Patrick Schleizer
|
4e96ffaabb
|
chrome-sandbox matchwhitelist
|
2023-11-06 16:37:19 -05:00 |
|
Patrick Schleizer
|
51decff2fd
|
exclude qfile-unpacker from permission hardener
|
2023-11-05 16:03:36 -05:00 |
|
Patrick Schleizer
|
1900c1ab07
|
pam exclude from permission-hardener
|
2023-11-05 15:57:49 -05:00 |
|
Patrick Schleizer
|
5a75bcfb19
|
Merge pull request #145 from monsieuremre/wifi-and-bluetooth
Wifi and Bluetooth Patch | Security and Privacy
|
2023-11-05 14:49:00 -05:00 |
|
Patrick Schleizer
|
4946f85d43
|
Merge pull request #146 from monsieuremre/thunderbird
Thunderbird Hardening
|
2023-11-05 14:37:47 -05:00 |
|
Patrick Schleizer
|
97054b2b10
|
revert enabling kernel module signature enforcement
due to issues
https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/63
https://github.com/dell/dkms/issues/359
|
2023-11-03 15:55:17 -04:00 |
|
Patrick Schleizer
|
0242c04dc2
|
port to DKMS drop-in folder
undisplace /etc/dkms/framework.conf.security-misc
moved to /etc/dkms/framework.conf.d/30_security-misc.conf
|
2023-11-03 14:51:14 -04:00 |
|
Patrick Schleizer
|
d1b5a3ffd5
|
/usr/sbin/pam-tmpdir-helper exactwhitelist
https://github.com/Kicksecure/security-misc/pull/147
|
2023-11-03 12:55:34 -04:00 |
|
Patrick Schleizer
|
b6d53f698d
|
Revert "allow loading unsigned modules due to issues"
This reverts commit 661bcd8603 .
|
2023-11-03 12:17:00 -04:00 |
|
monsieuremre
|
1abac794b5
|
very secure and private defaults
|
2023-11-02 09:15:20 +00:00 |
|
monsieuremre
|
5a583ca48c
|
typo in file name
|
2023-11-02 08:30:26 +00:00 |
|
monsieuremre
|
229032d691
|
Rename etc/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf to usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf
|
2023-11-01 17:54:05 +00:00 |
|
monsieuremre
|
1049298e7b
|
Update and rename etc/NetworkManager/conf.d/99_randomize-mac.conf to usr/lib/NetworkManager/conf.d/99_randomize-mac.conf
|
2023-11-01 17:52:40 +00:00 |
|
monsieuremre
|
76e684cc0a
|
Update and rename etc/NetworkManager/conf.d/99_ipv6-privacy.conf to usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf
|
2023-11-01 17:51:27 +00:00 |
|
monsieuremre
|
fc8e201e84
|
rename
|
2023-10-27 14:49:24 +00:00 |
|
monsieuremre
|
13b4ddbb62
|
30_security-misc.conf
|
2023-10-27 14:34:21 +00:00 |
|
monsieuremre
|
b298d152fc
|
30_security-misc.conf
|
2023-10-27 14:32:08 +00:00 |
|
monsieuremre
|
3d4b04fddc
|
99_ipv6-privacy.conf
|
2023-10-27 12:35:39 +00:00 |
|
monsieuremre
|
e90f62eaab
|
99_randomize_mac.conf
|
2023-10-27 12:34:15 +00:00 |
|
monsieuremre
|
604d839537
|
99_ipv6-privacy-extensions.conf
|
2023-10-27 12:30:26 +00:00 |
|
monsieuremre
|
f2c23a2831
|
ssh config
|
2023-10-27 10:53:45 +00:00 |
|
Patrick Schleizer
|
7cff267002
|
remove duplicates
|
2023-10-26 19:31:14 -04:00 |
|
monsieuremre
|
99355c6169
|
new lines 30_default.conf
|
2023-10-26 17:45:28 +00:00 |
|
Patrick Schleizer
|
b7c52800f4
|
renamed: etc/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/30_security-misc.conf
renamed: etc/sysctl.d/30_security-misc_kexec-disable.conf -> usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
renamed: etc/sysctl.d/30_silent-kernel-printk.conf -> usr/lib/sysctl.d/30_silent-kernel-printk.conf
|
2023-10-25 17:28:43 -04:00 |
|
Patrick Schleizer
|
f6d1346e2b
|
fix
|
2023-10-22 16:22:08 -04:00 |
|
Patrick Schleizer
|
11382881b5
|
comments
|
2023-10-22 16:12:26 -04:00 |
|
Patrick Schleizer
|
4288e10554
|
fix, rework remount-secure kernel parameters parsing
|
2023-10-22 13:25:31 -04:00 |
|
Patrick Schleizer
|
c409e3221e
|
implement remount-secure
|
2023-10-22 09:36:03 -04:00 |
|
Patrick Schleizer
|
ae2c1c5a7a
|
fix xession environment variable
|
2023-10-21 14:18:50 -04:00 |
|
Patrick Schleizer
|
d543825d85
|
comments
|
2023-10-21 12:24:59 -04:00 |
|
Patrick Schleizer
|
645ee814e4
|
fix
|
2023-10-13 15:22:48 -04:00 |
|
Patrick Schleizer
|
2d45241084
|
avoid duplicate environment variables
|
2023-10-12 11:37:01 -04:00 |
|
Patrick Schleizer
|
fa820e8978
|
refactoring environment variables loading mechanism
|
2023-10-12 10:40:27 -04:00 |
|
Patrick Schleizer
|
8a6baea990
|
comment
|
2023-06-22 16:16:15 +00:00 |
|
Raja Grewal
|
cf003dfad8
|
Update comments
|
2023-05-16 02:11:44 +10:00 |
|
Jeremy Rand
|
61f63255ac
|
vm.mmap_rnd_bits: Fix ppc64le
Probably fixes a bunch of other non-x86_64 arches too.
|
2023-04-24 23:07:39 +00:00 |
|
Patrick Schleizer
|
5c6db28881
|
Merge pull request #122 from raja-grewal/tcp
Remove outdated comment about SACK, DSACK, and FACK
|
2023-03-31 04:52:55 -04:00 |
|
Raja Grewal
|
ed5f8be9eb
|
Remove outdated comment about SACK, DSACK, and FACK
|
2023-03-30 19:17:43 +11:00 |
|
Raja Grewal
|
7a4212dd76
|
Update copyright
|
2023-03-30 17:08:47 +11:00 |
|
Patrick Schleizer
|
8c3204a5e4
|
comment
|
2023-01-25 15:20:30 -05:00 |
|
Patrick Schleizer
|
65c29f493b
|
move kexec disabling to dedicated file /etc/sysctl.d/30_security-misc_kexec-disable.conf
so ram-wipe can `config-package-dev` `hide` this config file
|
2023-01-25 15:13:19 -05:00 |
|
Patrick Schleizer
|
ad5d0d4b12
|
disable kexec (revert enabling kexec)
remove kexec-utils for ram-wipe since moved to its own package
|
2023-01-09 06:37:45 -05:00 |
|
Patrick Schleizer
|
87c4e77c01
|
migrate to ram-wipe package
|
2023-01-09 06:23:00 -05:00 |
|
Friedrich Doku
|
78a4fad667
|
Change echo to info. Included more reliable way of getting initrd and kernel. Allow user custom kexec
|
2023-01-07 11:14:31 -05:00 |
|
Raja Grewal
|
f81714be50
|
Merge branch 'Kicksecure:master' into framebuffer
|
2022-12-13 05:14:56 +00:00 |
|
Raja Grewal
|
d67845fea8
|
Typo
|
2022-12-13 16:11:24 +11:00 |
|
Patrick Schleizer
|
6d7a782624
|
fix
|
2022-11-24 07:21:46 -05:00 |
|
Raja Grewal
|
6f695902fb
|
Add comment about legacy Apple fiesystems
|
2022-11-23 23:53:40 +11:00 |
|
Patrick Schleizer
|
e5255a630a
|
pam-info: support non-root environments (such as during graphical display manager login and xscreensaver)
|
2022-11-22 05:57:30 -05:00 |
|
Raja Grewal
|
daa30d4e78
|
Include several framebuffer drivers into blacklist
These were previously commented out to test for compatibility issues.
|
2022-11-09 20:43:59 +11:00 |
|