security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00

Author	SHA1	Message	Date
Patrick Schleizer	ed20980f4c	refactoring	2019-12-21 05:07:10 -05:00
Patrick Schleizer	89be5f2ecb	bumped changelog version	2019-12-21 02:05:39 -05:00
Patrick Schleizer	1cd5fb6a00	bumped changelog version	2019-12-20 11:50:25 -05:00
Patrick Schleizer	28d12c3966	bumped changelog version	2019-12-20 11:09:22 -05:00
Patrick Schleizer	c0ddb76d74	bumped changelog version	2019-12-20 10:50:51 -05:00
Patrick Schleizer	089c40135f	bumped changelog version	2019-12-20 08:15:00 -05:00
Patrick Schleizer	ddc0eec63d	bumped changelog version	2019-12-20 07:12:36 -05:00
Patrick Schleizer	8e112c3423	description	2019-12-20 06:53:24 -05:00
Patrick Schleizer	24ea70384b	description	2019-12-20 06:53:03 -05:00
Patrick Schleizer	6dd6530fa5	remove hardening-enable please invent package security-paranoid instead https://forums.whonix.org/t/security-hardening-tool-usr-bin-hardening-enable-by-security-misc/8609	2019-12-20 05:32:26 -05:00
Patrick Schleizer	62eb462920	skip console_users_check for Qubes users	2019-12-16 06:46:48 -05:00
Patrick Schleizer	ab68182e11	bumped changelog version	2019-12-16 06:27:51 -05:00
Patrick Schleizer	2c4170e6f3	description	2019-12-12 09:47:58 -05:00
Patrick Schleizer	2d5ef378f3	description	2019-12-12 09:39:39 -05:00
Patrick Schleizer	a10597de92	bumped changelog version	2019-12-12 09:04:15 -05:00
Patrick Schleizer	729fa26eca	use pam_acccess only for /etc/pam.d/login remove "Allow members of group 'ssh' to login." remove "+:ssh:ALL EXCEPT LOCAL"	2019-12-12 09:00:08 -05:00
Patrick Schleizer	22b6480bc4	bumped changelog version	2019-12-10 11:44:02 -05:00
Patrick Schleizer	88bea2a6ef	comment	2019-12-10 03:53:10 -05:00
Patrick Schleizer	7d8001ddc9	refactoring	2019-12-10 03:51:39 -05:00
Patrick Schleizer	d2f6ac0491	fix, do user/group modifications in preinst rather than postinst	2019-12-10 03:50:23 -05:00
Patrick Schleizer	64ae53edb9	bumped changelog version	2019-12-09 08:25:30 -05:00
Patrick Schleizer	6f944234a9	bumped changelog version	2019-12-08 05:26:29 -05:00
Patrick Schleizer	c192644ee3	security-misc `/usr/share/pam-configs/permission-lockdown-security-misc` is no longer required, removed. Thereby fix apparmor issue. > Dec 08 09:47:50 host audit[3232]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=3232 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 > Dec 08 09:47:50 host sudo[3232]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied It is no longer required, because... existing linux user accounts: * Get permission lock down because security-misc `debian/security-misc.postinst` calls `/usr/lib/security-misc/permission-lockdown`. new linux user accounts (created at first boot): * security-misc `/usr/share/pam-configs/mkhomedir-security-misc` pam mkhomedir sets secure permissions using `umask=027`.	2019-12-08 05:21:35 -05:00
Patrick Schleizer	edcc2de71d	bumped changelog version	2019-12-08 04:38:33 -05:00
Patrick Schleizer	17d81d0083	bumped changelog version	2019-12-08 04:27:01 -05:00
Patrick Schleizer	ebae9eef38	skip sudo_users_check in Qubes Qubes users can use dom0 to get a root terminal emulator. For example: qvm-run -u root debian-10 xterm	2019-12-08 04:25:19 -05:00
Patrick Schleizer	53e4717c62	bumped changelog version	2019-12-08 04:05:29 -05:00
Patrick Schleizer	a345a0fb64	abort installation if ssh.service is enabled but no user is member of group ssh	2019-12-08 03:27:12 -05:00
Patrick Schleizer	cea598dc1a	refactoring	2019-12-08 02:43:05 -05:00
Patrick Schleizer	54f5e02c21	comment	2019-12-08 02:42:30 -05:00
Patrick Schleizer	b4265195f4	refactoring	2019-12-08 02:41:36 -05:00
Patrick Schleizer	0f65b2e85c	abort installation if no user is a member of group "console"; output https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/7	2019-12-08 02:38:19 -05:00
Patrick Schleizer	1dbca1ea2d	add usr/bin/hardening-enable	2019-12-08 02:27:09 -05:00
Patrick Schleizer	24423b42f0	description	2019-12-08 02:03:05 -05:00
Patrick Schleizer	6b01e5be14	comment	2019-12-08 02:01:22 -05:00
Patrick Schleizer	66bebefc9f	description	2019-12-08 02:00:23 -05:00
Patrick Schleizer	52e0f104cc	comment	2019-12-08 01:59:55 -05:00
Patrick Schleizer	731d486fa0	refactoring	2019-12-08 01:58:58 -05:00
Patrick Schleizer	221a2df2a2	refactoring	2019-12-08 01:58:37 -05:00
Patrick Schleizer	b871421a54	usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc	2019-12-08 01:57:43 -05:00
Patrick Schleizer	d36669596f	comment	2019-12-08 01:56:30 -05:00
Patrick Schleizer	1a0f353708	comment	2019-12-08 01:47:40 -05:00
Patrick Schleizer	eed1f0a462	comment	2019-12-08 01:46:32 -05:00
Patrick Schleizer	2491b62393	refactoring, add all groups first before adding any users to any groups	2019-12-08 01:43:45 -05:00
Patrick Schleizer	1464f01d19	description	2019-12-08 01:30:42 -05:00
Patrick Schleizer	c1800b13fe	separate group "ssh" for incoming ssh console permission Thanks to @madaidan https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16	2019-12-07 11:26:39 -05:00
Patrick Schleizer	55225aa30e	description	2019-12-07 07:16:07 -05:00
Patrick Schleizer	34a2bc16c8	description	2019-12-07 07:15:58 -05:00
Patrick Schleizer	d823f06c78	description	2019-12-07 07:13:42 -05:00
Patrick Schleizer	090ddbe96a	description	2019-12-07 06:00:41 -05:00

1 2 3 4 5 ...

312 Commits