Commit Graph

1854 Commits

Author SHA1 Message Date
Patrick Schleizer
51decff2fd
exclude qfile-unpacker from permission hardener 2023-11-05 16:03:36 -05:00
Patrick Schleizer
52b6e92e00
bumped changelog version 2023-11-05 15:58:21 -05:00
Patrick Schleizer
1900c1ab07
pam exclude from permission-hardener 2023-11-05 15:57:49 -05:00
Patrick Schleizer
76e3a3c5f9
bumped changelog version 2023-11-05 15:29:38 -05:00
Patrick Schleizer
d4494fd3c3
disable remount-secure dracut modules
pending new systemd based implementation

https://github.com/Kicksecure/security-misc/pull/152
2023-11-05 15:27:09 -05:00
Patrick Schleizer
949c163370
bumped changelog version 2023-11-05 15:14:43 -05:00
Patrick Schleizer
4a19fbae0b
move permission-hardening to /usr/bin to make it more easily accessible 2023-11-05 15:13:01 -05:00
Patrick Schleizer
c75f80b29f
lower verbosity of permission hardener
fixes https://github.com/Kicksecure/security-misc/issues/158
2023-11-05 15:09:29 -05:00
Patrick Schleizer
0544657123
bumped changelog version 2023-11-05 14:56:06 -05:00
Patrick Schleizer
42be631023
readme 2023-11-05 14:54:05 -05:00
Patrick Schleizer
55ba5d4832
renamed: usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf -> usr/lib/NetworkManager/conf.d/80_ipv6-privacy.conf
renamed:    usr/lib/NetworkManager/conf.d/99_randomize-mac.conf -> usr/lib/NetworkManager/conf.d/80_randomize-mac.conf
renamed:    usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf -> usr/lib/systemd/networkd.conf.d/80_ipv6-privacy-extensions.conf
2023-11-05 14:51:31 -05:00
Patrick Schleizer
eab5d7d4ec
cleanup 2023-11-05 14:50:13 -05:00
Patrick Schleizer
811d1cd0dd
Merge remote-tracking branch 'github-kicksecure/master' 2023-11-05 14:49:43 -05:00
Patrick Schleizer
5a75bcfb19
Merge pull request #145 from monsieuremre/wifi-and-bluetooth
Wifi and Bluetooth Patch | Security and Privacy
2023-11-05 14:49:00 -05:00
Patrick Schleizer
93437952b4
readme 2023-11-05 14:41:01 -05:00
Patrick Schleizer
f32b543887
Merge remote-tracking branch 'github-kicksecure/master' 2023-11-05 14:38:20 -05:00
Patrick Schleizer
4946f85d43
Merge pull request #146 from monsieuremre/thunderbird
Thunderbird Hardening
2023-11-05 14:37:47 -05:00
Patrick Schleizer
56b90eecbf
Merge remote-tracking branch 'github-kicksecure/master' 2023-11-05 14:35:23 -05:00
Patrick Schleizer
817ca116f6
Merge pull request #153 from monsieuremre/readme
Updated Readme
2023-11-05 14:34:13 -05:00
Patrick Schleizer
3178677584
Merge remote-tracking branch 'github-kicksecure/master' 2023-11-05 14:32:21 -05:00
Patrick Schleizer
d9b5d770cf
Merge pull request #150 from monsieuremre/sysreq
Disable SysRq by default
2023-11-05 14:31:26 -05:00
Patrick Schleizer
dcead44cc6
output 2023-11-05 11:32:46 -05:00
Patrick Schleizer
f6bf69b41f
update link 2023-11-05 11:31:09 -05:00
monsieuremre
fbd9e5d017
README.md 2023-11-04 14:33:35 +00:00
Patrick Schleizer
97054b2b10
revert enabling kernel module signature enforcement
due to issues

https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/63

https://github.com/dell/dkms/issues/359
2023-11-03 15:55:17 -04:00
Patrick Schleizer
978e3e4abd
readme 2023-11-03 14:53:40 -04:00
Patrick Schleizer
0242c04dc2
port to DKMS drop-in folder
undisplace /etc/dkms/framework.conf.security-misc
moved to /etc/dkms/framework.conf.d/30_security-misc.conf
2023-11-03 14:51:14 -04:00
Patrick Schleizer
d1b5a3ffd5
/usr/sbin/pam-tmpdir-helper exactwhitelist
https://github.com/Kicksecure/security-misc/pull/147
2023-11-03 12:55:34 -04:00
Patrick Schleizer
48adb44c6f
bumped changelog version 2023-11-03 12:17:24 -04:00
Patrick Schleizer
b6d53f698d
Revert "allow loading unsigned modules due to issues"
This reverts commit 661bcd8603.
2023-11-03 12:17:00 -04:00
Patrick Schleizer
04b210ee88
bumped changelog version 2023-11-03 12:10:48 -04:00
Patrick Schleizer
5e73f78ed9
Merge remote-tracking branch 'github-kicksecure/master' 2023-11-03 12:10:33 -04:00
Patrick Schleizer
8e66a41778
Merge pull request #147 from monsieuremre/PAM-tmp-files-hardening
Depend on libpam-tmpdir for very solid extra security
2023-11-03 12:10:00 -04:00
Patrick Schleizer
7dc99d54c0
fix 2023-11-03 12:09:39 -04:00
Patrick Schleizer
2a602e78d6
Merge branch 'master' into PAM-tmp-files-hardening 2023-11-03 12:08:50 -04:00
Patrick Schleizer
ceffd2b3ee
bumped changelog version 2023-11-03 12:06:43 -04:00
Patrick Schleizer
cdd66ee376
wrap-and-sort 2023-11-03 10:48:46 -04:00
Patrick Schleizer
c33a3d9aad
readme 2023-11-03 10:44:48 -04:00
Patrick Schleizer
d71ac03d96
comment 2023-11-03 10:36:15 -04:00
Patrick Schleizer
8326aecdb4
bumped changelog version 2023-11-03 10:33:02 -04:00
Patrick Schleizer
b85d48eb83
do not change default umask for root
since this causes permission issues in `/etc/`

https://github.com/Kicksecure/security-misc/pull/151
2023-11-03 10:31:59 -04:00
Patrick Schleizer
07540db90d
Revert "Revert "set default umask to 027""
This reverts commit f8913ceb2e.
2023-11-03 09:45:12 -04:00
Patrick Schleizer
f8913ceb2e
Revert "set default umask to 027"
This reverts commit cd216095eb.
2023-11-03 09:43:44 -04:00
Patrick Schleizer
43bd789c30
bumped changelog version 2023-11-03 09:28:08 -04:00
Patrick Schleizer
cd216095eb
set default umask to 027
using package libpam-umask

https://www.debian.org/doc/manuals/securing-debian-manual/ch04s11.en.html#id-1.5.14.19

https://github.com/Kicksecure/security-misc/pull/151
2023-11-03 09:12:24 -04:00
monsieuremre
ac224b270a
disable sysrq 2023-11-02 13:01:55 +00:00
monsieuremre
3ee4be652b
depend on libpam-tmpdir 2023-11-02 09:36:58 +00:00
monsieuremre
1abac794b5
very secure and private defaults 2023-11-02 09:15:20 +00:00
monsieuremre
5a583ca48c
typo in file name 2023-11-02 08:30:26 +00:00
monsieuremre
229032d691
Rename etc/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf to usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf 2023-11-01 17:54:05 +00:00