security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-26 15:26:30 -05:00

Author	SHA1	Message	Date
Patrick Schleizer	0391411885	revert Force immediate kernel panic on OOM. https://github.com/Kicksecure/security-misc/issues/324#issuecomment-3507949741	2025-11-09 05:47:00 -05:00
Patrick Schleizer	1ef974300a	readme	2025-11-08 04:00:47 -05:00
Aaron Rainbolt	7beb19b64a	Update README.md with info about flatpak auth hardening	2025-11-01 22:06:44 -05:00
Aaron Rainbolt	3d5e659b78	Remove trailing spaces	2025-10-15 19:02:48 -05:00
Aaron Rainbolt	29639fe69e	Merge remote-tracking branch 'raja/bad_ipv6_ra' into arraybolt3/trixie	2025-10-15 19:01:08 -05:00
Aaron Rainbolt	026d55ac41	Typo fixes	2025-10-15 18:30:52 -05:00
Aaron Rainbolt	35fce26476	Merge remote-tracking branch 'raja/stop_ptrace' into arraybolt3/trixie	2025-10-15 18:18:33 -05:00
Patrick Schleizer	4d9c3dc357	minor	2025-10-10 08:08:10 -04:00
Patrick Schleizer	968de33c65	Force immediate kernel panic on OOM. This is to avoid security features such as the screen locker, kloak, emerg-shutdown from being arbitrarily terminated when the system starts running out of memory. https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14 https://github.com/Kicksecure/security-misc/issues/324 `vm.panic_on_oom=2` implements https://github.com/Kicksecure/security-misc/issues/324	2025-10-10 08:03:03 -04:00
Patrick Schleizer	98f27c3b2e	comment	2025-10-10 06:53:04 -04:00
raja-grewal	e89c7ae025	Update docs on `slab_debug` for future improvements	2025-10-08 02:39:20 +00:00
raja-grewal	0c8f2f1b44	Add docs about the risks associated with IPv6 RAs	2025-10-02 07:05:00 +00:00
raja-grewal	194b8fce4e	Disable the usage of `ptrace()` by all processes	2025-09-28 03:20:24 +00:00
raja-grewal	d31f63fb10	README: Notice on public releases	2025-09-23 05:47:45 +00:00
Aaron Rainbolt	2a39d5997c	security-misc split string changes	2025-09-21 16:06:11 -05:00
Patrick Schleizer	f70550d015	Split the `security-misc` into `security-misc-shared`, `security-misc-desktop` and `security-misc-server`: rename files https://github.com/Kicksecure/security-misc/issues/187	2025-09-17 14:49:28 -04:00
raja-grewal	21c605e27e	Enable `vmscape=force`	2025-09-13 03:41:59 +00:00
Aaron Rainbolt	893faa9822	Remove initramfs-tools support	2025-08-23 22:53:13 -05:00
raja-grewal	e48897cc44	Merge branch 'master' into panic_limits	2025-08-21 10:27:44 +10:00
raja-grewal	add054933b	Update docs on instant reboot when kernel panic	2025-08-21 00:24:28 +00:00
Patrick Schleizer	2b876c74a3	readme	2025-08-20 10:09:10 -04:00
Patrick Schleizer	0e4664daa0	cleanup	2025-08-20 10:07:58 -04:00
Aaron Rainbolt	37c0bc0c5d	Merge remote-tracking branch 'raja/block_32bit' into arraybolt3/trixie	2025-08-17 14:02:01 -05:00
Aaron Rainbolt	b5a36e02f1	Merge remote-tracking branch 'raja/panic_limits' into arraybolt3/trixie	2025-08-17 13:52:01 -05:00
Aaron Rainbolt	210aa97650	Merge remote-tracking branch 'raja/trixie_docs' into arraybolt3/trixie	2025-08-17 13:50:25 -05:00
raja-grewal	f175d1961e	Enable `ia32_emulation=0`	2025-08-17 07:08:08 +00:00
raja-grewal	3de9cd5646	Remove whitespace	2025-08-17 07:06:55 +00:00
raja-grewal	e06b78a522	Temporarily revert IA32 doc updates	2025-08-17 07:05:32 +00:00
raja-grewal	247015bcc6	Set `sysctl kernel.panic=-1`	2025-08-17 06:27:44 +00:00
Aaron Rainbolt	7a8dfa528c	Merge remote-tracking branch 'raja/trixie_docs' into arraybolt3/trixie	2025-08-16 21:10:19 -05:00
raja-grewal	1f75426f07	Clarify docs for disabling 32-bit x86 support	2025-08-16 02:20:00 +00:00
Aaron Rainbolt	65afc31ba7	Merge branch 'kcfi' into arraybolt3/trixie	2025-08-15 16:31:50 -05:00
raja-grewal	00c660d40d	Typo	2025-08-15 11:29:27 +10:00
raja-grewal	498551536c	Update docs	2025-08-06 03:12:06 +00:00
raja-grewal	45d20dd972	Upgrade sysctls and docs on kernel panics	2025-08-06 02:35:15 +00:00
raja-grewal	1f7525722e	Enable `cfi=kcfi`	2025-08-06 01:48:47 +00:00
Aaron Rainbolt	1a60da71ed	emerg-shutdown: Add shutdown timeout for preventing stuck shutdowns, briefly document feature set and usage	2025-07-29 21:16:51 -05:00
raja-grewal	6f9763f525	Enable `indirect_target_selection=force`	2025-07-19 05:19:27 +00:00
raja-grewal	72613203b9	Add reference	2025-06-06 13:07:52 +00:00
raja-grewal	a1bde21ccb	Set `erst_disable`	2025-05-17 04:41:06 +00:00
raja-grewal	aa0ffff427	README.md: Revert error	2025-04-10 11:49:45 +10:00
raja-grewal	f0d17c7e41	README: Fix a few links	2025-03-16 03:31:24 +00:00
raja-grewal	df2fc2cf6b	Set `efi_pstore.pstore_disable=1`	2025-03-16 03:30:04 +00:00
raja-grewal	f643ebc2f9	Disable pstore processing by systemd-pstore service	2025-03-16 03:28:39 +00:00
raja-grewal	4b1e530674	README.md: List CPU mitigations	2025-01-21 12:39:06 +00:00
raja-grewal	15d13a8571	Add info on DBX updates via the UEFI Revocation List	2025-01-21 12:36:04 +00:00
Patrick Schleizer	b0baa8baa5	add link	2025-01-12 05:38:35 -05:00
Patrick Schleizer	d6a7cd3e0d	formatting. use chapter to make allow for deep linking	2025-01-12 05:36:16 -05:00
Patrick Schleizer	e9ef3602dd	Merge pull request #292 from raja-grewal/cpu_table Add link to tabular comparison of CPU mitigations	2025-01-10 10:30:34 -05:00
Patrick Schleizer	1b33e83529	Merge pull request #291 from raja-grewal/drop_gratuitous_arp Drop gratuitous ARP packets	2025-01-10 10:29:30 -05:00

1 2 3 4 5 ...

293 commits