Commit Graph

381 Commits

Author SHA1 Message Date
Patrick Schleizer
4e96ffaabb
chrome-sandbox matchwhitelist 2023-11-06 16:37:19 -05:00
Patrick Schleizer
51decff2fd
exclude qfile-unpacker from permission hardener 2023-11-05 16:03:36 -05:00
Patrick Schleizer
1900c1ab07
pam exclude from permission-hardener 2023-11-05 15:57:49 -05:00
Patrick Schleizer
5a75bcfb19
Merge pull request #145 from monsieuremre/wifi-and-bluetooth
Wifi and Bluetooth Patch | Security and Privacy
2023-11-05 14:49:00 -05:00
Patrick Schleizer
4946f85d43
Merge pull request #146 from monsieuremre/thunderbird
Thunderbird Hardening
2023-11-05 14:37:47 -05:00
Patrick Schleizer
97054b2b10
revert enabling kernel module signature enforcement
due to issues

https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/63

https://github.com/dell/dkms/issues/359
2023-11-03 15:55:17 -04:00
Patrick Schleizer
0242c04dc2
port to DKMS drop-in folder
undisplace /etc/dkms/framework.conf.security-misc
moved to /etc/dkms/framework.conf.d/30_security-misc.conf
2023-11-03 14:51:14 -04:00
Patrick Schleizer
d1b5a3ffd5
/usr/sbin/pam-tmpdir-helper exactwhitelist
https://github.com/Kicksecure/security-misc/pull/147
2023-11-03 12:55:34 -04:00
Patrick Schleizer
b6d53f698d
Revert "allow loading unsigned modules due to issues"
This reverts commit 661bcd8603.
2023-11-03 12:17:00 -04:00
monsieuremre
1abac794b5
very secure and private defaults 2023-11-02 09:15:20 +00:00
monsieuremre
5a583ca48c
typo in file name 2023-11-02 08:30:26 +00:00
monsieuremre
229032d691
Rename etc/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf to usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf 2023-11-01 17:54:05 +00:00
monsieuremre
1049298e7b
Update and rename etc/NetworkManager/conf.d/99_randomize-mac.conf to usr/lib/NetworkManager/conf.d/99_randomize-mac.conf 2023-11-01 17:52:40 +00:00
monsieuremre
76e684cc0a
Update and rename etc/NetworkManager/conf.d/99_ipv6-privacy.conf to usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf 2023-11-01 17:51:27 +00:00
monsieuremre
fc8e201e84
rename 2023-10-27 14:49:24 +00:00
monsieuremre
13b4ddbb62
30_security-misc.conf 2023-10-27 14:34:21 +00:00
monsieuremre
b298d152fc
30_security-misc.conf 2023-10-27 14:32:08 +00:00
monsieuremre
3d4b04fddc
99_ipv6-privacy.conf 2023-10-27 12:35:39 +00:00
monsieuremre
e90f62eaab
99_randomize_mac.conf 2023-10-27 12:34:15 +00:00
monsieuremre
604d839537
99_ipv6-privacy-extensions.conf 2023-10-27 12:30:26 +00:00
monsieuremre
f2c23a2831
ssh config 2023-10-27 10:53:45 +00:00
Patrick Schleizer
7cff267002
remove duplicates 2023-10-26 19:31:14 -04:00
monsieuremre
99355c6169
new lines 30_default.conf 2023-10-26 17:45:28 +00:00
Patrick Schleizer
b7c52800f4
renamed: etc/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/30_security-misc.conf
renamed:    etc/sysctl.d/30_security-misc_kexec-disable.conf -> usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
renamed:    etc/sysctl.d/30_silent-kernel-printk.conf -> usr/lib/sysctl.d/30_silent-kernel-printk.conf
2023-10-25 17:28:43 -04:00
Patrick Schleizer
f6d1346e2b
fix 2023-10-22 16:22:08 -04:00
Patrick Schleizer
11382881b5
comments 2023-10-22 16:12:26 -04:00
Patrick Schleizer
4288e10554
fix, rework remount-secure kernel parameters parsing 2023-10-22 13:25:31 -04:00
Patrick Schleizer
c409e3221e
implement remount-secure 2023-10-22 09:36:03 -04:00
Patrick Schleizer
ae2c1c5a7a
fix xession environment variable 2023-10-21 14:18:50 -04:00
Patrick Schleizer
d543825d85
comments 2023-10-21 12:24:59 -04:00
Patrick Schleizer
645ee814e4
fix 2023-10-13 15:22:48 -04:00
Patrick Schleizer
2d45241084
avoid duplicate environment variables 2023-10-12 11:37:01 -04:00
Patrick Schleizer
fa820e8978
refactoring environment variables loading mechanism 2023-10-12 10:40:27 -04:00
Patrick Schleizer
8a6baea990
comment 2023-06-22 16:16:15 +00:00
Raja Grewal
cf003dfad8
Update comments 2023-05-16 02:11:44 +10:00
Jeremy Rand
61f63255ac
vm.mmap_rnd_bits: Fix ppc64le
Probably fixes a bunch of other non-x86_64 arches too.
2023-04-24 23:07:39 +00:00
Patrick Schleizer
5c6db28881
Merge pull request #122 from raja-grewal/tcp
Remove outdated comment about SACK, DSACK, and FACK
2023-03-31 04:52:55 -04:00
Raja Grewal
ed5f8be9eb
Remove outdated comment about SACK, DSACK, and FACK 2023-03-30 19:17:43 +11:00
Raja Grewal
7a4212dd76
Update copyright 2023-03-30 17:08:47 +11:00
Patrick Schleizer
8c3204a5e4
comment 2023-01-25 15:20:30 -05:00
Patrick Schleizer
65c29f493b
move kexec disabling to dedicated file /etc/sysctl.d/30_security-misc_kexec-disable.conf
so ram-wipe can `config-package-dev` `hide` this config file
2023-01-25 15:13:19 -05:00
Patrick Schleizer
ad5d0d4b12
disable kexec (revert enabling kexec)
remove kexec-utils for ram-wipe since moved to its own package
2023-01-09 06:37:45 -05:00
Patrick Schleizer
87c4e77c01
migrate to ram-wipe package 2023-01-09 06:23:00 -05:00
Friedrich Doku
78a4fad667 Change echo to info. Included more reliable way of getting initrd and kernel. Allow user custom kexec 2023-01-07 11:14:31 -05:00
Raja Grewal
f81714be50
Merge branch 'Kicksecure:master' into framebuffer 2022-12-13 05:14:56 +00:00
Raja Grewal
d67845fea8
Typo 2022-12-13 16:11:24 +11:00
Patrick Schleizer
6d7a782624
fix 2022-11-24 07:21:46 -05:00
Raja Grewal
6f695902fb
Add comment about legacy Apple fiesystems 2022-11-23 23:53:40 +11:00
Patrick Schleizer
e5255a630a
pam-info: support non-root environments (such as during graphical display manager login and xscreensaver) 2022-11-22 05:57:30 -05:00
Raja Grewal
daa30d4e78
Include several framebuffer drivers into blacklist
These were previously commented out to test for compatibility issues.
2022-11-09 20:43:59 +11:00