Commit Graph

31 Commits

Author SHA1 Message Date
Patrick Schleizer
272a33fe2c
addgroup -> adduser fix 2022-08-13 11:35:25 -04:00
Patrick Schleizer
2d37e3a1af
copyright 2022-05-20 14:46:38 -04:00
Patrick Schleizer
50bdd097df
move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS 2021-08-03 12:56:31 -04:00
Patrick Schleizer
6607c1e4bd
move /usr/lib/helper-scripts and /usr/lib/curl-scripts to /usr/libexec/helper-scripts as per lintian FHS 2021-08-03 12:48:57 -04:00
Patrick Schleizer
a67007f4b7
copyright 2021-03-17 09:45:21 -04:00
Patrick Schleizer
2ceea8d1fe
update copyright year 2020-04-01 08:49:59 -04:00
Patrick Schleizer
ad022fc0b7
fix 2020-04-01 08:21:06 -04:00
Patrick Schleizer
c22adbd92f
notify if security-misc installation is forced 2020-03-30 18:39:23 -04:00
Patrick Schleizer
f663b5eff8
skip check if any non-root user is a member of group sudo and console if
environment variable `SECURITY_MISC_INSTALL` is set to `force`
2020-03-30 17:15:02 -04:00
Patrick Schleizer
bc22fc9fdb
skip check if any non-root user is a member of group sudo and console if file
/var/lib/security-misc/skip_install_check exists
2020-03-30 17:12:43 -04:00
Patrick Schleizer
fbe9b60d95
fix Whonix / Kicksecure
/var/lib/dpkg/tmp.ci/preinst: ERROR: No user is a member of group 'console'. Installation aborted.
/var/lib/dpkg/tmp.ci/preinst: ERROR: You probably want to run:

sudo adduser user console
2020-01-20 08:49:02 -05:00
Patrick Schleizer
660837dc38
fix case when user "user" does not exists 2020-01-14 09:25:32 -05:00
Patrick Schleizer
18c726c3ee
comment 2020-01-14 09:23:02 -05:00
Patrick Schleizer
b8652681e7
fix legacy 2020-01-14 09:21:47 -05:00
Patrick Schleizer
2a3aae62b1
fix 2019-12-31 06:06:52 -05:00
Patrick Schleizer
e89552c984
add user "user" to group "console" in Whonix and Kicksecure
enable Console Lockdown in Whonix and Kicksecure
2019-12-31 05:55:44 -05:00
Patrick Schleizer
62eb462920
skip console_users_check for Qubes users 2019-12-16 06:46:48 -05:00
Patrick Schleizer
729fa26eca
use pam_acccess only for /etc/pam.d/login
remove "Allow members of group 'ssh' to login."
remove "+:ssh:ALL EXCEPT LOCAL"
2019-12-12 09:00:08 -05:00
Patrick Schleizer
88bea2a6ef
comment 2019-12-10 03:53:10 -05:00
Patrick Schleizer
7d8001ddc9
refactoring 2019-12-10 03:51:39 -05:00
Patrick Schleizer
d2f6ac0491
fix, do user/group modifications in preinst rather than postinst 2019-12-10 03:50:23 -05:00
Patrick Schleizer
ebae9eef38
skip sudo_users_check in Qubes
Qubes users can use dom0 to get a root terminal emulator.

For example:
qvm-run -u root debian-10 xterm
2019-12-08 04:25:19 -05:00
Patrick Schleizer
a345a0fb64
abort installation if ssh.service is enabled but no user is member of group ssh 2019-12-08 03:27:12 -05:00
Patrick Schleizer
cea598dc1a
refactoring 2019-12-08 02:43:05 -05:00
Patrick Schleizer
54f5e02c21
comment 2019-12-08 02:42:30 -05:00
Patrick Schleizer
b4265195f4
refactoring 2019-12-08 02:41:36 -05:00
Patrick Schleizer
0f65b2e85c
abort installation if no user is a member of group "console"; output
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/7
2019-12-08 02:38:19 -05:00
Patrick Schleizer
e76e1475b0
comment 2019-11-22 12:24:35 -05:00
Patrick Schleizer
203d5cfa68
copyright 2019-10-31 11:19:44 -04:00
Patrick Schleizer
957deac5cb
fix lintian warning
W: security-misc: maintainer-script-should-not-parse-etc-passwd-or-group preinst:19
2019-10-18 10:38:25 +00:00
Patrick Schleizer
c9d75ef9ea
abort installation if no user is part of group sudo
https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4

Thanks to minimal for the bug report!
2019-10-17 06:46:47 -04:00