Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
1,977 Commits 2 Branches 291 Tags 8.2 MiB
6aa55698ab
Commit Graph

1977 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Patrick Schleizer
6aa55698ab
delete legacy folder /etc/permission-hardening.d if empty 
https://github.com/Kicksecure/security-misc/pull/181
 2024-01-16 09:10:59 -05:00
Patrick Schleizer
9cafd78fe2
rm_conffile /etc/permission-hardening.d 
https://github.com/Kicksecure/security-misc/pull/181
 2024-01-16 09:05:09 -05:00
Patrick Schleizer
fa53848b5c
bumped changelog version 2024-01-16 13:58:55 +00:00
Patrick Schleizer
4f7973bc56
comment 2024-01-16 08:56:26 -05:00
Patrick Schleizer
ed7c09fc46
permission-hardening -> permission-hardener migration 
mv --verbose /var/lib/permission-hardening /var/lib/permission-hardener

https://github.com/Kicksecure/security-misc/pull/181
 2024-01-16 08:45:13 -05:00
Patrick Schleizer
a90cd43631
fix postinst for new permission-hardener 
https://github.com/Kicksecure/security-misc/pull/181
 2024-01-16 08:32:52 -05:00
Patrick Schleizer
862bf6b5ab
Merge remote-tracking branch 'ben-grande/clean' 2024-01-16 08:19:28 -05:00
Patrick Schleizer
dc8d9eece3
bumped changelog version 2024-01-09 05:52:49 +00:00
Patrick Schleizer
1199871d7b
undo IPv6 privacy due to potential server issues 
https://github.com/Kicksecure/security-misc/issues/184
 2024-01-07 06:37:34 -05:00
Patrick Schleizer
128bb01b35
undo IPv6 privacy due to potential server issues 
https://github.com/Kicksecure/security-misc/issues/184
 2024-01-07 06:36:25 -05:00
Patrick Schleizer
df0f9d3267
README 2024-01-06 09:19:57 -05:00
Patrick Schleizer
86f91e3030
revert umask 027 by default 
because broken because this also happens for root while it should not

https://github.com/Kicksecure/security-misc/issues/185
 2024-01-06 09:11:54 -05:00
Patrick Schleizer
3f1304403f
disable MAC randomization in Network Manager (NM) because it breaks VirtualBox DHCP 
https://github.com/Kicksecure/security-misc/issues/184
 2024-01-06 08:15:31 -05:00
Patrick Schleizer
e8f8dcd0fb
bumped changelog version 2024-01-04 02:03:26 +00:00
Patrick Schleizer
70a86fa994
Merge remote-tracking branch 'github-kicksecure/master' 2024-01-03 05:12:48 -05:00
Patrick Schleizer
71060f1f53
Merge pull request #182 from raja-grewal/io_uring 
Clarify validity of disabling io_uring
 2024-01-03 05:00:41 -05:00
Raja Grewal
74afcc9c63
Clarify validity of disabling io_uring 2024-01-03 17:52:23 +11:00
Ben Grande
bc02c72018
Fix unbound variable 
- Run messages preceded by INFO;
- Comment unknown unused variables;
- Remove unnecessary variables; and
- Deal with unbound variable due to subshell by writing to a file;
 2024-01-02 17:08:45 +01:00
Patrick Schleizer
db0503e71d
bumped changelog version 2024-01-02 14:55:13 +00:00
Ben Grande
abf72c2ee4
Rename file permission hardening script 
Hardener as the script is the agent that is hardening the file
permissions.
 2024-01-02 13:34:29 +01:00
Ben Grande
f138cf0f78
Refactor permission-hardener 
- Organize comments from default configuration;
- Apply and undo changes from a single file controlled by parameters;
- Arrays should be evaluated as arrays and not normal variables;
- Quote variables;
- Brackets around variables;
- Standardize test cases to "test" command;
- Test against empty or non-empty variables with "-z" and "-n";
- Show a usage message when necessary;
- Require root to run the script with informative message;
- Permit the user to see the help message without running as root;
- Do not create root directories without passing root check;
- Use long options for "set" command;
 2024-01-02 12:17:16 +01:00
Patrick Schleizer
a94f2a3f46
Merge remote-tracking branch 'github-kicksecure/master' 2024-01-02 05:30:49 -05:00
Patrick Schleizer
8daf97ab01
Merge pull request #178 from raja-grewal/io_uring 
Disable asynchronous I/O
 2024-01-02 05:29:35 -05:00
Patrick Schleizer
94c0e26a08
bumped changelog version 2023-12-29 20:15:50 +00:00
Patrick Schleizer
5b36599c0c
/dev/, /dev/shm, /tmp 
https://github.com/Kicksecure/security-misc/issues/157#issuecomment-1869073716
 2023-12-29 14:57:38 -05:00
Patrick Schleizer
e15596e7af
bumped changelog version 2023-12-25 16:28:10 +00:00
Patrick Schleizer
f64a869bfd
readme 2023-12-25 11:03:22 -05:00
Patrick Schleizer
c86c83cef7
formatting 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 10:31:58 -05:00
Patrick Schleizer
971ff687b1
do not mount /dev/cdrom by default 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 10:30:35 -05:00
Patrick Schleizer
9fce67fcd9
remove superfluous, broken remount mount option 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 10:28:47 -05:00
Patrick Schleizer
40fd8cb608
no nofail mount option to avoid breaking the boot of a system 
unit testing belongs elsewhere

https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:51:09 -05:00
Patrick Schleizer
4aa645f29f
comment 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:46:33 -05:00
Patrick Schleizer
2b7aeedb4a
mount /dev/cdrom to /mnt/cdrom (instead of /mnt/cdrom0) and 
nodev,nosuid,noexec

as per:
https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html

https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:44:51 -05:00
Patrick Schleizer
0d9e9780da
formatting 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:37:14 -05:00
Patrick Schleizer
00f9ab4394
/dev devtmpfs 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:36:05 -05:00
Patrick Schleizer
55709b3aa0
/tmp tmpfs 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:30:57 -05:00
Patrick Schleizer
b0dd967611
usrmerge 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:28:08 -05:00
Patrick Schleizer
269fada14a
combine bind lines 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:25:14 -05:00
Patrick Schleizer
0810c1ce3c
fix bluetooth in readme 
fixes https://github.com/Kicksecure/security-misc/issues/180
 2023-12-25 09:10:31 -05:00
Patrick Schleizer
37b4ab15a8
readme 2023-12-25 09:04:10 -05:00
Patrick Schleizer
79f398d219
formatting 2023-12-25 08:45:20 -05:00
Patrick Schleizer
c90ada3c39
pandoc -f markdown -t markdown --wrap=auto --columns=80 README.md -o README.md 2023-12-25 08:37:23 -05:00
Patrick Schleizer
34bf297bd1
formatting 2023-12-25 08:32:34 -05:00
Patrick Schleizer
d5fc9f6201
improve bluetooth in readme 
as suggested by @monsieuremre

https://github.com/Kicksecure/security-misc/issues/180
 2023-12-25 08:26:03 -05:00
Patrick Schleizer
7fa597deca
bumped changelog version 2023-12-22 16:31:58 +00:00
Patrick Schleizer
f70a034da2
exclude hardened malloc from SUID disabler 
fixes https://github.com/Kicksecure/security-misc/issues/179
 2023-12-22 08:31:58 -05:00
Raja Grewal
f055fe5da2
Disable asynchronous I/O 
io_uring creation is disabled for all processes. io_uring_setup always fails with -EPERM. Existing io_uring instances can still be used.
 2023-12-15 08:33:36 +00:00
Patrick Schleizer
99f2edd4f6
bumped changelog version 2023-12-12 16:51:21 +00:00
Patrick Schleizer
039de1dc9b
add hardened fstab /usr/share/doc/security-misc/fstab-vm 
to the documentation folder as an example

not directly used by security-misc

will later be used by Kicksecure VM build process

https://github.com/Kicksecure/security-misc/issues/157
 2023-12-12 11:50:11 -05:00
Patrick Schleizer
dcaafa6c8b
bumped changelog version 2023-12-04 17:06:45 +00:00