security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-18 00:24:24 -05:00

Author	SHA1	Message	Date
Patrick Schleizer	7200e9bd8c	output	2024-07-24 09:15:02 -04:00
Patrick Schleizer	1b6161c2dc	Merge remote-tracking branch 'ben-grande/fuzz'	2024-07-24 09:13:48 -04:00
Ben Grande	8be21b6eff	Handle newlines in file names	2024-07-23 19:36:12 +02:00
Ben Grande	aa99de68d3	Log output with defined levels	2024-07-23 18:50:16 +02:00
Ben Grande	06fbcdac1d	Prettify log messages	2024-07-23 09:55:02 +02:00
Ben Grande	7ee1ea2cc7	Unify functions that evaluate commands	2024-07-22 17:06:07 +02:00
Ben Grande	9c3566f524	Delimit file names with null terminator	2024-07-22 16:56:42 +02:00
Raja Grewal	a189956adc	Typo	2024-07-20 20:11:09 +10:00
Raja Grewal	c4965ed838	Disable legacy framebuffer drivers These were all previously blacklisted for over 2 years.	2024-07-20 14:55:10 +10:00
Raja Grewal	8f3896c3da	Upgrade hyperlinks to HTTPS	2024-07-17 23:44:37 +10:00
Patrick Schleizer	df80385289	Merge pull request #237 from raja-grewal/intel_pmt Disable some Intel PMT kernel modules	2024-07-17 09:04:18 -04:00
Patrick Schleizer	6e63fc8985	Merge remote-tracking branch 'ben-grande/fuzz'	2024-07-15 17:14:25 -04:00
Raja Grewal	61941da375	Create `disabled-intelpmt-by-security-misc`	2024-07-15 22:38:09 +10:00
Raja Grewal	a8bc1144c3	Updated wording of error files for disabled modules	2024-07-15 21:10:13 +10:00
Raja Grewal	fda3832eaf	Replace bash file presented for disabling of miscellaneous modules	2024-07-15 21:08:45 +10:00
Raja Grewal	c52b1a3fd2	Create `disabled-miscellaneous-by-security-misc`	2024-07-15 20:58:45 +10:00
Raja Grewal	f31dc8aebc	Fix error in error script	2024-07-12 16:21:03 +10:00
Raja Grewal	b02230a783	Split modprobe into blacklisted and disabled configurations	2024-07-12 02:42:37 +10:00
Ben Grande	b7796a5334	Unify method to find SUID files	2024-07-11 11:04:22 +02:00
Raja Grewal	1bb843ec38	Update Copyright (C) to 2024	2024-05-11 13:18:36 +10:00
Patrick Schleizer	8d01fc2d35	chmod +x	2024-05-10 06:48:26 -04:00
raja-grewal	f3800a4e2b	Create disabled-gps-by-security-misc	2024-05-09 02:25:46 +00:00
Patrick Schleizer	7dba3fb7be	no longer disable MSR by default fixes https://github.com/Kicksecure/security-misc/issues/215	2024-04-01 02:56:27 -04:00
Patrick Schleizer	d13d1aa7ec	comments	2024-02-22 15:07:53 -05:00
Patrick Schleizer	c3dd178b19	output	2024-02-22 14:57:50 -05:00
Patrick Schleizer	6d7cf3c12a	output	2024-02-22 09:49:48 -05:00
Patrick Schleizer	f7831db197	do not exit non-zero if folder does not exist	2024-02-22 09:17:41 -05:00
Patrick Schleizer	5bdd7b8475	output	2024-02-22 09:14:52 -05:00
Patrick Schleizer	44a15cd97d	mount --make-private https://github.com/Kicksecure/security-misc/issues/172	2024-02-22 09:13:56 -05:00
Patrick Schleizer	c0f98b05b6	comment https://github.com/Kicksecure/security-misc/pull/202	2024-02-22 06:03:59 -05:00
Patrick Schleizer	1e1613aa93	allow /opt exec as usually optional binaries are placed there such as firefox https://github.com/Kicksecure/security-misc/pull/202	2024-02-22 06:02:28 -05:00
Patrick Schleizer	7c7b4b24b4	fix home_noexec_maybe -> most_noexec_maybe https://github.com/Kicksecure/security-misc/pull/202	2024-02-22 06:02:00 -05:00
Patrick Schleizer	38783faf60	add more bind mounts of mount options hardening as suggested in https://github.com/Kicksecure/security-misc/pull/202	2024-02-22 05:58:53 -05:00
Patrick Schleizer	0efee2f50f	usrmerge fixes https://github.com/Kicksecure/security-misc/issues/190	2024-01-17 13:39:56 -05:00
Patrick Schleizer	3ba8fe586e	update permission-hardener.service Which is now only an additional opt-in systemd unit, because permission-hardener is run by default at security-misc package installation time. https://github.com/Kicksecure/security-misc/pull/181	2024-01-16 09:23:54 -05:00
Ben Grande	bc02c72018	Fix unbound variable - Run messages preceded by INFO; - Comment unknown unused variables; - Remove unnecessary variables; and - Deal with unbound variable due to subshell by writing to a file;	2024-01-02 17:08:45 +01:00
Ben Grande	abf72c2ee4	Rename file permission hardening script Hardener as the script is the agent that is hardening the file permissions.	2024-01-02 13:34:29 +01:00
Ben Grande	f138cf0f78	Refactor permission-hardener - Organize comments from default configuration; - Apply and undo changes from a single file controlled by parameters; - Arrays should be evaluated as arrays and not normal variables; - Quote variables; - Brackets around variables; - Standardize test cases to "test" command; - Test against empty or non-empty variables with "-z" and "-n"; - Show a usage message when necessary; - Require root to run the script with informative message; - Permit the user to see the help message without running as root; - Do not create root directories without passing root check; - Use long options for "set" command;	2024-01-02 12:17:16 +01:00
Patrick Schleizer	b0dd967611	usrmerge https://github.com/Kicksecure/security-misc/issues/157	2023-12-25 09:28:08 -05:00
Patrick Schleizer	a1e00be0e0	update link	2023-11-06 16:58:23 -05:00
Patrick Schleizer	df5f3e8056	output	2023-11-06 16:36:22 -05:00
Patrick Schleizer	4219347f0a	fix permission-hardener config parsing issue	2023-11-05 16:43:44 -05:00
Patrick Schleizer	e72f79236b	refactoring	2023-11-05 16:41:41 -05:00
Patrick Schleizer	dea0d9a78a	fix permission-hardener config parsing issue	2023-11-05 16:40:49 -05:00
Patrick Schleizer	017ae18ad7	fix permission-hardener config parsing issue	2023-11-05 16:39:10 -05:00
Patrick Schleizer	65e3c14643	fix permission-hardener config parsing issue	2023-11-05 16:35:11 -05:00
Patrick Schleizer	4a19fbae0b	move permission-hardening to /usr/bin to make it more easily accessible	2023-11-05 15:13:01 -05:00
Patrick Schleizer	1123d23114	remount-secure: disable debugging to save space in initrd	2023-10-26 18:45:07 -04:00
monsieuremre	f0857fd560	Fix double mount issue for /var/log and /var/tmp Mounting var with bind and mounting a subdirectory causes /var/tmp and /var/log bind mounted twice each. can be checked with lsblk. When we bind mount var only after having mounted the subdirectories, everything is mounted only one.	2023-10-23 15:33:05 +00:00
Patrick Schleizer	d2e8a6dad3	debugging	2023-10-22 19:21:51 -04:00
Patrick Schleizer	e7aafd64d4	refactoring	2023-10-22 19:16:12 -04:00
Patrick Schleizer	d521662d04	comment	2023-10-22 16:49:36 -04:00
Patrick Schleizer	0e80acf38d	fix	2023-10-22 16:45:10 -04:00
Patrick Schleizer	5182d7502b	improve remount-secure	2023-10-22 16:08:21 -04:00
Patrick Schleizer	a88c0a3ad2	fix	2023-10-22 15:44:30 -04:00
Patrick Schleizer	a7629b98cf	fix	2023-10-22 15:40:49 -04:00
Patrick Schleizer	7112eac3be	output	2023-10-22 15:37:21 -04:00
Patrick Schleizer	f80b5fe376	fix	2023-10-22 15:36:16 -04:00
Patrick Schleizer	ce0babce21	comment	2023-10-22 15:35:03 -04:00
Patrick Schleizer	70cbe4daaa	fix	2023-10-22 15:33:11 -04:00
Patrick Schleizer	9b9e9ce1c0	fix	2023-10-22 15:27:01 -04:00
Patrick Schleizer	3731716a49	fix	2023-10-22 15:14:22 -04:00
Patrick Schleizer	eec87a0508	fix	2023-10-22 15:11:26 -04:00
Patrick Schleizer	f3286cf440	fix	2023-10-22 15:10:21 -04:00
Patrick Schleizer	eb90d38d8c	fix	2023-10-22 15:05:33 -04:00
Patrick Schleizer	7f03c2b137	fix	2023-10-22 14:45:45 -04:00
Patrick Schleizer	c85db586ca	improve	2023-10-22 14:44:58 -04:00
Patrick Schleizer	7c0ea4324a	fix	2023-10-22 14:39:52 -04:00
Patrick Schleizer	6198ae317c	fix	2023-10-22 14:29:02 -04:00
Patrick Schleizer	245fad0986	fix	2023-10-22 14:00:06 -04:00
Patrick Schleizer	619f1705e1	output	2023-10-22 13:58:55 -04:00
Patrick Schleizer	e689f38ad0	todo	2023-10-22 13:31:44 -04:00
Patrick Schleizer	6675a2e931	fix	2023-10-22 13:30:50 -04:00
Patrick Schleizer	84ca0ac8a0	improve remount-secure	2023-10-22 12:54:25 -04:00
Patrick Schleizer	e7d30955e8	debugging	2023-10-22 11:28:08 -04:00
Patrick Schleizer	8eb4607a0e	improve	2023-10-22 11:12:54 -04:00
Patrick Schleizer	f1da0ce746	fix	2023-10-22 11:11:10 -04:00
Patrick Schleizer	26826e8398	fix	2023-10-22 11:06:34 -04:00
Patrick Schleizer	233fa4625b	output	2023-10-22 10:49:53 -04:00
Patrick Schleizer	3ebe8cf4de	refactoring	2023-10-22 10:41:42 -04:00
Patrick Schleizer	24d2e26397	no longer reproducible	2023-10-22 10:40:19 -04:00
Patrick Schleizer	fcba70df2e	refactoring	2023-10-22 10:38:48 -04:00
Patrick Schleizer	a05bd3dd0e	/home last because most likely to fail	2023-10-22 10:37:02 -04:00
Patrick Schleizer	41077c94fb	improve remount-secure	2023-10-22 10:32:24 -04:00
Patrick Schleizer	ef69e512bd	refactoring	2023-10-22 10:25:57 -04:00
Patrick Schleizer	d5cb7ecec9	use findmnt	2023-10-22 10:22:21 -04:00
Patrick Schleizer	45ce0ff74d	debugging	2023-10-22 10:16:43 -04:00
Patrick Schleizer	292a5c3a8a	fix	2023-10-22 10:11:31 -04:00
Patrick Schleizer	181a642479	root check	2023-10-22 10:01:38 -04:00
Patrick Schleizer	84fd41931c	/var/run -> /run	2023-10-22 09:44:17 -04:00
Patrick Schleizer	c409e3221e	implement remount-secure	2023-10-22 09:36:03 -04:00
Patrick Schleizer	167683ce76	code simplification	2023-10-22 08:50:57 -04:00
Patrick Schleizer	f0ee470ecd	comment	2023-10-22 07:51:05 -04:00
Patrick Schleizer	e257f2a380	remount-secure: no longer use /usr/libexec/helper-scripts/pre.bsh as not simple with dracut	2023-10-22 07:50:14 -04:00
Patrick Schleizer	ed11c68ac6	move remount-secure to /usr/bin/remount-secure to make it easier to manually run	2023-10-22 06:51:52 -04:00
Raja Grewal	7a4212dd76	Update copyright	2023-03-30 17:08:47 +11:00
Patrick Schleizer	6d7a782624	fix	2022-11-24 07:21:46 -05:00
Patrick Schleizer	39b35ef9ac	fix	2022-11-24 06:49:15 -05:00
Patrick Schleizer	d05c101721	debugging	2022-11-24 06:31:24 -05:00
Patrick Schleizer	36454c2dbf	debugging	2022-11-24 06:25:47 -05:00

1 2 3 4

173 Commits