security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00

Author	SHA1	Message	Date
Patrick Schleizer	8eae635668	update lintian tag name	2021-08-03 11:51:31 -04:00
Patrick Schleizer	bb3e65f7a8	bullseye	2021-08-03 03:25:35 -04:00
Patrick Schleizer	b3e34f7f43	comment	2021-07-25 11:27:07 -04:00
Patrick Schleizer	7e128636b3	improve LKRG VirtualBox host configuration as per https://github.com/openwall/lkrg/issues/82#issuecomment-886188999	2021-07-25 11:26:20 -04:00
Patrick Schleizer	257cef24ba	add LKRG compatibility settings automation for VirtualBox hosts https://github.com/openwall/lkrg/issues/82	2021-07-24 18:03:40 -04:00
Patrick Schleizer	74e39cbf69	pam-abort-on-locked-password: more descriptive error handling https://forums.whonix.org/t/restrict-root-access/7658/1	2021-06-20 11:18:56 -04:00
Patrick Schleizer	a67007f4b7	copyright	2021-03-17 09:45:21 -04:00
Patrick Schleizer	a1819e8cab	comment	2021-03-01 09:15:44 -05:00
Kenton Groombridge	4db7d6be64	hide-hardware-info: allow unrestricting selinuxfs On SELinux systems, the /sys/fs/selinux directory must be visible to userspace utilities in order to function properly.	2021-02-06 03:02:08 -05:00
Patrick Schleizer	af3244741d	comment	2021-01-29 23:15:52 -05:00
Patrick Schleizer	b0b7f569ee	comment	2021-01-28 02:11:54 -05:00
Patrick Schleizer	9622f28e25	skip counting failed login attempts from dovecot Failed dovecot logins should not result in account getting locked. revert "use pam_tally2 only for login"	2021-01-27 05:49:34 -05:00
Patrick Schleizer	6757104aa4	use pam_tally2 only for login to skip counting failed login attempts over ssh and mail login	2021-01-24 05:04:48 -05:00
Patrick Schleizer	c5097ed599	comment	2020-12-06 04:23:09 -05:00
Patrick Schleizer	c031f22995	SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists `whitelists_disable_all=true`	2020-12-01 05:14:48 -05:00
Patrick Schleizer	b09cc0de6a	Revert "SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists" This reverts commit `36a471ebce`.	2020-12-01 05:10:26 -05:00
Patrick Schleizer	36a471ebce	SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists `whitelists_disable_all=true`	2020-12-01 05:02:34 -05:00
Patrick Schleizer	28a326a8a1	add feature `/usr/lib/security-misc/permission-hardening-undo /path/to/filename` to allow removing 1 SUID fix, show INFO message if file does not exist during removal rather than ERROR	2020-11-28 05:31:12 -05:00
Patrick Schleizer	abae787186	usability: pam abort when attempting to login to root when root password is locked	2020-11-05 06:47:16 -05:00
Patrick Schleizer	581e31af81	comment	2020-11-05 06:46:57 -05:00
Patrick Schleizer	dfe9b0f6c7	fix, no longer unconditionally abort pam for user accounts with locked passwords as locked user accounts might have valid sudoers exceptions Thanks to @mimp for the bug report! https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521	2020-11-05 06:42:47 -05:00
Patrick Schleizer	211769dc65	comment	2020-11-05 06:41:51 -05:00
Patrick Schleizer	7952139731	comment	2020-11-05 06:39:32 -05:00
Patrick Schleizer	bb72c1278d	copyright	2020-11-05 06:36:39 -05:00
Patrick Schleizer	5c81e1f23f	import from anon-gpg-conf	2020-04-06 09:25:45 -04:00
Patrick Schleizer	1188a44f47	port to python 3.7	2020-04-04 16:49:30 -04:00
Patrick Schleizer	2ceea8d1fe	update copyright year	2020-04-01 08:49:59 -04:00
Patrick Schleizer	649ec5dfa1	pkexec wrapper: fix gdebi / synaptic but at cost of checking for passwordless sudo /etc/suders /etc/sudoers.d exceptions. http://forums.whonix.org/t/cannot-use-pkexec/8129/53	2020-02-29 04:59:56 -05:00
Patrick Schleizer	9bbae903fe	remove-system.map: lower verbosity output	2020-02-15 05:29:48 -05:00
madaidan	31009f0bfa	Shred System.map files	2020-02-14 23:46:19 +00:00
Patrick Schleizer	1f6ed2cc70	add support for passing parameters to usr/lib/security-misc/apt-get-update	2020-02-03 08:55:20 -05:00
Patrick Schleizer	8627c9f76d	/usr/lib/security-misc/apt-get-update increase default timeout_after="600"	2020-01-31 12:18:02 -05:00
Patrick Schleizer	829e28aa90	/usr/lib/security-misc/apt-get-update environment variable timeout_after kill_after support	2020-01-31 12:17:07 -05:00
Patrick Schleizer	d4a37b6df2	remove-system.map: source /usr/lib/helper-scripts/pre.bsh	2020-01-24 03:18:17 -05:00
Patrick Schleizer	18041efa2f	fix pam tally2 check when read-only disk boot without ro-mode-init or grub-live	2020-01-21 10:01:17 -05:00
Patrick Schleizer	80159545a5	fix xfce4-power-manager xfpm-power-backlight-helper pkexec lxsudo popup https://forums.whonix.org/t/xfce4-power-manager-xfpm-power-backlight-helper-pkexec-lxsudo-popup/8764 do show lxqt-sudo password prompt if there is a sudoers exceptoin improved pkexec wrapper logging	2020-01-15 02:42:10 -05:00
Patrick Schleizer	d90ca4b1ad	refactoring	2020-01-14 15:12:13 -05:00
Patrick Schleizer	082f04f2d4	add logging to pkexec wrapper	2020-01-14 15:04:58 -05:00
Patrick Schleizer	5031e7cc4b	better output if trying to login with non-existing user	2019-12-31 08:18:38 -05:00
Patrick Schleizer	20697db3ee	improve console lockdown info output	2019-12-31 02:53:02 -05:00
Patrick Schleizer	788914de95	group ssh check was removed https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/27	2019-12-31 02:46:32 -05:00
Patrick Schleizer	1a0f7a7733	debugging	2019-12-29 04:43:32 -05:00
Patrick Schleizer	5271892cb1	debugging	2019-12-29 04:42:54 -05:00
Patrick Schleizer	683028049c	debugging	2019-12-29 04:41:23 -05:00
Patrick Schleizer	e3e1ff2a31	exit with error if a config line cannot be processed rather than skipping https://forums.whonix.org/t/disable-suid-binaries/7706/59	2019-12-29 04:35:46 -05:00
Patrick Schleizer	d5c99f3a60	output	2019-12-29 04:27:21 -05:00
Patrick Schleizer	04f438f75d	comment	2019-12-24 18:09:37 -05:00
Patrick Schleizer	9da0e428ed	debugging	2019-12-24 17:54:31 -05:00
Patrick Schleizer	e18ec533c3	comment	2019-12-24 17:54:02 -05:00
Patrick Schleizer	f8f2e6c704	fix disablewhitelist feature	2019-12-23 02:35:13 -05:00
Patrick Schleizer	47ddcad0c0	rename keyword whitelist to exactwhitelist add new keyword disablewhitelist refactoring	2019-12-23 02:29:47 -05:00
Patrick Schleizer	34bf245713	output	2019-12-23 01:35:45 -05:00
Patrick Schleizer	ba30e45d15	output	2019-12-23 01:32:42 -05:00
Patrick Schleizer	ee9c5742da	output	2019-12-23 01:29:48 -05:00
Patrick Schleizer	6d05359abc	output	2019-12-23 01:21:52 -05:00
Patrick Schleizer	a1e78e8515	fix needlessly re-adding entries	2019-12-23 01:20:56 -05:00
Patrick Schleizer	906b3d32e7	output	2019-12-23 01:09:57 -05:00
Patrick Schleizer	4f76867da6	lower debugging	2019-12-23 01:08:02 -05:00
Patrick Schleizer	dc6e5d8508	fix	2019-12-23 01:06:38 -05:00
Patrick Schleizer	87b999f92a	refactoring	2019-12-23 00:59:43 -05:00
Patrick Schleizer	065ff4bd05	sanity_tests	2019-12-23 00:59:24 -05:00
Patrick Schleizer	fef1469fe6	exit non-zero if capability removal failed	2019-12-23 00:51:14 -05:00
Patrick Schleizer	17a8c29470	fix capability removal error handling https://forums.whonix.org/t/disable-suid-binaries/7706/45	2019-12-23 00:47:49 -05:00
Patrick Schleizer	b631e2ecd8	refactoring	2019-12-23 00:36:41 -05:00
Patrick Schleizer	7aea304549	comment	2019-12-23 00:26:15 -05:00
Patrick Schleizer	f4b1df02ee	Remove suid / gid and execute permission for 'group' and 'others'. Similar to: chmod og-ugx /path/to/filename Removing execution permission is useful to make binaries such as 'su' fail closed rather than fail open if suid was removed from these. Do not remove read access since no security benefit and easier to manually undo for users. chmod 744	2019-12-22 19:42:40 -05:00
Patrick Schleizer	d300db3cde	output	2019-12-21 14:45:11 -05:00
Patrick Schleizer	3921846df6	comment	2019-12-21 14:36:42 -05:00
Patrick Schleizer	1e8457ea47	no longer remount /lib https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/25	2019-12-21 14:06:10 -05:00
Patrick Schleizer	10c19d6a8f	Merge remote-tracking branch 'origin/master'	2019-12-21 13:00:41 -05:00
madaidan	f5a52aeddc	Don't remount /sys/kernel/security	2019-12-21 14:55:28 +00:00
Patrick Schleizer	b2260f48f4	add support for /etc/exec / /usr/local/etc/exec to allow enabling exec on a per VM basis	2019-12-21 08:03:33 -05:00
Patrick Schleizer	b74e5ca972	comment	2019-12-21 07:47:00 -05:00
Patrick Schleizer	8fb17624bc	comment	2019-12-21 07:44:51 -05:00
Patrick Schleizer	aef796a524	disable debugging	2019-12-21 07:44:23 -05:00
Patrick Schleizer	1fe83d683f	comment	2019-12-21 07:43:55 -05:00
Patrick Schleizer	7c3da38bd5	comment	2019-12-21 07:42:25 -05:00
Patrick Schleizer	9050058bc2	fix	2019-12-21 07:42:01 -05:00
Patrick Schleizer	6b13a644df	add /usr/lib/security-misc/permission-hardening-undo	2019-12-21 07:37:41 -05:00
Patrick Schleizer	c336bc4fd2	comment	2019-12-21 06:39:13 -05:00
Patrick Schleizer	b5f88efe20	fix	2019-12-21 06:27:01 -05:00
Patrick Schleizer	2088628c8d	debugging	2019-12-21 06:24:08 -05:00
Patrick Schleizer	2dca031527	debugging	2019-12-21 06:22:46 -05:00
Patrick Schleizer	195e00cc87	output	2019-12-21 06:16:38 -05:00
Patrick Schleizer	4b21b6df41	fix	2019-12-21 06:11:44 -05:00
Patrick Schleizer	8436da2b7b	output	2019-12-21 05:58:50 -05:00
Patrick Schleizer	da15265e1c	fix	2019-12-21 05:55:23 -05:00
Patrick Schleizer	2a248fe0de	fix	2019-12-21 05:54:39 -05:00
Patrick Schleizer	4f12664362	output	2019-12-21 05:54:07 -05:00
Patrick Schleizer	e3355843c8	fix	2019-12-21 05:51:22 -05:00
Patrick Schleizer	234ec5fe93	fix	2019-12-21 05:47:35 -05:00
Patrick Schleizer	7ff900c204	fix	2019-12-21 05:37:43 -05:00
Patrick Schleizer	e1a5ee4bcf	output	2019-12-21 05:26:55 -05:00
Patrick Schleizer	66aaf3e22c	output	2019-12-21 05:25:54 -05:00
Patrick Schleizer	7aa7d0b5a0	improve error handling	2019-12-21 05:22:27 -05:00
Patrick Schleizer	8919d38de9	disable debugging	2019-12-21 05:21:46 -05:00
Patrick Schleizer	cf5dee64fd	refactoring	2019-12-21 05:18:34 -05:00
Patrick Schleizer	29cd9a0c38	fix	2019-12-21 05:17:35 -05:00
Patrick Schleizer	486027a4d7	fix	2019-12-21 05:15:38 -05:00
Patrick Schleizer	1fd26be864	fix	2019-12-21 05:14:51 -05:00

1 2 3 4 5 ...

404 Commits