Commit Graph

1633 Commits

Author SHA1 Message Date
Patrick Schleizer
67eaf8c916
comments 2022-06-29 11:40:38 -04:00
Patrick Schleizer
72908d6b0d
comments 2022-06-29 11:34:55 -04:00
Patrick Schleizer
43ea4dbb83
bumped changelog version 2022-06-29 11:18:59 -04:00
Patrick Schleizer
295811a88f
improvements 2022-06-29 11:14:52 -04:00
Patrick Schleizer
e5d85d69ef
bumped changelog version 2022-06-29 10:02:18 -04:00
Patrick Schleizer
af8ff65f84
comment 2022-06-29 10:01:51 -04:00
Patrick Schleizer
cfae7de6a8
lintian 2022-06-29 09:58:37 -04:00
Patrick Schleizer
83519a58c7
bumped changelog version 2022-06-29 09:54:27 -04:00
Patrick Schleizer
024d52a67e
improve usr/lib/dracut/modules.d/40sdmem-security-misc/module-setup.sh 2022-06-29 09:52:53 -04:00
Patrick Schleizer
29253004b6
minor 2022-06-29 09:38:18 -04:00
Patrick Schleizer
6f19af1542
add shebang /bin/sh
to fix lintian warning
security-misc: executable-not-elf-or-script usr/lib/dracut/modules.d/40sdmem-security-misc/wipe.sh
2022-06-29 09:35:08 -04:00
Patrick Schleizer
38cdf2722b
- Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks
- Confirm in console output if encrypted mounts (root disk) is unmounted. (Because that is a pre-condition for wiping the LUKS full disk encryption key from RAM.)

Thanks to @friedy10!

https://github.com/friedy10/dracut/tree/master/modules.d/40sdmem

https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596
2022-06-29 09:32:55 -04:00
Patrick Schleizer
adca1ebdf6
bumped changelog version 2022-06-08 11:05:07 -04:00
Patrick Schleizer
d7dd188651
remove unicode 2022-06-08 09:27:02 -04:00
Patrick Schleizer
55d16e1602
remove unicode 2022-06-08 09:04:03 -04:00
Patrick Schleizer
fcaec49675
Merge remote-tracking branch 'github-kicksecure/master' 2022-06-08 08:20:24 -04:00
Patrick Schleizer
995e4ba7fa
Merge pull request #104 from ntninja/patch-1
Fix issues found with permission-hardening on my system
2022-06-08 08:19:03 -04:00
Patrick Schleizer
5c43197f10
minor 2022-06-08 08:11:28 -04:00
Kuri Schlarb
6e8f584d88
permission-hardening: Keep pam_unix.so password checking helper SetGID shadow 2022-06-08 05:29:42 +00:00
Kuri Schlarb
2bdda9d0a0
permssion-hardening: Do not skip config file lines without trailing newline (ancient bash bug) 2022-06-07 08:18:05 +00:00
Kuri Schlarb
3910e4ee15
permission-hardening: Keep passwd executable but non-SetUID 2022-06-07 08:11:51 +00:00
Kuri Schlarb
9fd8e1c9b0
permission-hardening: Fix issue with pipelining failures causing incorrect user/group lookup results 2022-06-07 08:03:56 +00:00
Patrick Schleizer
616fe857f7
bumped changelog version 2022-05-25 06:07:17 -04:00
Patrick Schleizer
7e2efe0155
readme 2022-05-20 15:27:10 -04:00
Patrick Schleizer
2d37e3a1af
copyright 2022-05-20 14:46:38 -04:00
Patrick Schleizer
78a9956b73
Merge remote-tracking branch 'github-kicksecure/master' 2022-05-19 19:41:33 -04:00
Patrick Schleizer
7651308787
Merge pull request #103 from 0xC0ncord/bugfix/selinuxfs_restrictions
hide-hardware-info: re-enable restrictions on sysfs when using SELinux
2022-05-19 19:39:42 -04:00
Patrick Schleizer
4a3ed17160
readme 2022-05-19 17:25:58 -04:00
Patrick Schleizer
bb0307290b
update link 2022-04-16 14:18:35 -04:00
Patrick Schleizer
2677db34ba
readme 2022-04-10 12:40:16 -04:00
0xC0ncord
93efa506da hide-hardware-info: disable selinux whitelist by default 2022-03-17 11:41:57 -04:00
Patrick Schleizer
0051a6935a
bumped changelog version 2022-02-10 14:06:54 -05:00
Patrick Schleizer
b0a0004a85
output 2022-02-10 13:47:10 -05:00
Patrick Schleizer
4f6f588fb5
fix, skip deletion of system.map files on read-only filesystems
This is required for Qubes /lib/modules read-only implementation at time of writing.

Thanks to @marmarek for the bug report!

https://forums.whonix.org/t/remove-system-map-cannot-work-lib-modules-is-mounted-read-only/13324
2022-02-10 13:44:55 -05:00
Patrick Schleizer
356232677a
readme 2021-11-09 14:32:33 -05:00
0xC0ncord
4172232eb7 hide-hardware-info: make indentation consistent 2021-10-10 16:03:40 -04:00
0xC0ncord
060d7d890a hide-hardware-info: re-enable restrictions on sysfs when using SELinux
When using SELinux, restrict the parts of sysfs explicitly to ensure
restrictions are working as expected.
2021-10-10 16:03:07 -04:00
Patrick Schleizer
96026a5e90
bumped changelog version 2021-09-14 14:18:52 -04:00
Patrick Schleizer
c72567dbd2
fix 2021-09-14 14:18:44 -04:00
Patrick Schleizer
03276fbec5
bumped changelog version 2021-09-12 11:57:20 -04:00
Patrick Schleizer
d62bbaab82
fix, unduplicate kernel command line 2021-09-12 11:40:58 -04:00
Patrick Schleizer
fb0540650c
readme 2021-09-11 16:33:14 -04:00
Patrick Schleizer
64e9f0016a
bumped changelog version 2021-09-09 12:35:37 -04:00
Patrick Schleizer
bd31b4085c
remove Debian buster support in /etc/default/grub.d 2021-09-09 12:16:18 -04:00
Patrick Schleizer
d16d9a5455
bumped changelog version 2021-09-06 09:46:20 -04:00
Patrick Schleizer
ac0c492663
do not set kernel parameter quiet loglevel=0 for recovery boot option
for easier debugging
2021-09-06 08:22:55 -04:00
Patrick Schleizer
49902b8c56
move grub quiet to separate config file /etc/default/grub.d/41_quiet.cfg 2021-09-06 08:19:41 -04:00
Patrick Schleizer
bb3a3178f1
bumped changelog version 2021-09-06 04:55:23 -04:00
Patrick Schleizer
f5b0e4b5b8
debugging 2021-09-06 04:55:16 -04:00
Patrick Schleizer
a67d1754d4
bumped changelog version 2021-09-05 16:04:28 -04:00