Patrick Schleizer
|
ae2c1c5a7a
|
fix xession environment variable
|
2023-10-21 14:18:50 -04:00 |
|
Patrick Schleizer
|
d543825d85
|
comments
|
2023-10-21 12:24:59 -04:00 |
|
Patrick Schleizer
|
645ee814e4
|
fix
|
2023-10-13 15:22:48 -04:00 |
|
Patrick Schleizer
|
2d45241084
|
avoid duplicate environment variables
|
2023-10-12 11:37:01 -04:00 |
|
Patrick Schleizer
|
fa820e8978
|
refactoring environment variables loading mechanism
|
2023-10-12 10:40:27 -04:00 |
|
Patrick Schleizer
|
8a6baea990
|
comment
|
2023-06-22 16:16:15 +00:00 |
|
Raja Grewal
|
cf003dfad8
|
Update comments
|
2023-05-16 02:11:44 +10:00 |
|
Jeremy Rand
|
61f63255ac
|
vm.mmap_rnd_bits: Fix ppc64le
Probably fixes a bunch of other non-x86_64 arches too.
|
2023-04-24 23:07:39 +00:00 |
|
Patrick Schleizer
|
5c6db28881
|
Merge pull request #122 from raja-grewal/tcp
Remove outdated comment about SACK, DSACK, and FACK
|
2023-03-31 04:52:55 -04:00 |
|
Raja Grewal
|
ed5f8be9eb
|
Remove outdated comment about SACK, DSACK, and FACK
|
2023-03-30 19:17:43 +11:00 |
|
Raja Grewal
|
7a4212dd76
|
Update copyright
|
2023-03-30 17:08:47 +11:00 |
|
Patrick Schleizer
|
8c3204a5e4
|
comment
|
2023-01-25 15:20:30 -05:00 |
|
Patrick Schleizer
|
65c29f493b
|
move kexec disabling to dedicated file /etc/sysctl.d/30_security-misc_kexec-disable.conf
so ram-wipe can `config-package-dev` `hide` this config file
|
2023-01-25 15:13:19 -05:00 |
|
Patrick Schleizer
|
ad5d0d4b12
|
disable kexec (revert enabling kexec)
remove kexec-utils for ram-wipe since moved to its own package
|
2023-01-09 06:37:45 -05:00 |
|
Patrick Schleizer
|
87c4e77c01
|
migrate to ram-wipe package
|
2023-01-09 06:23:00 -05:00 |
|
Friedrich Doku
|
78a4fad667
|
Change echo to info. Included more reliable way of getting initrd and kernel. Allow user custom kexec
|
2023-01-07 11:14:31 -05:00 |
|
Raja Grewal
|
f81714be50
|
Merge branch 'Kicksecure:master' into framebuffer
|
2022-12-13 05:14:56 +00:00 |
|
Raja Grewal
|
d67845fea8
|
Typo
|
2022-12-13 16:11:24 +11:00 |
|
Patrick Schleizer
|
6d7a782624
|
fix
|
2022-11-24 07:21:46 -05:00 |
|
Raja Grewal
|
6f695902fb
|
Add comment about legacy Apple fiesystems
|
2022-11-23 23:53:40 +11:00 |
|
Patrick Schleizer
|
e5255a630a
|
pam-info: support non-root environments (such as during graphical display manager login and xscreensaver)
|
2022-11-22 05:57:30 -05:00 |
|
Raja Grewal
|
daa30d4e78
|
Include several framebuffer drivers into blacklist
These were previously commented out to test for compatibility issues.
|
2022-11-09 20:43:59 +11:00 |
|
Raja Grewal
|
92669dba18
|
Comment out machine check exception
|
2022-08-21 23:02:44 +10:00 |
|
Patrick Schleizer
|
0c5b1e9f57
|
undo "force kernel to panic on "oopses"
because implemented differently already
https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713
|
2022-07-23 07:49:56 -04:00 |
|
Raja Grewal
|
ca764d8de0
|
force kernel to panic on "oopses"
|
2022-07-20 04:06:35 +10:00 |
|
Raja Grewal
|
1660aaa6dd
|
update details around disabling SMT
|
2022-07-19 03:38:41 +10:00 |
|
Raja Grewal
|
bfd78a2c06
|
update SRBDS mitigation
|
2022-07-19 03:16:08 +10:00 |
|
Raja Grewal
|
c3ebb9160f
|
CPU mitigation - MMIO Stale Data
|
2022-07-19 02:33:16 +10:00 |
|
Raja Grewal
|
59e90ff122
|
CPU mitigation - L1D FLushing
|
2022-07-19 02:32:41 +10:00 |
|
Raja Grewal
|
8531fbf99d
|
CPU mitigation - SRBDS
|
2022-07-19 02:30:49 +10:00 |
|
Raja Grewal
|
73f1e23332
|
shuffle and rewording
|
2022-07-19 02:29:46 +10:00 |
|
Raja Grewal
|
39314b2912
|
Merge branch 'harden' of https://github.com/raja-grewal/security-misc into harden
|
2022-07-19 00:49:08 +10:00 |
|
Raja Grewal
|
bb831d57bc
|
delete repeated commands
|
2022-07-19 00:38:32 +10:00 |
|
Raja Grewal
|
c77a2a78bc
|
enforce default net.ipv6.icmp_ignore_bogus_error_responses
|
2022-07-19 00:37:31 +10:00 |
|
Raja Grewal
|
c4a1094760
|
Merge branch 'Kicksecure:master' into harden
|
2022-07-18 13:36:23 +00:00 |
|
Raja Grewal
|
a72bbb1883
|
Corrected kerenl module disabling
|
2022-07-13 23:42:13 +10:00 |
|
Raja Grewal
|
4e93b4d37e
|
Revert "enforce defualt net.ipv4.ip_forward"
This reverts commit 57b5b2145c .
|
2022-07-13 21:10:39 +10:00 |
|
Raja Grewal
|
a47922ad28
|
enforce of IOMMU TLB invalidation
|
2022-07-13 04:47:07 +10:00 |
|
Raja Grewal
|
33df16af80
|
disables random.trust_bootloader
|
2022-07-13 04:37:03 +10:00 |
|
Raja Grewal
|
d0779a96fc
|
add reference
|
2022-07-13 04:36:34 +10:00 |
|
Raja Grewal
|
74858d257b
|
enable randomize_kstack_offset
|
2022-07-13 04:34:35 +10:00 |
|
Raja Grewal
|
f572332108
|
disable slub_debug
|
2022-07-13 04:32:03 +10:00 |
|
Raja Grewal
|
57b5b2145c
|
enforce defualt net.ipv4.ip_forward
|
2022-07-13 04:30:43 +10:00 |
|
Raja Grewal
|
79156262c9
|
enforce default net.ipv4.icmp_ignore_bogus_error_responses
|
2022-07-13 04:29:42 +10:00 |
|
Raja Grewal
|
dabcaf22e1
|
enforce default kernel.randomize_va_space
|
2022-07-13 04:28:03 +10:00 |
|
Raja Grewal
|
48089e5ba4
|
More verbose kernel module blocking error logs
|
2022-07-12 17:02:12 +10:00 |
|
Raja Grewal
|
40ec791774
|
Updated comments
|
2022-07-12 16:58:16 +10:00 |
|
Raja Grewal
|
ef1ef9917d
|
Blacklist automatic loading of CD-ROM modules
|
2022-07-10 04:53:25 +10:00 |
|
Raja Grewal
|
61ef9bd59f
|
Incorporated Ubuntu’s kernel module blacklists
|
2022-07-10 04:52:00 +10:00 |
|
Patrick Schleizer
|
26b2c9727f
|
not blacklist CD-ROM / DVD yet
https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
|
2022-07-07 15:39:40 -04:00 |
|