Patrick Schleizer
6af2d7facb
copyright
2019-07-13 18:12:25 +00:00
Patrick Schleizer
75f0ca565d
set -e
2019-07-13 18:12:04 +00:00
Patrick Schleizer
c389e13e1a
use pre.bsh
2019-07-13 17:59:49 +00:00
Patrick Schleizer
7afddb028f
bumped changelog version
2019-07-13 16:30:39 +00:00
Patrick Schleizer
c13485f532
readme
2019-07-13 16:29:10 +00:00
Patrick Schleizer
ea90f95f1c
cleanup
2019-07-13 16:26:40 +00:00
Patrick Schleizer
ea8b22ee78
shuffle
2019-07-13 16:26:14 +00:00
Patrick Schleizer
ca7e0e0161
description
2019-07-13 16:25:08 +00:00
Patrick Schleizer
ffb5a9c482
formatting
2019-07-13 16:23:39 +00:00
Patrick Schleizer
41675ddcff
removed: The amount of hashing rounds used by shadow is bumped to 65536.
...
This increases the security of hashed passwords.
Since we do not do that currently.
https://forums.whonix.org/t/restrict-root-access/7658/37
2019-07-13 16:21:34 +00:00
Patrick Schleizer
3f031a297d
Removes read, write and execute access for others for all users who have home
...
folders under folder /home by running for example "chmod o-rwx /home/user"
during package installation or upgrade. This will be done only once per folder
in folder /home so users who wish to relax file permissions are free to do so.
This is to protect previously created files in user home folder which were
previously created with lax file permissions prior installation of this
package.
2019-07-13 16:20:14 +00:00
Patrick Schleizer
4740e8b335
cleanup
2019-07-13 16:13:55 +00:00
Patrick Schleizer
834fcc4671
bumped changelog version
2019-07-13 15:17:16 +00:00
Patrick Schleizer
e9eb38b5db
formatting
2019-07-13 15:04:09 +00:00
Patrick Schleizer
e2b6268702
bumped changelog version
2019-07-13 14:58:47 +00:00
Patrick Schleizer
1d8a0dbec7
remove no longer shipped files in etc/pam.d/*
2019-07-13 14:57:51 +00:00
Patrick Schleizer
8e5d45352e
bumped changelog version
2019-07-13 14:55:31 +00:00
Patrick Schleizer
cb668459e8
port umask from /etc/pam.d to /usr/share/pam-configs implementation
...
https://forums.whonix.org/t/change-default-umask/7416
2019-07-13 10:35:10 -04:00
Patrick Schleizer
ac25733de8
remove etc/pam.d/common-password.security-misc rounds=65536
...
due to unclean implementation, see:
https://forums.whonix.org/t/restrict-root-access/7658/37
2019-07-13 14:01:53 +00:00
Patrick Schleizer
69b97981f3
convert etc/pam.d/su.security-misc to usr/share/pam-configs/wheel
...
https://forums.whonix.org/t/restrict-root-access/7658/32
2019-07-13 12:33:51 +00:00
Patrick Schleizer
4079632d1a
remove modifying to /etc/pam.d directly (unrelased)
...
config-package-dev displace /etc/securetty
remove trailing spaces
https://forums.whonix.org/t/restrict-root-access/7658/31
2019-07-13 11:41:37 +00:00
Patrick Schleizer
cdb7c6f7eb
bumped changelog version
2019-07-11 18:28:04 +00:00
Patrick Schleizer
aee6b34635
fix lintian warning
2019-07-11 18:26:17 +00:00
Patrick Schleizer
a40a04aaec
Merge remote-tracking branch 'origin/master'
2019-07-11 14:08:30 -04:00
Patrick Schleizer
93190ebf10
Merge pull request #25 from madaidan/patch-20
...
Improve documentation of blacklisting uncommon network protocols
2019-07-11 18:08:01 +00:00
madaidan
1aee08fa5e
Update control
2019-07-11 15:30:09 +00:00
madaidan
b63d4ccb41
Update uncommon-network-protocols.conf
2019-07-11 15:28:56 +00:00
madaidan
853c2eb377
Update control
2019-07-11 15:26:14 +00:00
Patrick Schleizer
f5356cee2c
bumped changelog version
2019-07-11 07:16:38 +00:00
Patrick Schleizer
bea98474ba
chmod +x usr/lib/security-misc/panic-on-oops
2019-07-11 07:07:21 +00:00
Patrick Schleizer
0057c0dd8c
fix lintian warning
2019-07-11 07:07:01 +00:00
Patrick Schleizer
2a893c0562
Merge remote-tracking branch 'origin/master'
2019-07-11 06:50:35 +00:00
Patrick Schleizer
a54500c6f1
Merge pull request #23 from madaidan/patch-18
...
Blacklist more uncommon network protocols
2019-07-11 06:41:37 +00:00
Patrick Schleizer
7d3a61564d
Merge pull request #24 from madaidan/patch-19
...
Move disable-coredumps.conf to correct position
2019-07-11 06:41:08 +00:00
madaidan
932524cbd1
Move disable-coredumps.conf to correct position
2019-07-10 15:28:48 +00:00
madaidan
1e4d349516
Update control
2019-07-10 14:28:39 +00:00
madaidan
4058e283a5
Blacklist more uncommon network protocols
2019-07-10 14:27:19 +00:00
madaidan
d70440aaed
Remove duplicate
2019-07-09 21:57:37 +00:00
madaidan
a8b44c75f9
Update control
2019-07-09 21:57:07 +00:00
madaidan
2d27bdd808
Blacklist more uncommon network protocols
2019-07-09 21:55:37 +00:00
Patrick Schleizer
3df6a44e98
also allow members of group sudo to run /usr/lib/security-misc/panic-on-oops
2019-07-09 06:56:23 -04:00
Patrick Schleizer
5fb500ac32
Merge remote-tracking branch 'origin/master'
2019-07-09 06:55:27 -04:00
Patrick Schleizer
e4bb77037e
Merge pull request #21 from madaidan/patch-16
...
Make the kernel panic on oopses
2019-07-09 10:54:48 +00:00
Patrick Schleizer
0f15303eb4
Merge branch 'master' into patch-16
2019-07-09 10:54:24 +00:00
Patrick Schleizer
8793708906
Merge remote-tracking branch 'origin/master'
2019-07-09 03:23:26 -04:00
Patrick Schleizer
a9441e7be4
Merge pull request #22 from madaidan/patch-17
...
Restrict access to the root account
2019-07-09 07:21:47 +00:00
madaidan
24b326d906
Update control
2019-07-08 23:24:41 +00:00
madaidan
24d9eadcb2
Use 65536 hashing rounds
2019-07-08 23:19:59 +00:00
madaidan
86117d9577
Create common-password.security-misc
2019-07-08 23:19:19 +00:00
madaidan
8ad9a54b09
Don't allow root login from a terminal
2019-07-08 23:17:17 +00:00