security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-26 06:26:52 -05:00

Author	SHA1	Message	Date
Aaron Rainbolt	936c799cb5	Don't break passwordless sudo in unrestricted admin mode	2025-11-18 23:53:03 -06:00
Patrick Schleizer	efa06a1eae	port to package-installed-check	2025-11-14 00:44:50 -05:00
Aaron Rainbolt	3070aa5d1f	Fix passwordless login for sensitive accounts, only deny passwordless privilege escalation	2025-11-10 22:40:15 -06:00
Patrick Schleizer	fc1b865dd7	debugging	2025-11-10 02:21:27 -05:00
Patrick Schleizer	45126cede6	end-of-options	2025-11-10 02:19:29 -05:00
Patrick Schleizer	61637a5ff0	refactoring	2025-11-10 02:15:30 -05:00
Patrick Schleizer	ddb59a3b01	comment	2025-11-10 02:13:48 -05:00
Patrick Schleizer	ae1e2e3b52	output	2025-11-10 02:10:25 -05:00
Patrick Schleizer	f2b7658542	use long option names	2025-11-10 02:09:54 -05:00
Patrick Schleizer	71ca68bd4a	end-of-options	2025-11-10 02:09:00 -05:00
Patrick Schleizer	e9e6c12b03	output	2025-11-10 02:08:04 -05:00
Patrick Schleizer	f5db916bf7	fix	2025-11-10 02:06:55 -05:00
Patrick Schleizer	bb0a23fcc8	chmod +x	2025-11-10 02:05:47 -05:00
Aaron Rainbolt	5fbd42bbec	Add kill-vboxdrmclient-on-shutdown.service	2025-11-09 18:38:54 -06:00
Aaron Rainbolt	9d86379f56	Prevent non-sysmaint logins in sysmaint mode and unsafe passwordless logins in user mode	2025-11-09 17:50:28 -06:00
Patrick Schleizer	0391411885	revert Force immediate kernel panic on OOM. https://github.com/Kicksecure/security-misc/issues/324#issuecomment-3507949741	2025-11-09 05:47:00 -05:00
Patrick Schleizer	d50e6afc8f	sanity test	2025-11-08 01:34:32 -05:00
Patrick Schleizer	1267960842	comments	2025-11-08 01:32:45 -05:00
Patrick Schleizer	1e48886c7e	long option name	2025-11-08 01:31:02 -05:00
Aaron Rainbolt	fa32ba6c4f	Suppress usbguard startup unless a USB controller is visible to lspci	2025-11-07 17:09:34 -06:00
Patrick Schleizer	94918eeefb	lintian	2025-11-01 05:24:31 -04:00
Patrick Schleizer	e24eee361d	remove unicode	2025-11-01 04:10:17 -04:00
Aaron Rainbolt	8b766fc3ad	Lock down flatpak software management	2025-10-31 15:23:12 -05:00
Patrick Schleizer	aae472d9cf	Revert "Move apparmor-info, apparmor-watch to security-misc, enable systemd-journald audit transport" This reverts commit `d1e148eba7`.	2025-10-31 10:24:31 -04:00
Aaron Rainbolt	d1e148eba7	Move apparmor-info, apparmor-watch to security-misc, enable systemd-journald audit transport	2025-10-30 23:05:19 -05:00
Patrick Schleizer	cb70f19837	more robust, standardized kernel_cmdline variable detection	2025-10-26 08:06:26 -04:00
Patrick Schleizer	1f093f8175	do not start usbguard-notifier if /sys/bus/usb does not exist	2025-10-22 00:37:36 -04:00
Aaron Rainbolt	29639fe69e	Merge remote-tracking branch 'raja/bad_ipv6_ra' into arraybolt3/trixie	2025-10-15 19:01:08 -05:00
Aaron Rainbolt	026d55ac41	Typo fixes	2025-10-15 18:30:52 -05:00
Aaron Rainbolt	35fce26476	Merge remote-tracking branch 'raja/stop_ptrace' into arraybolt3/trixie	2025-10-15 18:18:33 -05:00
raja-grewal	2304174171	Insert empty new line	2025-10-12 02:32:45 +00:00
raja-grewal	7161430a60	Seperate `ptrace()` disabling into own file	2025-10-12 02:27:48 +00:00
Patrick Schleizer	968de33c65	Force immediate kernel panic on OOM. This is to avoid security features such as the screen locker, kloak, emerg-shutdown from being arbitrarily terminated when the system starts running out of memory. https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14 https://github.com/Kicksecure/security-misc/issues/324 `vm.panic_on_oom=2` implements https://github.com/Kicksecure/security-misc/issues/324	2025-10-10 08:03:03 -04:00
Aaron Rainbolt	718772ea78	Remove unsafe sanitizer compiler flags from emerg-shutdown	2025-10-06 15:03:31 -05:00
raja-grewal	0c8f2f1b44	Add docs about the risks associated with IPv6 RAs	2025-10-02 07:05:00 +00:00
Aaron Rainbolt	60f8153f64	Fix emerg-shutdown gcc build, remove AddressSanitizer from hardening options since it is incompatible with static builds	2025-09-28 15:05:21 -05:00
raja-grewal	194b8fce4e	Disable the usage of `ptrace()` by all processes	2025-09-28 03:20:24 +00:00
Aaron Rainbolt	58cc6731f2	Additional hardening on emerg-shutdown	2025-09-26 00:13:59 -05:00
Aaron Rainbolt	2a39d5997c	security-misc split string changes	2025-09-21 16:06:11 -05:00
Patrick Schleizer	ca90feb8d5	security-misc-server placeholder https://github.com/Kicksecure/security-misc/issues/187	2025-09-19 11:54:04 -04:00
Patrick Schleizer	1b194f9fd6	adjust lintian overrides file https://github.com/Kicksecure/security-misc/issues/187	2025-09-19 10:59:23 -04:00
Patrick Schleizer	f70550d015	Split the `security-misc` into `security-misc-shared`, `security-misc-desktop` and `security-misc-server`: rename files https://github.com/Kicksecure/security-misc/issues/187	2025-09-17 14:49:28 -04:00
Aaron Rainbolt	cd44a7e136	Disable memlockd service by default, fix systemd path	2025-08-22 16:00:25 -05:00
Aaron Rainbolt	28f44d2e1d	Disable emerg-shutdown and ensure-shutdown on Qubes OS	2025-08-22 15:50:28 -05:00
Aaron Rainbolt	53e930b4cc	Merge branch 'master' into arraybolt3/trixie	2025-08-21 20:09:48 -05:00
Aaron Rainbolt	df8a323d03	Fix XDG handling, replace Xfce with LXQt where appropriate, make USBGuard configuration work	2025-08-21 18:39:28 -05:00
Patrick Schleizer	5898a6457a	typo	2025-08-21 06:45:04 -04:00
raja-grewal	e48897cc44	Merge branch 'master' into panic_limits	2025-08-21 10:27:44 +10:00
raja-grewal	add054933b	Update docs on instant reboot when kernel panic	2025-08-21 00:24:28 +00:00
Patrick Schleizer	31fd316e72	comments	2025-08-20 09:48:20 -04:00

1 2 3 4 5 ...

1098 commits