Patrick Schleizer
|
52df8dc014
|
optional pam_umask.so usergroups umask=006
|
2019-08-14 07:37:21 +00:00 |
|
Patrick Schleizer
|
2f37a66fd0
|
description
|
2019-08-11 10:31:29 +00:00 |
|
Patrick Schleizer
|
e83ec79a25
|
enable usr/share/pam-configs/mkhomedir-security-misc by default
|
2019-08-11 10:30:51 +00:00 |
|
Patrick Schleizer
|
1eb806a03e
|
pam_mkhomedir.so umask=006
|
2019-08-11 10:29:49 +00:00 |
|
Patrick Schleizer
|
c50eb3c9b0
|
add usr/share/pam-configs/mkhomedir-security-misc based on
/usr/share/pam-configs/mkhomedir
|
2019-08-11 10:28:55 +00:00 |
|
Patrick Schleizer
|
a2fa18c381
|
pam_tally2.so deny=100
during testing, due to issues
d17e25272b
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/12
|
2019-08-10 07:07:28 -04:00 |
|
Patrick Schleizer
|
d17e25272b
|
effectively (not directly) add "required pam_tally2.so debug" to /etc/pam.d/common-account
This is required because otherwise something like "sudo bash" would count as a
failed login for pam_tally2 even though it was successful.
https://bugzilla.redhat.com/show_bug.cgi?id=707660
https://forums.whonix.org/t/restrict-root-access/7658
|
2019-08-10 06:06:39 -04:00 |
|
Patrick Schleizer
|
0f896a9d8d
|
add onerr=fail audit to pam_tally2
|
2019-08-10 06:05:37 -04:00 |
|
Patrick Schleizer
|
e076470f68
|
renamed: usr/share/pam-configs/usergroups -> usr/share/pam-configs/usergroups-security-misc
|
2019-08-01 11:04:58 +00:00 |
|
Patrick Schleizer
|
830111e99a
|
split usr/share/pam-configs/security-misc
into
usr/share/pam-configs/tally2-security-misc
usr/share/pam-configs/wheel-security-misc
|
2019-08-01 11:04:22 +00:00 |
|
Patrick Schleizer
|
89d32402b2
|
fix, do not use "," inside /usr/share/pam-configs files
|
2019-07-31 14:52:29 -04:00 |
|
Patrick Schleizer
|
cf90668756
|
lock user accounts after 5 failed authentication attempts using pam_tally2
|
2019-07-31 03:25:02 -04:00 |
|
Patrick Schleizer
|
3e29761560
|
debug at the end
|
2019-07-31 03:17:06 -04:00 |
|
Patrick Schleizer
|
5cdb3edb32
|
usr/share/pam-configs/wheel -> usr/share/pam-configs/security-misc
|
2019-07-31 03:16:41 -04:00 |
|
Patrick Schleizer
|
3f9437f1ec
|
Revert "set back to default group "root" rather than group "sudo" membership required to use su"
This reverts commit 2f276cdb10 .
|
2019-07-17 14:25:19 -04:00 |
|
Patrick Schleizer
|
2f276cdb10
|
set back to default group "root" rather than group "sudo" membership required to use su
since root login will be locked by default anyhow
Thanks to @madaidan for providing the rationale!
https://forums.whonix.org/t/restrict-root-access/7658/42
|
2019-07-15 08:44:28 -04:00 |
|
Patrick Schleizer
|
6d1e8ac9a4
|
description
|
2019-07-14 11:16:49 +00:00 |
|
Patrick Schleizer
|
ffb61f43ea
|
fix, add 'group=sudo' and 'debug' for debugging
https://forums.whonix.org/t/restrict-root-access/7658
|
2019-07-14 11:11:59 +00:00 |
|
Patrick Schleizer
|
e9eb38b5db
|
formatting
|
2019-07-13 15:04:09 +00:00 |
|
Patrick Schleizer
|
cb668459e8
|
port umask from /etc/pam.d to /usr/share/pam-configs implementation
https://forums.whonix.org/t/change-default-umask/7416
|
2019-07-13 10:35:10 -04:00 |
|
Patrick Schleizer
|
69b97981f3
|
convert etc/pam.d/su.security-misc to usr/share/pam-configs/wheel
https://forums.whonix.org/t/restrict-root-access/7658/32
|
2019-07-13 12:33:51 +00:00 |
|
Patrick Schleizer
|
f9acd890a7
|
lintian
|
2019-06-09 10:24:24 +00:00 |
|
Patrick Schleizer
|
c040117fe4
|
lintian
|
2019-05-12 10:50:34 +00:00 |
|
Patrick Schleizer
|
811dcee2cb
|
fix lintian warning
|
2019-04-05 09:26:18 -04:00 |
|
Patrick Schleizer
|
5b3fc2f6b9
|
update copyright
|
2018-01-29 15:22:05 +00:00 |
|
Patrick Schleizer
|
ff28f5932c
|
update copyright
|
2018-01-29 15:09:42 +00:00 |
|
Patrick Schleizer
|
49cde21078
|
Whonix 14 KDE plasma 5 fixes
https://phabricator.whonix.org/T633
|
2017-02-21 19:54:41 +00:00 |
|
Patrick Schleizer
|
5ba2a5b6ff
|
disable previews in nautilus by default for better security
copied solution by @unman
https://github.com/QubesOS/qubes-issues/issues/1108
https://github.com/QubesOS/qubes-core-agent-linux/pull/39
https://phabricator.whonix.org/T500
|
2017-02-19 22:25:28 +00:00 |
|
Patrick Schleizer
|
d3ccf0eeaf
|
initial commit
|
2015-12-15 02:00:24 +00:00 |
|