab21
Restrict sysfs/cpuinfo if the whitelist is disabled
2019-10-16 15:39:23 +00:00
madaidan
6b78dbcd07
Add way to whitelist things
2019-10-15 20:57:02 +00:00
Patrick Schleizer
d2bc3a2a08
chmod +x usr/lib/security-misc/hide-hardware-info
2019-10-05 09:14:41 +00:00
madaidan
87917d2f03
Add licensing
2019-10-03 21:38:07 +00:00
madaidan
9449f5017a
Create hide-hardware-info
2019-10-03 20:45:14 +00:00
Patrick Schleizer
75258843e9
copyright
2019-09-16 13:03:43 +00:00
Patrick Schleizer
8e39cea876
comment
2019-09-16 13:03:25 +00:00
Patrick Schleizer
bac462f211
comment
2019-09-16 13:03:02 +00:00
Patrick Schleizer
bec680d4f3
pam_tally2-info: fix, do nothing when started as user "user"
...
xscreensaver runs as user "user", therefore pam_tally2 cannot function.
xscreensaver has its own failed login counter.
as user "user"
/sbin/pam_tally2 -u user
pam_tally2: Error opening /var/log/tallylog for update: Permission denied
/sbin/pam_tally2: Authentication error
https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698
2019-09-16 12:30:23 +00:00
Patrick Schleizer
0140df8668
virusforget
2019-08-19 08:43:28 +00:00
Patrick Schleizer
113ab42568
virusforget
2019-08-19 08:31:23 +00:00
Patrick Schleizer
416906d4f9
virusforget
2019-08-19 08:19:35 +00:00
Patrick Schleizer
2d867d9fee
virusforget
2019-08-19 08:10:18 +00:00
Patrick Schleizer
8e76e6b8b3
fix
2019-08-19 07:48:12 +00:00
Patrick Schleizer
3f068f77fe
keep cache folder outside of reach of user since even user can remove files
...
owned by root in its home folder
2019-08-19 07:47:20 +00:00
Patrick Schleizer
1fa1efa58e
credits
2019-08-19 07:22:09 +00:00
Patrick Schleizer
1e026a3ebb
initial development version of VirusForget
2019-08-18 22:50:44 +00:00
Patrick Schleizer
41b2819ec8
PAM: abort on locked password
...
to avoid needlessly bumping pam_tally2 counter
https://forums.whonix.org/t/restrict-root-access/7658/1
2019-08-17 10:33:47 +00:00
Patrick Schleizer
17cfcb63b6
code simplification; report locked account earlier
2019-08-16 10:50:56 -04:00
Patrick Schleizer
ff9bc1d7ea
informational output during PAM:
...
* Show failed and remaining password attempts.
* Document unlock procedure if Linux user account got locked.
* Point out, that there is no password feedback for `su`.
* Explain locked (root) account if locked.
* /usr/share/pam-configs/tally2-security-misc
* /usr/lib/security-misc/pam_tally2-info
2019-08-15 13:37:28 +00:00
Patrick Schleizer
547ba91d79
sanity test
2019-08-14 09:45:30 +00:00
Patrick Schleizer
799acad724
skip, if not a folder
2019-08-14 09:39:43 +00:00