security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00

Author	SHA1	Message	Date
Patrick Schleizer	218cbddba9	comment	2019-12-07 05:52:06 -05:00
Patrick Schleizer	6479c883bf	Console Lockdown. Allow members of group 'console' to use tty1 to tty7. Everyone else except members of group 'console-unrestricted' are restricted from using console using ancient, unpopular login methods such as using /bin/login over networks, which might be exploitable. (CVE-2001-0797) Not enabled by default in this package since this package does not know which users shall be added to group 'console'. In new Whonix builds, user 'user" will be added to group 'console' and pam console-lockdown enabled by package anon-base-files. /usr/share/pam-configs/console-lockdown /etc/security/access-security-misc.conf https://forums.whonix.org/t/etc-security-hardening/8592	2019-12-07 05:40:20 -05:00
Patrick Schleizer	52934c9288	bumped changelog version	2019-12-07 02:02:32 -05:00
Patrick Schleizer	6faa977cd7	readme	2019-12-07 02:02:06 -05:00
Patrick Schleizer	6d92d03b31	description	2019-12-07 01:54:50 -05:00
Patrick Schleizer	5a4eda0d05	also support /usr/local/etc/remount-disable and /usr/local/etc/noexec	2019-12-07 01:53:33 -05:00
Patrick Schleizer	0afcc5e798	bumped changelog version	2019-12-06 12:43:21 -05:00
Patrick Schleizer	2954dcbccf	minor	2019-12-06 12:24:55 -05:00
Patrick Schleizer	f3647e7478	RemainAfterExit=yes	2019-12-06 12:18:18 -05:00
Patrick Schleizer	af0cf058e7	bumped changelog version	2019-12-06 11:18:20 -05:00
Patrick Schleizer	9b14f24d5e	refactoring	2019-12-06 11:17:32 -05:00
Patrick Schleizer	a6133f5912	output	2019-12-06 11:16:43 -05:00
Patrick Schleizer	c1ea35e2ef	output	2019-12-06 11:15:54 -05:00
Patrick Schleizer	4bec41379d	fix remount with noexec if /etc/noexec exists	2019-12-06 11:15:13 -05:00
Patrick Schleizer	bff425fec2	bumped changelog version	2019-12-06 09:32:18 -05:00
Patrick Schleizer	b22289f2a8	readme	2019-12-06 09:30:05 -05:00
Patrick Schleizer	470cad6e91	remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in) https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707	2019-12-06 05:14:02 -05:00
Patrick Schleizer	8cf5ed990a	comment	2019-12-05 15:52:24 -05:00
Patrick Schleizer	19add3299c	Merge remote-tracking branch 'origin/master'	2019-12-05 15:46:19 -05:00
Patrick Schleizer	9679292878	Merge pull request #39 from madaidan/rp_filter Enable reverse path filtering	2019-12-05 20:33:47 +00:00
madaidan	af9e19c51f	Update control	2019-12-05 20:14:55 +00:00
madaidan	30289c68c2	Enable reverse path filtering	2019-12-05 20:13:10 +00:00
Patrick Schleizer	0c25a96b59	description / comments	2019-12-03 02:18:32 -05:00
Patrick Schleizer	d26ba05c47	Merge remote-tracking branch 'origin/master'	2019-12-03 01:52:04 -05:00
Patrick Schleizer	73c6410a0e	Merge pull request #38 from madaidan/distrust-cpu Distrust the CPU for initial entropy	2019-12-03 06:51:31 +00:00
madaidan	8d63da3cef	Update control	2019-12-02 16:46:12 +00:00
madaidan	5da2a27bf0	Distrust the CPU for initial entropy	2019-12-02 16:43:00 +00:00
Patrick Schleizer	6ca48fffdc	bumped changelog version	2019-11-28 10:22:41 -05:00
Patrick Schleizer	ab696f5571	readme	2019-11-28 10:05:39 -05:00
Patrick Schleizer	25aed91eb1	description	2019-11-28 09:20:46 -05:00
Patrick Schleizer	0c4e5df3e0	description	2019-11-28 09:18:05 -05:00
Patrick Schleizer	5ac2a6f9ac	description	2019-11-28 09:17:32 -05:00
Patrick Schleizer	ff3412fbe0	fix, make sure to undo pam changes on package removal Thanks to minimal for the bug report! https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/11	2019-11-27 10:22:31 -05:00
Patrick Schleizer	62b924eea7	Merge remote-tracking branch 'origin/master'	2019-11-26 13:00:36 -05:00
Patrick Schleizer	ba02dcb267	Merge pull request #37 from madaidan/apparmor-fixes Fix permission-lockdown	2019-11-26 18:00:11 +00:00
madaidan	d9d6d07714	/dev/pts/[0-9]* rw,	2019-11-26 17:12:12 +00:00
Patrick Schleizer	9091f69edd	bumped changelog version	2019-11-25 08:51:36 +00:00
Patrick Schleizer	57ce06c0eb	readme	2019-11-25 08:41:45 +00:00
Patrick Schleizer	aa5451c8cd	Lock user accounts after 50 rather than 100 failed login attempts. https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19	2019-11-25 01:39:53 -05:00
Patrick Schleizer	6277db1383	bumped changelog version	2019-11-23 14:07:45 +00:00
Patrick Schleizer	6a6a638ef0	readme	2019-11-23 14:06:28 +00:00
Patrick Schleizer	fe1f1b73a7	load jitterentropy_rng kernel module for better entropy collection https://www.whonix.org/wiki/Dev/Entropy https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972 https://forums.whonix.org/t/jitterentropy-rngd/7204	2019-11-23 11:20:32 +00:00
Patrick Schleizer	d32024a3da	/usr/sbin/pam_tally2 mrix, https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/152	2019-11-23 05:53:19 -05:00
Patrick Schleizer	03e8023847	output	2019-11-22 14:11:30 -05:00
Patrick Schleizer	e76e1475b0	comment	2019-11-22 12:24:35 -05:00
Patrick Schleizer	a99dfd067a	bumped changelog version	2019-11-19 15:31:55 +00:00
Patrick Schleizer	81e4f580af	etc/apparmor.d/usr.lib.security-misc.permission-lockdown: /usr/bin/chmod mrix,	2019-11-19 15:29:02 +00:00
Patrick Schleizer	8ad8dbea5a	bumped changelog version	2019-11-18 19:16:16 +00:00
Patrick Schleizer	9a20b85fe1	Merge remote-tracking branch 'origin/master'	2019-11-17 11:20:17 -05:00
Patrick Schleizer	2b17c0f3e4	Merge pull request #36 from madaidan/hidepid-fix Remove proc-hidepid systemd sandboxing	2019-11-17 16:19:55 +00:00

1 2 3 4 5 ...

614 Commits