security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-12-28 20:34:29 -05:00

Author	SHA1	Message	Date
Aaron Rainbolt	4d0a126955	Merge remote-tracking branch 'raja/modprobe_refresh' into arraybolt3/trixie-raja-merge	2025-12-13 18:44:03 -06:00
Aaron Rainbolt	135ee80450	Move kernel.panic=-1 setting to sysctl, allow turning panic-on-oops off with systemctl	2025-12-11 18:47:42 -06:00
raja-grewal	53c4fdbeea	Merge branch 'Kicksecure:master' into modprobe_refresh	2025-12-11 12:52:14 +11:00
Patrick Schleizer	b7b6b6e5fb	output	2025-12-08 09:42:59 -05:00
Aaron Rainbolt	85761a4153	permission-hardener: Fix undo warning logic, minor improvements suggested by ChatGPT Codex	2025-12-04 23:27:18 -06:00
Aaron Rainbolt	0534a34ed7	Fix block-unsafe-logins when running as non-root, add swaylock to list of safe auth services	2025-12-02 19:06:30 -06:00
Aaron Rainbolt	5f34b4146e	Merge remote-tracking branch 'raja/docs' into arraybolt3/trixie	2025-11-30 00:12:18 -06:00
Aaron Rainbolt	2c253b1312	Merge remote-tracking branch 'raja/vsyscall32' into arraybolt3/trixie	2025-11-29 21:01:51 -06:00
Aaron Rainbolt	84e193c44e	Merge remote-tracking branch 'raja/stop_tw_reuse' into arraybolt3/trixie	2025-11-28 14:21:59 -06:00
Aaron Rainbolt	65c45fc3d7	Minor fixes to NMI panic docs	2025-11-28 00:13:45 -06:00
Aaron Rainbolt	37b1d055f1	Merge remote-tracking branch 'raja/panic_nmi' into arraybolt3/trixie	2025-11-28 00:09:43 -06:00
Patrick Schleizer	5c4d3162ab	fix	2025-11-23 05:25:13 -05:00
raja-grewal	79be87ec5f	Move (optional) CPU MSR module disable list	2025-11-21 13:05:13 +00:00
Aaron Rainbolt	936c799cb5	Don't break passwordless sudo in unrestricted admin mode	2025-11-18 23:53:03 -06:00
raja-grewal	ebc011e67b	Typo	2025-11-19 11:35:04 +11:00
Patrick Schleizer	efa06a1eae	port to package-installed-check	2025-11-14 00:44:50 -05:00
raja-grewal	d891313d57	Provide options to panic upon receiving NMIs	2025-11-11 11:39:21 +00:00
raja-grewal	0b9b9ffb1e	Improve clarity for panic on OOM	2025-11-11 11:32:47 +00:00
Aaron Rainbolt	3070aa5d1f	Fix passwordless login for sensitive accounts, only deny passwordless privilege escalation	2025-11-10 22:40:15 -06:00
Patrick Schleizer	fc1b865dd7	debugging	2025-11-10 02:21:27 -05:00
Patrick Schleizer	45126cede6	end-of-options	2025-11-10 02:19:29 -05:00
Patrick Schleizer	61637a5ff0	refactoring	2025-11-10 02:15:30 -05:00
Patrick Schleizer	ddb59a3b01	comment	2025-11-10 02:13:48 -05:00
Patrick Schleizer	ae1e2e3b52	output	2025-11-10 02:10:25 -05:00
Patrick Schleizer	f2b7658542	use long option names	2025-11-10 02:09:54 -05:00
Patrick Schleizer	71ca68bd4a	end-of-options	2025-11-10 02:09:00 -05:00
Patrick Schleizer	e9e6c12b03	output	2025-11-10 02:08:04 -05:00
Patrick Schleizer	f5db916bf7	fix	2025-11-10 02:06:55 -05:00
Patrick Schleizer	bb0a23fcc8	chmod +x	2025-11-10 02:05:47 -05:00
raja-grewal	5ac02d2d52	Set `net.ipv4.tcp_tw_reuse=0`	2025-11-10 06:13:35 +00:00
raja-grewal	b89aaea61e	Add docs on logging martian packets	2025-11-10 06:03:33 +00:00
Aaron Rainbolt	5fbd42bbec	Add kill-vboxdrmclient-on-shutdown.service	2025-11-09 18:38:54 -06:00
Aaron Rainbolt	9d86379f56	Prevent non-sysmaint logins in sysmaint mode and unsafe passwordless logins in user mode	2025-11-09 17:50:28 -06:00
raja-grewal	a3830db09e	Update docs relating to panic on OOM	2025-11-09 13:42:31 +00:00
raja-grewal	0aa0b67df6	Merge branch 'master' into docs	2025-11-10 00:20:48 +11:00
Patrick Schleizer	0391411885	revert Force immediate kernel panic on OOM. https://github.com/Kicksecure/security-misc/issues/324#issuecomment-3507949741	2025-11-09 05:47:00 -05:00
Patrick Schleizer	d50e6afc8f	sanity test	2025-11-08 01:34:32 -05:00
Patrick Schleizer	1267960842	comments	2025-11-08 01:32:45 -05:00
Patrick Schleizer	1e48886c7e	long option name	2025-11-08 01:31:02 -05:00
Aaron Rainbolt	fa32ba6c4f	Suppress usbguard startup unless a USB controller is visible to lspci	2025-11-07 17:09:34 -06:00
raja-grewal	4c88b91141	Merge branch 'Kicksecure:master' into docs	2025-11-05 10:10:10 +11:00
raja-grewal	c5f91eb33a	Add another method to disable 32-bit legacy vsyscalls	2025-11-02 06:15:06 +00:00
Patrick Schleizer	94918eeefb	lintian	2025-11-01 05:24:31 -04:00
Patrick Schleizer	e24eee361d	remove unicode	2025-11-01 04:10:17 -04:00
Aaron Rainbolt	8b766fc3ad	Lock down flatpak software management	2025-10-31 15:23:12 -05:00
Patrick Schleizer	aae472d9cf	Revert "Move apparmor-info, apparmor-watch to security-misc, enable systemd-journald audit transport" This reverts commit `d1e148eba7`.	2025-10-31 10:24:31 -04:00
Aaron Rainbolt	d1e148eba7	Move apparmor-info, apparmor-watch to security-misc, enable systemd-journald audit transport	2025-10-30 23:05:19 -05:00
Patrick Schleizer	cb70f19837	more robust, standardized kernel_cmdline variable detection	2025-10-26 08:06:26 -04:00
Patrick Schleizer	1f093f8175	do not start usbguard-notifier if /sys/bus/usb does not exist	2025-10-22 00:37:36 -04:00
raja-grewal	9f7480e20a	Make terminology consistent	2025-10-19 01:41:58 +00:00

1 2 3 4 5 ...

1123 commits