Friedrich Doku
|
7cf51a1b43
|
Checking job queue instead of dbus
|
2023-01-06 21:32:57 -05:00 |
|
Friedrich Doku
|
014d10b977
|
Update cold-boot-attack-defense-kexec-prepare.service
|
2023-01-06 13:52:09 -05:00 |
|
Friedrich Doku
|
f463750920
|
Update cold-boot-attack-defense-kexec-prepare.service
|
2023-01-06 13:48:22 -05:00 |
|
Friedrich Doku
|
73913ea5af
|
Added checks
|
2023-01-06 12:49:34 -05:00 |
|
Friedrich Doku
|
a7015f4ddf
|
added files
|
2023-01-06 10:50:34 -05:00 |
|
Patrick Schleizer
|
2d37e3a1af
|
copyright
|
2022-05-20 14:46:38 -04:00 |
|
Patrick Schleizer
|
7d73b3ffa0
|
add hardened malloc compatibility for haveged workaround
`/lib/systemd/system/haveged.service.d/30_security-misc.conf`
`SystemCallFilter=getrandom`
Otherwise haveged will exit with a core dump.
|
2021-08-17 15:21:26 -04:00 |
|
Patrick Schleizer
|
50bdd097df
|
move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS
|
2021-08-03 12:56:31 -04:00 |
|
Patrick Schleizer
|
5a65c35479
|
port LKRG compatibility settings automation for VirtualBox hosts from systemd to dpkg trigger
|
2021-08-01 13:11:18 -04:00 |
|
Patrick Schleizer
|
257cef24ba
|
add LKRG compatibility settings automation for VirtualBox hosts
https://github.com/openwall/lkrg/issues/82
|
2021-07-24 18:03:40 -04:00 |
|
Patrick Schleizer
|
41734ec523
|
systemd RemainAfterExit=yes
for better usability
https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618/33
|
2021-04-03 11:44:13 -04:00 |
|
Patrick Schleizer
|
a67007f4b7
|
copyright
|
2021-03-17 09:45:21 -04:00 |
|
Patrick Schleizer
|
8851c9ed29
|
fix: disable proc-hidepid.service
|
2020-04-14 12:39:34 -04:00 |
|
Patrick Schleizer
|
72be31e870
|
disable proc-hidepid by default because incompatible with pkexec
and undo pkexec wrapper
|
2020-04-12 16:48:13 -04:00 |
|
Patrick Schleizer
|
2ceea8d1fe
|
update copyright year
|
2020-04-01 08:49:59 -04:00 |
|
Patrick Schleizer
|
a37da1c968
|
add digits to drop-in file names
|
2020-01-24 04:39:06 -05:00 |
|
Patrick Schleizer
|
9c0d6b6057
|
copyright
|
2019-12-29 05:09:07 -05:00 |
|
Patrick Schleizer
|
edc08988f2
|
copyright
|
2019-12-29 05:08:53 -05:00 |
|
Patrick Schleizer
|
9156d3584c
|
Description
|
2019-12-29 04:59:05 -05:00 |
|
Patrick Schleizer
|
3ea946b365
|
RemainAfterExit=yes
|
2019-12-29 04:56:51 -05:00 |
|
Patrick Schleizer
|
2787ae9765
|
copyright
|
2019-12-29 04:56:35 -05:00 |
|
Patrick Schleizer
|
6d56eb9ef0
|
minor
|
2019-12-29 04:56:18 -05:00 |
|
Patrick Schleizer
|
0e14706f32
|
copyright
|
2019-12-29 04:45:26 -05:00 |
|
Patrick Schleizer
|
617c0a0e15
|
disable remount-secure.service - Disable for now until development finished / tested.
|
2019-12-23 07:21:26 -05:00 |
|
Patrick Schleizer
|
7f20160477
|
comment
|
2019-12-20 05:24:00 -05:00 |
|
Patrick Schleizer
|
a135ae9400
|
use must manually enable permission-hardening.service
until development finished
|
2019-12-20 05:22:59 -05:00 |
|
Patrick Schleizer
|
d80bf036f3
|
Disable permission hardening now until development finished / tested.
|
2019-12-09 03:50:43 -05:00 |
|
madaidan
|
d7e2deae92
|
Create permission-hardening.service
|
2019-12-08 16:50:54 +00:00 |
|
Patrick Schleizer
|
1227ccd1f7
|
After=qubes-sysinit.service
|
2019-12-08 04:37:53 -05:00 |
|
Patrick Schleizer
|
2954dcbccf
|
minor
|
2019-12-06 12:24:55 -05:00 |
|
Patrick Schleizer
|
f3647e7478
|
RemainAfterExit=yes
|
2019-12-06 12:18:18 -05:00 |
|
Patrick Schleizer
|
470cad6e91
|
remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
|
2019-12-06 05:14:02 -05:00 |
|
madaidan
|
e92022a21c
|
Remove systemd sandboxing
|
2019-11-16 14:56:28 +00:00 |
|
Patrick Schleizer
|
203d5cfa68
|
copyright
|
2019-10-31 11:19:44 -04:00 |
|
madaidan
|
42c1701d5c
|
Whitelist user@.service
|
2019-10-15 21:00:03 +00:00 |
|
Patrick Schleizer
|
c87fc75f2a
|
fix, run remove-system-map.service during sysinit.target
|
2019-10-05 09:36:21 +00:00 |
|
Patrick Schleizer
|
25b6746784
|
fix systemd unit file proc-hidepid.service: WantedBy=sysinit.target
|
2019-10-05 09:14:54 +00:00 |
|
madaidan
|
7345287560
|
Use sysinit.target instead
|
2019-10-04 17:32:52 +00:00 |
|
madaidan
|
e06eeec678
|
Disable hide-hardware-info.service by default
|
2019-10-03 21:42:06 +00:00 |
|
madaidan
|
b06ab912c0
|
Add licensing
|
2019-10-03 21:37:29 +00:00 |
|
madaidan
|
ce97e5ed82
|
Create hide-hardware-info.service
|
2019-10-03 20:45:29 +00:00 |
|
Patrick Schleizer
|
fbd1a5bde9
|
hidepid before sysinit.target
|
2019-09-10 12:23:00 -04:00 |
|
madaidan
|
932524cbd1
|
Move disable-coredumps.conf to correct position
|
2019-07-10 15:28:48 +00:00 |
|
Patrick Schleizer
|
f82731698c
|
re-enable PrivateNetwork=true
|
2019-07-01 14:53:01 +00:00 |
|
Patrick Schleizer
|
24cc8e380d
|
comment out proc-hidepid.service hardening for now
since broken in Qubes Debian AppVMs
https://forums.whonix.org/t/kernel-hardening/7296/104
|
2019-07-01 03:43:02 -04:00 |
|
Patrick Schleizer
|
0bffc7a930
|
Merge remote-tracking branch 'origin/master'
|
2019-07-01 03:08:26 -04:00 |
|
Patrick Schleizer
|
3c176ce158
|
allow permissions openat mkdir
since required in Qubes Debian templates
|
2019-07-01 03:07:14 -04:00 |
|
madaidan
|
b8f2aee905
|
Add licensing
|
2019-06-30 13:22:43 +00:00 |
|
Patrick Schleizer
|
67de5247c8
|
Merge branch 'master' into patch-13
|
2019-06-30 08:10:04 +00:00 |
|
madaidan
|
c6b669f1a5
|
Create disable-coredumps.conf
|
2019-06-30 00:11:13 +00:00 |
|