Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-14 13:41:37 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,532 Commits 2 Branches 291 Tags
Commit Graph

111 Commits

Author SHA1 Message Date
Patrick Schleizer
6e0787957b
increase priority of pam wheel so it is checked even before faillock 
in case of attemtping to use `su` without being a member of the required group `sudo`, it's useful to abort the PAM stack as early as possible to avoid needlessly propmting for a password to later
be rejected tu to lack of group membership
 2025-01-06 05:29:40 -05:00
Patrick Schleizer
d4767b7520
fix: apply PAM wheal only to su PAM service 2025-01-06 04:24:44 -05:00
Patrick Schleizer
33114f771a
copyright 2024-12-31 13:26:21 -05:00
Patrick Schleizer
4cf5757575
Merge pull request #282 from ArrayBolt3/arraybolt3/umask 
Enable umask hardening
 2024-12-19 00:08:56 -05:00
Patrick Schleizer
7902311c57
do not create /etc/sysctl.d/30-lkrg-virtualbox.conf if LKRG is not installed 2024-12-07 04:54:47 -05:00
Patrick Schleizer
1ce37d42cd
. 2024-12-07 04:50:40 -05:00
Aaron Rainbolt
1708a03e1e
Enable umask hardening 2024-11-28 15:39:59 -06:00
Aaron Rainbolt
690e8dd826
Avoid faillock lock/tally reset on reboot or timeout 2024-10-19 23:52:51 -05:00
Raja Grewal
4afe257a42
minor 2024-07-18 00:14:13 +10:00
Raja Grewal
d0a59617f6
Add missing Copyright (C) statements 2024-07-18 00:13:30 +10:00
Raja Grewal
1bb843ec38
Update Copyright (C) to 2024 2024-05-11 13:18:36 +10:00
Patrick Schleizer
ecaa024f22
lower debugging 2024-03-18 11:01:56 -04:00
Patrick Schleizer
3048e0ac76
usrmerge 
https://github.com/Kicksecure/security-misc/issues/190
 2024-01-17 13:54:07 -05:00
Patrick Schleizer
0efee2f50f
usrmerge 
fixes https://github.com/Kicksecure/security-misc/issues/190
 2024-01-17 13:39:56 -05:00
Patrick Schleizer
86f91e3030
revert umask 027 by default 
because broken because this also happens for root while it should not

https://github.com/Kicksecure/security-misc/issues/185
 2024-01-06 09:11:54 -05:00
Patrick Schleizer
5b36599c0c
/dev/, /dev/shm, /tmp 
https://github.com/Kicksecure/security-misc/issues/157#issuecomment-1869073716
 2023-12-29 14:57:38 -05:00
Patrick Schleizer
c86c83cef7
formatting 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 10:31:58 -05:00
Patrick Schleizer
971ff687b1
do not mount /dev/cdrom by default 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 10:30:35 -05:00
Patrick Schleizer
9fce67fcd9
remove superfluous, broken remount mount option 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 10:28:47 -05:00
Patrick Schleizer
40fd8cb608
no nofail mount option to avoid breaking the boot of a system 
unit testing belongs elsewhere

https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:51:09 -05:00
Patrick Schleizer
4aa645f29f
comment 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:46:33 -05:00
Patrick Schleizer
2b7aeedb4a
mount /dev/cdrom to /mnt/cdrom (instead of /mnt/cdrom0) and 
nodev,nosuid,noexec

as per:
https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html

https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:44:51 -05:00
Patrick Schleizer
0d9e9780da
formatting 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:37:14 -05:00
Patrick Schleizer
00f9ab4394
/dev devtmpfs 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:36:05 -05:00
Patrick Schleizer
55709b3aa0
/tmp tmpfs 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:30:57 -05:00
Patrick Schleizer
b0dd967611
usrmerge 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:28:08 -05:00
Patrick Schleizer
269fada14a
combine bind lines 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:25:14 -05:00
Patrick Schleizer
039de1dc9b
add hardened fstab /usr/share/doc/security-misc/fstab-vm 
to the documentation folder as an example

not directly used by security-misc

will later be used by Kicksecure VM build process

https://github.com/Kicksecure/security-misc/issues/157
 2023-12-12 11:50:11 -05:00
Patrick Schleizer
3bc831a1f7
lintian 2023-11-06 16:27:29 -05:00
Patrick Schleizer
b85d48eb83
do not change default umask for root 
since this causes permission issues in `/etc/`

https://github.com/Kicksecure/security-misc/pull/151
 2023-11-03 10:31:59 -04:00
Patrick Schleizer
07540db90d
Revert "Revert "set default umask to 027"" 
This reverts commit f8913ceb2e2fdd274011377c41b5d08e7459e4af.
 2023-11-03 09:45:12 -04:00
Patrick Schleizer
f8913ceb2e
Revert "set default umask to 027" 
This reverts commit cd216095eb8d9387437e653d7764ec765ce42a10.
 2023-11-03 09:43:44 -04:00
Patrick Schleizer
cd216095eb
set default umask to 027 
using package libpam-umask

https://www.debian.org/doc/manuals/securing-debian-manual/ch04s11.en.html#id-1.5.14.19

https://github.com/Kicksecure/security-misc/pull/151
 2023-11-03 09:12:24 -04:00
Patrick Schleizer
a7629b98cf
fix 2023-10-22 15:40:49 -04:00
Patrick Schleizer
25760f7024
bookworm 2023-06-13 08:34:41 +00:00
Raja Grewal
7a4212dd76
Update copyright 2023-03-30 17:08:47 +11:00
Patrick Schleizer
b87d9eb865
lintian 2023-01-24 07:08:13 -05:00
Patrick Schleizer
d31c17ea04
fix 2023-01-07 14:31:14 -05:00
Patrick Schleizer
41d116aa2f
lintian 2023-01-07 14:30:12 -05:00
Patrick Schleizer
8b584c570a
lintian 2022-06-29 16:06:22 -04:00
Patrick Schleizer
1c51d15649
lintian 2022-06-29 15:23:53 -04:00
Patrick Schleizer
6eba53767f
lintian 2022-06-29 14:17:52 -04:00
Patrick Schleizer
cfae7de6a8
lintian 2022-06-29 09:58:37 -04:00
Patrick Schleizer
2d37e3a1af
copyright 2022-05-20 14:46:38 -04:00
Patrick Schleizer
be8c10496f
fix faillock implementation 
dovecot / ssh are exempted
 2021-09-01 15:55:53 -04:00
Patrick Schleizer
582492d6d8
port from pam_tally2 to pam_faillock 
since pam_tally2 was deprecated upstream
 2021-08-10 17:13:00 -04:00
Patrick Schleizer
2bf0e7471c
port from pam_tally2 to pam_faillock 
since pam_tally2 was deprecated upstream
 2021-08-10 15:11:01 -04:00
Patrick Schleizer
2aea74bd71
renamed: usr/libexec/security-misc/pam_tally2-info -> usr/libexec/security-misc/pam-info 
renamed:    usr/libexec/security-misc/pam_tally2_not_if_x -> usr/libexec/security-misc/pam_faillock_not_if_x
renamed:    usr/share/pam-configs/tally2-security-misc -> usr/share/pam-configs/faillock-security-misc
 2021-08-10 15:06:04 -04:00
Patrick Schleizer
50bdd097df
move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS 2021-08-03 12:56:31 -04:00
Patrick Schleizer
8eae635668
update lintian tag name 2021-08-03 11:51:31 -04:00