Commit Graph

1600 Commits

Author SHA1 Message Date
Patrick Schleizer
0c5b1e9f57
undo "force kernel to panic on "oopses"
because implemented differently already

https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713
2022-07-23 07:49:56 -04:00
Patrick Schleizer
c1c04b4619
Merge remote-tracking branch 'github-kicksecure/master' 2022-07-23 07:43:19 -04:00
Patrick Schleizer
bfe6b88839
Merge pull request #111 from raja-grewal/harden
Increased kernel hardening at boot
2022-07-23 07:27:24 -04:00
Raja Grewal
ca764d8de0
force kernel to panic on "oopses" 2022-07-20 04:06:35 +10:00
Raja Grewal
1660aaa6dd
update details around disabling SMT 2022-07-19 03:38:41 +10:00
Raja Grewal
bfd78a2c06
update SRBDS mitigation 2022-07-19 03:16:08 +10:00
Raja Grewal
c3ebb9160f
CPU mitigation - MMIO Stale Data 2022-07-19 02:33:16 +10:00
Raja Grewal
59e90ff122
CPU mitigation - L1D FLushing 2022-07-19 02:32:41 +10:00
Raja Grewal
8531fbf99d
CPU mitigation - SRBDS 2022-07-19 02:30:49 +10:00
Raja Grewal
73f1e23332
shuffle and rewording 2022-07-19 02:29:46 +10:00
Raja Grewal
39314b2912
Merge branch 'harden' of https://github.com/raja-grewal/security-misc into harden 2022-07-19 00:49:08 +10:00
Raja Grewal
bb831d57bc
delete repeated commands 2022-07-19 00:38:32 +10:00
Raja Grewal
c77a2a78bc
enforce default net.ipv6.icmp_ignore_bogus_error_responses 2022-07-19 00:37:31 +10:00
Raja Grewal
c4a1094760
Merge branch 'Kicksecure:master' into harden 2022-07-18 13:36:23 +00:00
Patrick Schleizer
465775c9dc
bumped changelog version 2022-07-16 08:00:16 -04:00
Patrick Schleizer
1fafb5f53b
Merge remote-tracking branch 'github-kicksecure/master' 2022-07-15 08:09:16 -04:00
Patrick Schleizer
27aa5231e2
Merge pull request #112 from raja-grewal/blacklist
Corrected kernel module disabling
2022-07-15 08:06:08 -04:00
Raja Grewal
a72bbb1883
Corrected kerenl module disabling 2022-07-13 23:42:13 +10:00
Patrick Schleizer
24d6a93eac
bumped changelog version 2022-07-13 08:28:34 -04:00
Raja Grewal
2b237039cf
Update README.md 2022-07-13 22:25:53 +10:00
Patrick Schleizer
8f31e5d1d1
Merge remote-tracking branch 'github-kicksecure/master' 2022-07-13 07:26:58 -04:00
Patrick Schleizer
c410890a8a
Merge pull request #110 from raja-grewal/master
Incorporated Ubuntu’s kernel module blacklists and more verbose errors
2022-07-13 07:24:12 -04:00
Raja Grewal
4e93b4d37e
Revert "enforce defualt net.ipv4.ip_forward"
This reverts commit 57b5b2145c.
2022-07-13 21:10:39 +10:00
Raja Grewal
a47922ad28
enforce of IOMMU TLB invalidation 2022-07-13 04:47:07 +10:00
Raja Grewal
33df16af80
disables random.trust_bootloader 2022-07-13 04:37:03 +10:00
Raja Grewal
d0779a96fc
add reference 2022-07-13 04:36:34 +10:00
Raja Grewal
74858d257b
enable randomize_kstack_offset 2022-07-13 04:34:35 +10:00
Raja Grewal
f572332108
disable slub_debug 2022-07-13 04:32:03 +10:00
Raja Grewal
57b5b2145c
enforce defualt net.ipv4.ip_forward 2022-07-13 04:30:43 +10:00
Raja Grewal
79156262c9
enforce default net.ipv4.icmp_ignore_bogus_error_responses 2022-07-13 04:29:42 +10:00
Raja Grewal
dabcaf22e1
enforce default kernel.randomize_va_space 2022-07-13 04:28:03 +10:00
Raja Grewal
fe0cc10890
Updated README.md 2022-07-12 17:18:47 +10:00
Raja Grewal
48089e5ba4
More verbose kernel module blocking error logs 2022-07-12 17:02:12 +10:00
Raja Grewal
40ec791774
Updated comments 2022-07-12 16:58:16 +10:00
Raja Grewal
ef1ef9917d
Blacklist automatic loading of CD-ROM modules 2022-07-10 04:53:25 +10:00
Raja Grewal
61ef9bd59f
Incorporated Ubuntu’s kernel module blacklists 2022-07-10 04:52:00 +10:00
Patrick Schleizer
6aa9a9472f
bumped changelog version 2022-07-09 11:42:24 -04:00
Patrick Schleizer
3b844eaab2
output 2022-07-09 11:42:11 -04:00
Patrick Schleizer
73d2c9d921
output 2022-07-09 11:40:15 -04:00
Patrick Schleizer
adfdac6dea
output 2022-07-09 11:40:01 -04:00
Patrick Schleizer
1df2cfd1ad
comment 2022-07-09 11:38:37 -04:00
Patrick Schleizer
fede41e6e0
fix 2022-07-09 11:38:04 -04:00
Patrick Schleizer
52c46e4706
Merge remote-tracking branch 'github-kicksecure/master' 2022-07-09 11:37:41 -04:00
Patrick Schleizer
dc41a58102
Merge pull request #108 from Krish-sysadmin/master
Continue for loop if unable to change one directory's permission
2022-07-09 11:37:57 -04:00
Patrick Schleizer
1b8500cc22
bumped changelog version 2022-07-07 17:41:13 -04:00
Patrick Schleizer
277749f27b
genmkfile debinstfile 2022-07-07 15:49:08 -04:00
Patrick Schleizer
eb8535fe87
renamed: usr/bin/disabled-by-security-misc -> bin/disabled-by-security-misc 2022-07-07 15:48:39 -04:00
Patrick Schleizer
26b2c9727f
not blacklist CD-ROM / DVD yet
https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
2022-07-07 15:39:40 -04:00
Patrick Schleizer
d5c1650341
shuffle 2022-07-07 15:28:09 -04:00
Patrick Schleizer
ca19d78d48
shuffle 2022-07-07 15:27:15 -04:00