66 Commits

Author	SHA1	Message	Date
Patrick Schleizer	7309445ee5	comment	2023-11-06 16:52:27 -05:00
Patrick Schleizer	f09d97fc9e	whitelist VirtualBox	2023-11-06 16:50:19 -05:00
Patrick Schleizer	64c8c7a8d5	whitelist SSH	2023-11-06 16:47:31 -05:00
Patrick Schleizer	9682b51d54	whitelist virtualbox	2023-11-06 16:44:36 -05:00
Patrick Schleizer	a40b9bc095	comments	2023-11-06 16:40:22 -05:00
Patrick Schleizer	2c1a3da433	VirtualBoxVM matchwhitelist	2023-11-06 16:38:50 -05:00
Patrick Schleizer	4e96ffaabb	chrome-sandbox matchwhitelist	2023-11-06 16:37:19 -05:00
Patrick Schleizer	51decff2fd	exclude qfile-unpacker from permission hardener	2023-11-05 16:03:36 -05:00
Patrick Schleizer	1900c1ab07	pam exclude from permission-hardener	2023-11-05 15:57:49 -05:00
Patrick Schleizer	d1b5a3ffd5	/usr/sbin/pam-tmpdir-helper exactwhitelist ... https://github.com/Kicksecure/security-misc/pull/147	2023-11-03 12:55:34 -04:00
monsieuremre	f2c23a2831	ssh config	2023-10-27 10:53:45 +00:00
Patrick Schleizer	7cff267002	remove duplicates	2023-10-26 19:31:14 -04:00
monsieuremre	99355c6169	new lines 30_default.conf	2023-10-26 17:45:28 +00:00
Raja Grewal	7a4212dd76	Update copyright	2023-03-30 17:08:47 +11:00
Patrick Schleizer	55d16e1602	remove unicode	2022-06-08 09:04:03 -04:00
Patrick Schleizer	fcaec49675	Merge remote-tracking branch 'github-kicksecure/master'	2022-06-08 08:20:24 -04:00
Patrick Schleizer	5c43197f10	minor	2022-06-08 08:11:28 -04:00
Kuri Schlarb	6e8f584d88	permission-hardening: Keep pam_unix.so password checking helper SetGID shadow	2022-06-08 05:29:42 +00:00
Kuri Schlarb	3910e4ee15	permission-hardening: Keep passwd executable but non-SetUID	2022-06-07 08:11:51 +00:00
Patrick Schleizer	2d37e3a1af	copyright	2022-05-20 14:46:38 -04:00
Patrick Schleizer	bb0307290b	update link	2022-04-16 14:18:35 -04:00
Patrick Schleizer	c94281121e	comment	2021-08-01 16:37:02 -04:00
Patrick Schleizer	eff5af0318	https://forums.whonix.org/t/restrict-root-access/7658/116	2021-06-20 10:16:33 -04:00
madaidan	97d8db3f74	Restrict sudo's file permissions	2021-06-05 19:16:42 +00:00
Patrick Schleizer	a67007f4b7	copyright	2021-03-17 09:45:21 -04:00
Patrick Schleizer	b2b614ed2a	cover more folders in /usr/local	2020-12-06 04:15:52 -05:00
Patrick Schleizer	5bd267d774	refactoring	2020-12-06 04:10:50 -05:00
Patrick Schleizer	11cdce02a0	refactoring	2020-12-06 04:10:10 -05:00
Patrick Schleizer	f73c55f16c	/opt ... https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706/68	2020-12-06 04:08:58 -05:00
Patrick Schleizer	c031f22995	SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists ... `whitelists_disable_all=true`	2020-12-01 05:14:48 -05:00
Patrick Schleizer	b09cc0de6a	Revert "SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists" ... This reverts commit 36a471ebce.	2020-12-01 05:10:26 -05:00
Patrick Schleizer	704f0500ba	fix, rename 40_default_whitelist_[...].conf to 25_default_whitelist_[...].conf ... since whitelist needs to be defined before SUID removal commands	2020-12-01 05:03:16 -05:00
Patrick Schleizer	36a471ebce	SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists ... `whitelists_disable_all=true`	2020-12-01 05:02:34 -05:00
Patrick Schleizer	318ab570aa	simplify disabling of SUID Disabler and Permission Hardener whitelist ... split `/etc/permission-hardening.d/30_default.conf` into multiple files `/etc/permission-hardening.d/40_default_whitelist_[...].conf` therefore make it easier to delete any whitelisted SUID binaries	2020-12-01 04:28:15 -05:00
Patrick Schleizer	cf07e977bd	add /bin/pkexec exactwhitelist for consistency ... since there is already `/usr/bin/pkexec exactwhitelist`	2020-11-29 09:09:42 -05:00
Patrick Schleizer	938e929f39	add pkexec to suid default whitelist ... /usr/bin/pkexec exactwhitelist /usr/bin/pkexec.security-misc-orig exactwhitelist	2020-04-12 16:37:51 -04:00
Patrick Schleizer	2ceea8d1fe	update copyright year	2020-04-01 08:49:59 -04:00
Patrick Schleizer	f3ff32ddbb	Protect /bin/mount from 'chmod -x'. ... /bin/mount exactwhitelist /usr/bin/mount exactwhitelist Remove SUID from 'mount' but keep executable. /bin/mount 745 root root /usr/bin/mount 745 root root https://forums.whonix.org/t/disable-suid-binaries/7706/61	2019-12-30 06:39:24 -05:00
Patrick Schleizer	e5623fcd2b	comment	2019-12-29 04:21:52 -05:00
Patrick Schleizer	674840e6f9	/fusermount matchwhitelist ... unbreak AppImages such as electrum Bitcoin wallet https://forums.whonix.org/t/disable-suid-binaries/7706/57	2019-12-26 05:44:35 -05:00
madaidan	79241c5d09	Make /lib/modules unreadable	2019-12-23 20:28:29 +00:00
Patrick Schleizer	9d77d88a4d	comments	2019-12-23 09:39:50 -05:00
Patrick Schleizer	11b4192fbd	comments	2019-12-23 03:28:42 -05:00
Patrick Schleizer	2152fa2d61	comment	2019-12-23 02:38:53 -05:00
Patrick Schleizer	f8f2e6c704	fix disablewhitelist feature	2019-12-23 02:35:13 -05:00
Patrick Schleizer	47ddcad0c0	rename keyword whitelist to exactwhitelist ... add new keyword disablewhitelist refactoring	2019-12-23 02:29:47 -05:00
Patrick Schleizer	1ff56625a1	polkit-agent-helper-1 matchwhitelist to match both ... - /usr/lib/policykit-1/polkit-agent-helper-1 matchwhitelist - /lib/policykit-1/polkit-agent-helper-1	2019-12-23 01:42:03 -05:00
Patrick Schleizer	d484b299ea	matchwhitelist /qubes/qfile-unpacker to match both ... - /usr/lib/qubes/qfile-unpacker whitelist - /lib/qubes/qfile-unpacker	2019-12-23 01:38:31 -05:00
Patrick Schleizer	58a4e0bc7d	dbus-daemon-launch-helper matchwhitelist	2019-12-22 19:12:10 -05:00
Patrick Schleizer	15e3a2832d	comment	2019-12-22 18:57:23 -05:00