security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00

Author	SHA1	Message	Date
Patrick Schleizer	1e1613aa93	allow /opt exec as usually optional binaries are placed there such as firefox https://github.com/Kicksecure/security-misc/pull/202	2024-02-22 06:02:28 -05:00
Patrick Schleizer	7c7b4b24b4	fix home_noexec_maybe -> most_noexec_maybe https://github.com/Kicksecure/security-misc/pull/202	2024-02-22 06:02:00 -05:00
Patrick Schleizer	38783faf60	add more bind mounts of mount options hardening as suggested in https://github.com/Kicksecure/security-misc/pull/202	2024-02-22 05:58:53 -05:00
Patrick Schleizer	3048e0ac76	usrmerge https://github.com/Kicksecure/security-misc/issues/190	2024-01-17 13:54:07 -05:00
Patrick Schleizer	0efee2f50f	usrmerge fixes https://github.com/Kicksecure/security-misc/issues/190	2024-01-17 13:39:56 -05:00
Patrick Schleizer	3ba8fe586e	update permission-hardener.service Which is now only an additional opt-in systemd unit, because permission-hardener is run by default at security-misc package installation time. https://github.com/Kicksecure/security-misc/pull/181	2024-01-16 09:23:54 -05:00
Patrick Schleizer	862bf6b5ab	Merge remote-tracking branch 'ben-grande/clean'	2024-01-16 08:19:28 -05:00
Patrick Schleizer	1199871d7b	undo IPv6 privacy due to potential server issues https://github.com/Kicksecure/security-misc/issues/184	2024-01-07 06:37:34 -05:00
Patrick Schleizer	128bb01b35	undo IPv6 privacy due to potential server issues https://github.com/Kicksecure/security-misc/issues/184	2024-01-07 06:36:25 -05:00
Patrick Schleizer	86f91e3030	revert umask 027 by default because broken because this also happens for root while it should not https://github.com/Kicksecure/security-misc/issues/185	2024-01-06 09:11:54 -05:00
Patrick Schleizer	3f1304403f	disable MAC randomization in Network Manager (NM) because it breaks VirtualBox DHCP https://github.com/Kicksecure/security-misc/issues/184	2024-01-06 08:15:31 -05:00
Raja Grewal	74afcc9c63	Clarify validity of disabling io_uring	2024-01-03 17:52:23 +11:00
Ben Grande	bc02c72018	Fix unbound variable - Run messages preceded by INFO; - Comment unknown unused variables; - Remove unnecessary variables; and - Deal with unbound variable due to subshell by writing to a file;	2024-01-02 17:08:45 +01:00
Ben Grande	abf72c2ee4	Rename file permission hardening script Hardener as the script is the agent that is hardening the file permissions.	2024-01-02 13:34:29 +01:00
Ben Grande	f138cf0f78	Refactor permission-hardener - Organize comments from default configuration; - Apply and undo changes from a single file controlled by parameters; - Arrays should be evaluated as arrays and not normal variables; - Quote variables; - Brackets around variables; - Standardize test cases to "test" command; - Test against empty or non-empty variables with "-z" and "-n"; - Show a usage message when necessary; - Require root to run the script with informative message; - Permit the user to see the help message without running as root; - Do not create root directories without passing root check; - Use long options for "set" command;	2024-01-02 12:17:16 +01:00
Patrick Schleizer	8daf97ab01	Merge pull request #178 from raja-grewal/io_uring Disable asynchronous I/O	2024-01-02 05:29:35 -05:00
Patrick Schleizer	5b36599c0c	/dev/, /dev/shm, /tmp https://github.com/Kicksecure/security-misc/issues/157#issuecomment-1869073716	2023-12-29 14:57:38 -05:00
Patrick Schleizer	c86c83cef7	formatting https://github.com/Kicksecure/security-misc/issues/157	2023-12-25 10:31:58 -05:00
Patrick Schleizer	971ff687b1	do not mount /dev/cdrom by default https://github.com/Kicksecure/security-misc/issues/157	2023-12-25 10:30:35 -05:00
Patrick Schleizer	9fce67fcd9	remove superfluous, broken `remount` mount option https://github.com/Kicksecure/security-misc/issues/157	2023-12-25 10:28:47 -05:00
Patrick Schleizer	40fd8cb608	no `nofail` mount option to avoid breaking the boot of a system unit testing belongs elsewhere https://github.com/Kicksecure/security-misc/issues/157	2023-12-25 09:51:09 -05:00
Patrick Schleizer	4aa645f29f	comment https://github.com/Kicksecure/security-misc/issues/157	2023-12-25 09:46:33 -05:00
Patrick Schleizer	2b7aeedb4a	mount /dev/cdrom to /mnt/cdrom (instead of /mnt/cdrom0) and nodev,nosuid,noexec as per: https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html https://github.com/Kicksecure/security-misc/issues/157	2023-12-25 09:44:51 -05:00
Patrick Schleizer	0d9e9780da	formatting https://github.com/Kicksecure/security-misc/issues/157	2023-12-25 09:37:14 -05:00
Patrick Schleizer	00f9ab4394	/dev devtmpfs https://github.com/Kicksecure/security-misc/issues/157	2023-12-25 09:36:05 -05:00
Patrick Schleizer	55709b3aa0	/tmp tmpfs https://github.com/Kicksecure/security-misc/issues/157	2023-12-25 09:30:57 -05:00
Patrick Schleizer	b0dd967611	usrmerge https://github.com/Kicksecure/security-misc/issues/157	2023-12-25 09:28:08 -05:00
Patrick Schleizer	269fada14a	combine bind lines https://github.com/Kicksecure/security-misc/issues/157	2023-12-25 09:25:14 -05:00
Raja Grewal	f055fe5da2	Disable asynchronous I/O io_uring creation is disabled for all processes. io_uring_setup always fails with -EPERM. Existing io_uring instances can still be used.	2023-12-15 08:33:36 +00:00
Patrick Schleizer	039de1dc9b	add hardened fstab `/usr/share/doc/security-misc/fstab-vm` to the documentation folder as an example not directly used by security-misc will later be used by Kicksecure VM build process https://github.com/Kicksecure/security-misc/issues/157	2023-12-12 11:50:11 -05:00
Patrick Schleizer	5a73817a95	move to `/usr/lib/issue.d/20_security-misc.issue` https://github.com/Kicksecure/security-misc/pull/167	2023-12-04 11:38:49 -05:00
Patrick Schleizer	dc04040cb3	typo	2023-12-04 10:36:48 -05:00
Patrick Schleizer	2634dbff2b	shuffle	2023-12-04 10:36:21 -05:00
Patrick Schleizer	a1e00be0e0	update link	2023-11-06 16:58:23 -05:00
Patrick Schleizer	df5f3e8056	output	2023-11-06 16:36:22 -05:00
Patrick Schleizer	3bc831a1f7	lintian	2023-11-06 16:27:29 -05:00
Patrick Schleizer	ad010ef5b4	debugging	2023-11-05 17:52:44 -05:00
Patrick Schleizer	3130a39d8c	set -e	2023-11-05 17:43:07 -05:00
Patrick Schleizer	36f3c30440	Merge pull request #148 from monsieuremre/module-loading-hardening Harden the loading of new modules to the kernel after install	2023-11-05 17:41:56 -05:00
Patrick Schleizer	4219347f0a	fix permission-hardener config parsing issue	2023-11-05 16:43:44 -05:00
Patrick Schleizer	e72f79236b	refactoring	2023-11-05 16:41:41 -05:00
Patrick Schleizer	dea0d9a78a	fix permission-hardener config parsing issue	2023-11-05 16:40:49 -05:00
Patrick Schleizer	017ae18ad7	fix permission-hardener config parsing issue	2023-11-05 16:39:10 -05:00
Patrick Schleizer	65e3c14643	fix permission-hardener config parsing issue	2023-11-05 16:35:11 -05:00
Patrick Schleizer	d4494fd3c3	disable remount-secure dracut modules pending new systemd based implementation https://github.com/Kicksecure/security-misc/pull/152	2023-11-05 15:27:09 -05:00
Patrick Schleizer	4a19fbae0b	move permission-hardening to /usr/bin to make it more easily accessible	2023-11-05 15:13:01 -05:00
Patrick Schleizer	c75f80b29f	lower verbosity of permission hardener fixes https://github.com/Kicksecure/security-misc/issues/158	2023-11-05 15:09:29 -05:00
Patrick Schleizer	55ba5d4832	renamed: usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf -> usr/lib/NetworkManager/conf.d/80_ipv6-privacy.conf renamed: usr/lib/NetworkManager/conf.d/99_randomize-mac.conf -> usr/lib/NetworkManager/conf.d/80_randomize-mac.conf renamed: usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf -> usr/lib/systemd/networkd.conf.d/80_ipv6-privacy-extensions.conf	2023-11-05 14:51:31 -05:00
Patrick Schleizer	5a75bcfb19	Merge pull request #145 from monsieuremre/wifi-and-bluetooth Wifi and Bluetooth Patch \| Security and Privacy	2023-11-05 14:49:00 -05:00
Patrick Schleizer	d9b5d770cf	Merge pull request #150 from monsieuremre/sysreq Disable SysRq by default	2023-11-05 14:31:26 -05:00

1 2 3 4 5 ...

687 Commits