security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-30 18:06:26 -05:00

Author	SHA1	Message	Date
Patrick Schleizer	66bcba8313	improve character whitelisting	2019-12-20 01:58:35 -05:00
Patrick Schleizer	8f14e808a9	send error messages to stderr	2019-12-20 01:32:49 -05:00
Patrick Schleizer	d8c9fac2e5	output	2019-12-20 01:32:08 -05:00
Patrick Schleizer	f19abaf627	refactoring	2019-12-20 01:31:37 -05:00
madaidan	3c2ca0257f	Support for removing SUID bits	2019-12-19 17:01:08 +00:00
Patrick Schleizer	4ca9fc5920	fix	2019-12-16 03:53:10 -05:00
Patrick Schleizer	f68efd53cf	remount /sys/kernel/security with nodev,nosuid[,noexec] as suggested by @madaidan http://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/238	2019-12-16 03:52:09 -05:00
Patrick Schleizer	729fa26eca	use pam_acccess only for /etc/pam.d/login remove "Allow members of group 'ssh' to login." remove "+:ssh:ALL EXCEPT LOCAL"	2019-12-12 09:00:08 -05:00
Patrick Schleizer	b72eb30056	quotes	2019-12-09 02:32:05 -05:00
Patrick Schleizer	c258376b7e	use read (built-in) rather than awk (external)	2019-12-09 02:31:10 -05:00
Patrick Schleizer	02165201ab	read -r; refactoring as per https://mywiki.wooledge.org/BashFAQ/001	2019-12-09 02:23:43 -05:00
Patrick Schleizer	7467252122	quotes	2019-12-09 02:22:16 -05:00
madaidan	61e19fa5f1	Create permission-hardening	2019-12-08 16:49:28 +00:00
Patrick Schleizer	50ac03363f	output	2019-12-08 03:18:32 -05:00
Patrick Schleizer	3bd0b3f837	notify when attempting to use ssh but user is member of group ssh	2019-12-08 03:10:41 -05:00
madaidan	6846a94327	Check for more locations of System.map	2019-12-07 19:38:12 +00:00
madaidan	668b6420de	Remove hyphen	2019-12-07 14:15:02 +00:00
Patrick Schleizer	9ba84f34c6	comment	2019-12-07 06:51:59 -05:00
Patrick Schleizer	dc1dfc8c20	output	2019-12-07 06:51:16 -05:00
Patrick Schleizer	532a1525c2	comment	2019-12-07 06:26:55 -05:00
Patrick Schleizer	14aa6c5077	comment	2019-12-07 06:26:23 -05:00
Patrick Schleizer	8b3f5a555b	add console lockdown to pam info output	2019-12-07 06:25:45 -05:00
Patrick Schleizer	5a4eda0d05	also support /usr/local/etc/remount-disable and /usr/local/etc/noexec	2019-12-07 01:53:33 -05:00
Patrick Schleizer	9b14f24d5e	refactoring	2019-12-06 11:17:32 -05:00
Patrick Schleizer	a6133f5912	output	2019-12-06 11:16:43 -05:00
Patrick Schleizer	c1ea35e2ef	output	2019-12-06 11:15:54 -05:00
Patrick Schleizer	4bec41379d	fix remount with noexec if /etc/noexec exists	2019-12-06 11:15:13 -05:00
Patrick Schleizer	470cad6e91	remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in) https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707	2019-12-06 05:14:02 -05:00
Patrick Schleizer	aa5451c8cd	Lock user accounts after 50 rather than 100 failed login attempts. https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19	2019-11-25 01:39:53 -05:00
Patrick Schleizer	fe1f1b73a7	load jitterentropy_rng kernel module for better entropy collection https://www.whonix.org/wiki/Dev/Entropy https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972 https://forums.whonix.org/t/jitterentropy-rngd/7204	2019-11-23 11:20:32 +00:00
Patrick Schleizer	74293bcd2f	output	2019-11-05 01:59:25 -05:00
Patrick Schleizer	2b5b06b602	output	2019-11-05 01:59:19 -05:00
Patrick Schleizer	d6977becba	refactoring	2019-11-05 01:51:14 -05:00
Patrick Schleizer	daf0006795	comment	2019-11-05 01:50:27 -05:00
Patrick Schleizer	203d5cfa68	copyright	2019-10-31 11:19:44 -04:00
Patrick Schleizer	d4e02de43a	set SUDO_ASKPASS for pkexec wrapper when using sudo --askpass	2019-10-22 09:04:44 -04:00
Patrick Schleizer	343d9cc916	fix	2019-10-21 09:53:55 +00:00
Patrick Schleizer	40707e70db	Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040 https://forums.whonix.org/t/cannot-use-pkexec/8129 Thanks to AnonymousUser for the bug report!	2019-10-21 05:46:49 -04:00
Patrick Schleizer	a5045dc26e	set -e	2019-10-17 06:18:32 -04:00
Patrick Schleizer	4aba027566	syntax check	2019-10-17 06:12:36 -04:00
Patrick Schleizer	8b9aa8841a	fix	2019-10-17 06:11:01 -04:00
Patrick Schleizer	cfbd77040a	set "shopt -s nullglob" to avoid failing when folder /etc/hide-hardware-info.d does not exist or is empty	2019-10-17 06:10:29 -04:00
Patrick Schleizer	b05663c5f6	shuffle https://forums.whonix.org/t/restrict-hardware-information-to-root/7329/80	2019-10-17 06:08:55 -04:00
Patrick Schleizer	28a440091d	code simplification	2019-10-17 06:08:16 -04:00
Patrick Schleizer	3c4e261c20	remove trailing spaces	2019-10-17 06:05:23 -04:00
Patrick Schleizer	8a42c5b023	Merge pull request #34 from madaidan/whitelist Add a whitelist for /sys and /proc/cpuinfo	2019-10-17 09:59:12 +00:00
madaidan	61f742304d	return 0	2019-10-16 19:46:59 +00:00
madaidan	ffba0e0179	Elaborate	2019-10-16 19:04:15 +00:00
madaidan	f08c03ab21	Restrict sysfs/cpuinfo if the whitelist is disabled	2019-10-16 15:39:23 +00:00
madaidan	6b78dbcd07	Add way to whitelist things	2019-10-15 20:57:02 +00:00

1 2 3

103 Commits