security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-27 12:39:25 -05:00

Author	SHA1	Message	Date
Patrick Schleizer	6cd9eb44fb	refactoring	2019-12-20 03:24:07 -05:00
Patrick Schleizer	706dba104d	code simplification	2019-12-20 03:19:12 -05:00
Patrick Schleizer	01dd567f8b	fix, if fso has exactly the mode we want (not 3 instead of 4 string length), not need to reset it	2019-12-20 03:16:43 -05:00
Patrick Schleizer	4f65b0fc1e	refactoring	2019-12-20 03:13:27 -05:00
Patrick Schleizer	bfee6b60cb	comment	2019-12-20 03:11:11 -05:00
Patrick Schleizer	d64cdc1247	refactoring	2019-12-20 03:04:41 -05:00
Patrick Schleizer	7c5c65a6c1	comment	2019-12-20 03:04:13 -05:00
Patrick Schleizer	b31d8cd3fc	fix	2019-12-20 03:03:40 -05:00
Patrick Schleizer	c626290673	refactoring	2019-12-20 03:02:26 -05:00
Patrick Schleizer	d5ff1d6f28	refactoring	2019-12-20 03:00:39 -05:00
Patrick Schleizer	640ca1d24d	skip symlinks https://forums.whonix.org/t/kernel-hardening/7296/323?	2019-12-20 02:57:57 -05:00
Patrick Schleizer	cc8f795799	comment	2019-12-20 02:47:04 -05:00
Patrick Schleizer	4e5b222a08	comment	2019-12-20 02:43:33 -05:00
Patrick Schleizer	fa895ee11e	refactoring	2019-12-20 02:40:42 -05:00
Patrick Schleizer	2c163bf439	check string length of permission variable https://forums.whonix.org/t/kernel-hardening/7296/322	2019-12-20 02:39:53 -05:00
Patrick Schleizer	a89befd902	code simplification	2019-12-20 02:20:54 -05:00
Patrick Schleizer	72812da63f	comment	2019-12-20 02:16:32 -05:00
Patrick Schleizer	39a41cc27b	refactoring	2019-12-20 02:14:45 -05:00
Patrick Schleizer	2ed6452590	downgrade to info	2019-12-20 02:12:43 -05:00
Patrick Schleizer	a5e55dfcfc	quotes	2019-12-20 02:11:39 -05:00
Patrick Schleizer	3187cee4fb	output	2019-12-20 02:10:13 -05:00
Patrick Schleizer	5160b4c781	disable xtrace	2019-12-20 02:08:05 -05:00
Patrick Schleizer	27bfe95d25	add echo wrapper	2019-12-20 02:07:49 -05:00
Patrick Schleizer	a6988f3fb8	output	2019-12-20 02:06:31 -05:00
Patrick Schleizer	1819577b88	fix	2019-12-20 02:04:34 -05:00
Patrick Schleizer	278c60c5a0	exit non-zero if some line cannot be parsed therefore make systemd notice this therefore allow the sysadmin to notice this	2019-12-20 02:01:36 -05:00
Patrick Schleizer	66bcba8313	improve character whitelisting	2019-12-20 01:58:35 -05:00
Patrick Schleizer	8f14e808a9	send error messages to stderr	2019-12-20 01:32:49 -05:00
Patrick Schleizer	d8c9fac2e5	output	2019-12-20 01:32:08 -05:00
Patrick Schleizer	f19abaf627	refactoring	2019-12-20 01:31:37 -05:00
madaidan	3c2ca0257f	Support for removing SUID bits	2019-12-19 17:01:08 +00:00
Patrick Schleizer	4ca9fc5920	fix	2019-12-16 03:53:10 -05:00
Patrick Schleizer	f68efd53cf	remount /sys/kernel/security with nodev,nosuid[,noexec] as suggested by @madaidan http://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/238	2019-12-16 03:52:09 -05:00
Patrick Schleizer	300f010fc2	increase priority of pam-abort-on-locked-password-security-misc since it has its own user help output so it shows before pam tally2 info to avoid duplicate non-applicable help text	2019-12-12 09:29:00 -05:00
Patrick Schleizer	729fa26eca	use pam_acccess only for /etc/pam.d/login remove "Allow members of group 'ssh' to login." remove "+:ssh:ALL EXCEPT LOCAL"	2019-12-12 09:00:08 -05:00
Patrick Schleizer	b72eb30056	quotes	2019-12-09 02:32:05 -05:00
Patrick Schleizer	c258376b7e	use read (built-in) rather than awk (external)	2019-12-09 02:31:10 -05:00
Patrick Schleizer	02165201ab	read -r; refactoring as per https://mywiki.wooledge.org/BashFAQ/001	2019-12-09 02:23:43 -05:00
Patrick Schleizer	7467252122	quotes	2019-12-09 02:22:16 -05:00
madaidan	61e19fa5f1	Create permission-hardening	2019-12-08 16:49:28 +00:00
Patrick Schleizer	c192644ee3	security-misc `/usr/share/pam-configs/permission-lockdown-security-misc` is no longer required, removed. Thereby fix apparmor issue. > Dec 08 09:47:50 host audit[3232]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=3232 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 > Dec 08 09:47:50 host sudo[3232]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied It is no longer required, because... existing linux user accounts: * Get permission lock down because security-misc `debian/security-misc.postinst` calls `/usr/lib/security-misc/permission-lockdown`. new linux user accounts (created at first boot): * security-misc `/usr/share/pam-configs/mkhomedir-security-misc` pam mkhomedir sets secure permissions using `umask=027`.	2019-12-08 05:21:35 -05:00
Patrick Schleizer	ac96708b24	improve usr/bin/hardening-enable	2019-12-08 04:01:11 -05:00
Patrick Schleizer	50ac03363f	output	2019-12-08 03:18:32 -05:00
Patrick Schleizer	c7c65fe4e7	higher priority usr/share/pam-configs/tally2-security-misc so it can give info before pam stack gets aborted by other pam modules	2019-12-08 03:15:53 -05:00
Patrick Schleizer	3bd0b3f837	notify when attempting to use ssh but user is member of group ssh	2019-12-08 03:10:41 -05:00
Patrick Schleizer	1dbca1ea2d	add usr/bin/hardening-enable	2019-12-08 02:27:09 -05:00
Patrick Schleizer	19cc6d7555	pam description	2019-12-08 02:10:43 -05:00
Patrick Schleizer	b871421a54	usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc	2019-12-08 01:57:43 -05:00
madaidan	6846a94327	Check for more locations of System.map	2019-12-07 19:38:12 +00:00
madaidan	668b6420de	Remove hyphen	2019-12-07 14:15:02 +00:00

1 2 3 4

181 Commits