Commit Graph

593 Commits

Author SHA1 Message Date
Patrick Schleizer
f001250ae6
Merge remote-tracking branch 'origin/master' 2019-10-28 10:31:30 -04:00
Patrick Schleizer
5a3cbe8100
Merge pull request #35 from madaidan/apparmor
Apparmor profiles
2019-10-28 14:30:45 +00:00
madaidan
0e49bdc45f
Licensing 2019-10-28 14:26:14 +00:00
madaidan
5d5ad92638
Licensing 2019-10-28 14:26:05 +00:00
madaidan
0699747fcb
Debian packaging 2019-10-28 14:24:37 +00:00
madaidan
fe4e29d392
Depend on dh-apparmor 2019-10-28 14:22:47 +00:00
madaidan
1b8b3610b1
Create usr.lib.security-misc.pam_tally2-info 2019-10-28 14:20:59 +00:00
madaidan
29b05546e4
Create usr.lib.security-misc.permission-lockdown 2019-10-28 14:20:08 +00:00
Patrick Schleizer
d832ab91bd
bumped changelog version 2019-10-23 10:22:03 +00:00
Patrick Schleizer
bce5274a15
quotes fix 2019-10-22 09:22:29 -04:00
Patrick Schleizer
e20b9e2133
better solution when using pkexec with --user: wrap sudo --user with lxqt-sudo 2019-10-22 09:08:18 -04:00
Patrick Schleizer
d4e02de43a
set SUDO_ASKPASS for pkexec wrapper when using sudo --askpass 2019-10-22 09:04:44 -04:00
Patrick Schleizer
1a65a91039
long rather than short option 2019-10-22 08:56:05 -04:00
Patrick Schleizer
b55913637b
silence output by mount/grep 2019-10-22 08:54:48 -04:00
Patrick Schleizer
a1154170c9
Call original pkexec in case there are no arguments. 2019-10-22 08:54:17 -04:00
Patrick Schleizer
9c8f678cb9
bumped changelog version 2019-10-21 09:55:41 +00:00
Patrick Schleizer
1e4d0ea1d0
fix lintian warning 2019-10-21 09:55:05 +00:00
Patrick Schleizer
343d9cc916
fix 2019-10-21 09:53:55 +00:00
Patrick Schleizer
2d436f3602
bumped changelog version 2019-10-21 09:51:36 +00:00
Patrick Schleizer
af3f42dabf
readme 2019-10-21 09:51:12 +00:00
Patrick Schleizer
40707e70db
Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040

https://forums.whonix.org/t/cannot-use-pkexec/8129

Thanks to AnonymousUser for the bug report!
2019-10-21 05:46:49 -04:00
Patrick Schleizer
31b771ac2e
bumped changelog version 2019-10-18 10:39:43 +00:00
Patrick Schleizer
2613525b94
readme 2019-10-18 10:39:19 +00:00
Patrick Schleizer
957deac5cb
fix lintian warning
W: security-misc: maintainer-script-should-not-parse-etc-passwd-or-group preinst:19
2019-10-18 10:38:25 +00:00
Patrick Schleizer
d301e7f365
description, fix lintian warning 2019-10-18 10:36:44 +00:00
Patrick Schleizer
ce6b64a9ba
bumped changelog version 2019-10-18 08:55:07 +00:00
Patrick Schleizer
20b7faa61f
readme 2019-10-18 08:54:43 +00:00
Patrick Schleizer
c9d75ef9ea
abort installation if no user is part of group sudo
https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4

Thanks to minimal for the bug report!
2019-10-17 06:46:47 -04:00
Patrick Schleizer
a5045dc26e
set -e 2019-10-17 06:18:32 -04:00
Patrick Schleizer
0b8725306f
renamed: etc/hide-hardware-info.d/30_whitelist.conf -> etc/hide-hardware-info.d/30_default.conf 2019-10-17 06:13:44 -04:00
Patrick Schleizer
4aba027566
syntax check 2019-10-17 06:12:36 -04:00
Patrick Schleizer
8b9aa8841a
fix 2019-10-17 06:11:01 -04:00
Patrick Schleizer
cfbd77040a
set "shopt -s nullglob" to avoid failing when folder /etc/hide-hardware-info.d
does not exist or is empty
2019-10-17 06:10:29 -04:00
Patrick Schleizer
b05663c5f6
shuffle
https://forums.whonix.org/t/restrict-hardware-information-to-root/7329/80
2019-10-17 06:08:55 -04:00
Patrick Schleizer
28a440091d
code simplification 2019-10-17 06:08:16 -04:00
Patrick Schleizer
3c4e261c20
remove trailing spaces 2019-10-17 06:05:23 -04:00
Patrick Schleizer
c8e0303d6d
Merge remote-tracking branch 'origin/master' 2019-10-17 06:04:34 -04:00
Patrick Schleizer
8a42c5b023
Merge pull request #34 from madaidan/whitelist
Add a whitelist for /sys and /proc/cpuinfo
2019-10-17 09:59:12 +00:00
Patrick Schleizer
994ca024c2
Merge pull request #33 from madaidan/documentation
Improve documentation
2019-10-17 06:19:46 +00:00
madaidan
61f742304d
return 0 2019-10-16 19:46:59 +00:00
madaidan
259b1f2c71
Update control 2019-10-16 19:21:24 +00:00
madaidan
ffba0e0179
Elaborate 2019-10-16 19:04:15 +00:00
madaidan
4f5b7816ec
Elaborate 2019-10-16 19:01:49 +00:00
madaidan
99a762d3dc
KASLR is different from ASLR 2019-10-16 18:53:04 +00:00
madaidan
a14a2854c6
Elaborate 2019-10-16 18:52:14 +00:00
madaidan
f08c03ab21
Restrict sysfs/cpuinfo if the whitelist is disabled 2019-10-16 15:39:23 +00:00
madaidan
af607d5eb2
Create sysfs and cpuinfo groups 2019-10-15 21:02:03 +00:00
madaidan
42c1701d5c
Whitelist user@.service 2019-10-15 21:00:03 +00:00
madaidan
a47a2fca8b
Create 30_whitelist.conf 2019-10-15 20:58:58 +00:00
madaidan
6b78dbcd07
Add way to whitelist things 2019-10-15 20:57:02 +00:00