Commit Graph

327 Commits

Author SHA1 Message Date
Patrick Schleizer
d4c79cce69
add "Depends: libpam-runtime" so pam-auth-update is available
for Debian maintainer script
2019-07-07 21:09:26 +00:00
Patrick Schleizer
f68b96241c
comment 2019-07-07 21:08:28 +00:00
Patrick Schleizer
91fb21aafb
Due to error:
Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so

run:
pam-auth-update --package
from Debian maintainer scripts
2019-07-07 16:51:40 -04:00
Patrick Schleizer
e543c4bf82
apparmor fixes (this broke whonixcheck apparmor profile) 2019-07-07 16:37:46 -04:00
Patrick Schleizer
8f4a5f33b9
bumped changelog version 2019-07-07 09:39:12 +00:00
Patrick Schleizer
3558a9949f
Enable APT seccomp sandboxing.
Thanks to @torjunkie for the suggestion!

https://forums.whonix.org/t/apt-seccomp-bpf-sandboxing/7702
2019-07-07 09:37:25 +00:00
Patrick Schleizer
93e81b4330
bumped changelog version 2019-07-06 13:56:28 +00:00
Patrick Schleizer
3cd1a5ec09
fix lintian warning 2019-07-06 13:56:00 +00:00
Patrick Schleizer
b73cdfd7cc
bumped changelog version 2019-07-06 13:53:10 +00:00
Patrick Schleizer
7b0b9da32c
Merge remote-tracking branch 'origin/master' 2019-07-06 07:06:54 -04:00
Patrick Schleizer
649878fdcb
Merge pull request #20 from madaidan/patch-15
Blacklist HDLC and use "install" for blacklisting firewire/thunderbolt
2019-07-06 11:06:25 +00:00
madaidan
8888147e1e
Update control 2019-07-04 14:26:31 +00:00
madaidan
46409be8b6
Use install instead of blacklist 2019-07-04 14:25:28 +00:00
madaidan
eb7eaffba1
Blacklist n-hdlc 2019-07-04 14:24:44 +00:00
Patrick Schleizer
6df7b3c295
bumped changelog version 2019-07-01 15:23:49 +00:00
Patrick Schleizer
f82731698c
re-enable PrivateNetwork=true 2019-07-01 14:53:01 +00:00
Patrick Schleizer
81b38529d9
add copyright for files in etc/pam.d/* 2019-07-01 13:58:20 +00:00
Patrick Schleizer
552b6edbed
fix machine readable copyright format 2019-07-01 13:51:00 +00:00
Patrick Schleizer
a05264934b
add copyright for etc/login.defs.security-misc 2019-07-01 13:46:01 +00:00
Patrick Schleizer
48e511347c
fix lintian warning 2019-07-01 13:37:55 +00:00
Patrick Schleizer
93c0821054
config-package-dev displace files for change umask
https://forums.whonix.org/t/change-default-umask/7416
2019-07-01 13:35:45 +00:00
Patrick Schleizer
a73f0566e9
change default umask to 006
session optional  pam_umask.so usergroups

https://forums.whonix.org/t/change-default-umask/7416/17
2019-07-01 13:25:23 +00:00
Patrick Schleizer
41b61e3277
revert to Debian buster original 2019-07-01 13:24:29 +00:00
Patrick Schleizer
88a78b1c87
Merge remote-tracking branch 'origin/master' 2019-07-01 09:21:05 -04:00
Patrick Schleizer
8c60e7c67f
Merge pull request #18 from madaidan/patch-14
Change the default umask to 006
2019-07-01 13:20:21 +00:00
Patrick Schleizer
24cc8e380d
comment out proc-hidepid.service hardening for now
since broken in Qubes Debian AppVMs

https://forums.whonix.org/t/kernel-hardening/7296/104
2019-07-01 03:43:02 -04:00
Patrick Schleizer
0bffc7a930
Merge remote-tracking branch 'origin/master' 2019-07-01 03:08:26 -04:00
Patrick Schleizer
3c176ce158
allow permissions openat mkdir
since required in Qubes Debian templates
2019-07-01 03:07:14 -04:00
Patrick Schleizer
344d009032
Merge pull request #19 from madaidan/patch-15
Add licensing to proc-hidepid.service
2019-07-01 06:39:28 +00:00
madaidan
b8f2aee905
Add licensing 2019-06-30 13:22:43 +00:00
madaidan
cfaafe400c
Update control 2019-06-30 13:16:12 +00:00
madaidan
eedeaa0e7f
Update common-session-noninteractive 2019-06-30 13:12:59 +00:00
madaidan
a9af85f585
Update common-session 2019-06-30 13:12:16 +00:00
madaidan
1e1d29cfde
Create common-session-noninteractive 2019-06-30 13:11:31 +00:00
madaidan
501901f7c0
Change default umask to 006 2019-06-30 13:10:54 +00:00
madaidan
09a5c27f47
Create common-session 2019-06-30 13:10:29 +00:00
madaidan
a319333493
Create login.defs 2019-06-30 13:09:51 +00:00
Patrick Schleizer
f26ad14d4c
bumped changelog version 2019-06-30 07:21:58 -04:00
Patrick Schleizer
b8ace6e3f6
bump 2019-06-30 07:21:31 -04:00
Patrick Schleizer
f3a4800987
bumped changelog version 2019-06-30 08:23:51 +00:00
Patrick Schleizer
85f61758c5
fix package description 2019-06-30 04:11:38 -04:00
Patrick Schleizer
e473397061
Merge remote-tracking branch 'origin/master' 2019-06-30 04:11:12 -04:00
Patrick Schleizer
ec78a3e42e
Merge pull request #17 from madaidan/patch-13
Disable coredumps
2019-06-30 08:10:28 +00:00
Patrick Schleizer
67de5247c8
Merge branch 'master' into patch-13 2019-06-30 08:10:04 +00:00
Patrick Schleizer
9525ff87c6
Merge pull request #16 from madaidan/patch-12
Mount /proc with hidepid=2
2019-06-30 08:09:23 +00:00
madaidan
dbfb9e1cdf
Update control 2019-06-30 00:21:46 +00:00
madaidan
024a698249
Update control 2019-06-30 00:20:38 +00:00
madaidan
230ef34db4
Create disable-coredumps.conf 2019-06-30 00:19:04 +00:00
madaidan
1bf802f846
Create coredumps.conf 2019-06-30 00:16:50 +00:00
madaidan
f040081a59
Prevent setuid processes from creating coredumps. 2019-06-30 00:13:52 +00:00