Commit Graph

514 Commits

Author SHA1 Message Date
madaidan
8ad9a54b09
Don't allow root login from a terminal 2019-07-08 23:17:17 +00:00
madaidan
890298a3c8
Restrict su to users in the root group 2019-07-08 23:15:56 +00:00
madaidan
38099a2a5d
Create su.security-misc 2019-07-08 23:11:17 +00:00
madaidan
2a17427055
Create security-misc 2019-07-08 23:01:30 +00:00
madaidan
4ac700ded0
Create 50panic_on_oops 2019-07-08 22:59:39 +00:00
Patrick Schleizer
e543c4bf82
apparmor fixes (this broke whonixcheck apparmor profile) 2019-07-07 16:37:46 -04:00
Patrick Schleizer
3558a9949f
Enable APT seccomp sandboxing.
Thanks to @torjunkie for the suggestion!

https://forums.whonix.org/t/apt-seccomp-bpf-sandboxing/7702
2019-07-07 09:37:25 +00:00
madaidan
46409be8b6
Use install instead of blacklist 2019-07-04 14:25:28 +00:00
madaidan
eb7eaffba1
Blacklist n-hdlc 2019-07-04 14:24:44 +00:00
Patrick Schleizer
93c0821054
config-package-dev displace files for change umask
https://forums.whonix.org/t/change-default-umask/7416
2019-07-01 13:35:45 +00:00
Patrick Schleizer
a73f0566e9
change default umask to 006
session optional  pam_umask.so usergroups

https://forums.whonix.org/t/change-default-umask/7416/17
2019-07-01 13:25:23 +00:00
Patrick Schleizer
41b61e3277
revert to Debian buster original 2019-07-01 13:24:29 +00:00
madaidan
eedeaa0e7f
Update common-session-noninteractive 2019-06-30 13:12:59 +00:00
madaidan
a9af85f585
Update common-session 2019-06-30 13:12:16 +00:00
madaidan
1e1d29cfde
Create common-session-noninteractive 2019-06-30 13:11:31 +00:00
madaidan
501901f7c0
Change default umask to 006 2019-06-30 13:10:54 +00:00
madaidan
09a5c27f47
Create common-session 2019-06-30 13:10:29 +00:00
madaidan
a319333493
Create login.defs 2019-06-30 13:09:51 +00:00
madaidan
230ef34db4
Create disable-coredumps.conf 2019-06-30 00:19:04 +00:00
madaidan
1bf802f846
Create coredumps.conf 2019-06-30 00:16:50 +00:00
madaidan
f040081a59
Prevent setuid processes from creating coredumps. 2019-06-30 00:13:52 +00:00
Patrick Schleizer
ab312235ba
Merge pull request #14 from madaidan/patch-10
Add some hardening for other distributions
2019-06-28 06:59:16 +00:00
Patrick Schleizer
5e02100e34
Merge pull request #13 from madaidan/patch-9
Remove System.map and restrict the SysRq key.
2019-06-28 06:58:32 +00:00
Patrick Schleizer
7e12e16dc0
Merge pull request #11 from madaidan/patch-7
Protect against DMA attacks
2019-06-28 06:57:42 +00:00
madaidan
3801a53a9e
Update tcp_hardening.conf 2019-06-27 18:17:58 +00:00
madaidan
c54125270b
Create dmesg_restrict.conf 2019-06-27 18:15:57 +00:00
madaidan
01c839c815
Restrict what the SysRq key can do 2019-06-25 19:16:43 +00:00
Patrick Schleizer
2a6289980e
syntax fix
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"

https://forums.whonix.org/t/kernel-hardening/7296/70
2019-06-23 18:46:52 +00:00
Patrick Schleizer
aec6da28e9
Merge pull request #10 from madaidan/patch-6
Enable more kernel hardening parameters
2019-06-23 18:45:24 +00:00
madaidan
641407c8e9
Enable IOMMU 2019-06-23 18:38:50 +00:00
madaidan
07c6362f1a
Blacklist thunderbolt and firewire 2019-06-23 18:34:45 +00:00
madaidan
2178fb37a8
Add more kernel hardening parameters 2019-06-23 17:54:34 +00:00
madaidan
807ac7d659
Create tcp_sack.conf 2019-06-22 16:08:30 +00:00
Patrick Schleizer
49873e8e02
solve package file conflict
https://github.com/QubesOS/qubes-issues/issues/1885#issuecomment-500200375
2019-06-09 10:06:58 +00:00
madaidan
7177c6041a
Create uncommon-network-protocols.conf 2019-05-16 20:30:49 +00:00
Patrick Schleizer
7d7b899dd1
Merge pull request #6 from madaidan/patch-2
Even more kernel hardening
2019-05-16 19:52:52 +00:00
madaidan
b814f338b8
Update tcp_hardening.conf 2019-05-16 16:33:03 +00:00
madaidan
e6794721bd
Update ptrace_scope.conf 2019-05-16 16:29:20 +00:00
Patrick Schleizer
137bc073c5
port to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml
https://forums.whonix.org/t/whonix-xfce-development/6213/84?u=patrick
2019-05-08 21:38:25 -04:00
Patrick Schleizer
b00a264ce2
Disable thunar-volman by default. 2019-05-08 21:29:36 -04:00
madaidan
a4852ad6c8
Create fs_protected.conf 2019-05-06 20:37:53 +00:00
madaidan
0296e51e06
Create ptrace_scope.conf 2019-05-06 15:46:37 +00:00
madaidan
2923fc96ef
Create tcp_hardening.conf 2019-05-06 15:45:53 +00:00
madaidan
4216299ee8
Create kexec.conf 2019-05-06 15:42:55 +00:00
Patrick Schleizer
f917c27a19
remove trailing spaces 2019-05-06 05:51:14 -04:00
madaidan
02e8888b0b
Update 40_kernel_hardening.cfg 2019-05-05 20:17:33 +00:00
madaidan
3695d7491e
Create 40_kernel_hardening.cfg 2019-05-05 14:42:03 +00:00
madaidan
d2ca85c686
Create mmap_aslr.conf 2019-05-05 14:36:30 +00:00
madaidan
197c1120a9
Create harden_bpf.conf 2019-05-05 14:35:42 +00:00
madaidan
351db0ef7f
Create kptr_restrict.conf 2019-05-05 14:34:41 +00:00
Patrick Schleizer
63b080f40b
fix hiding network bookmark in thunar by default
Thanks to @Algernon for suggesting the fix!
2018-11-19 06:27:52 -05:00
Patrick Schleizer
daf7fc002b
Disables network bookmark by default. 2018-11-19 03:08:20 -05:00
Algernon-01
f84f988118 Enabled hidden files and volume management. 2018-11-08 07:22:35 +00:00
Algernon-01
5aebf29214 Security and general settings for Thunar. 2018-11-02 10:16:09 +00:00
Patrick Schleizer
008a97d9e7
disable previews in thunar 2018-10-31 02:22:43 -04:00
Patrick Schleizer
5b3fc2f6b9
update copyright 2018-01-29 15:22:05 +00:00
Patrick Schleizer
ff28f5932c
update copyright 2018-01-29 15:09:42 +00:00
Patrick Schleizer
49cde21078
Whonix 14 KDE plasma 5 fixes
https://phabricator.whonix.org/T633
2017-02-21 19:54:41 +00:00
Patrick Schleizer
c59d15d48f
Debian stretch / kde plasma5 fix: KDEDIRS -> XDG_CONFIG_DIRS
https://phabricator.whonix.org/T633
2017-02-15 20:46:22 +00:00
Patrick Schleizer
6cda8b1496
disable conntrack helper for better security
https://phabricator.whonix.org/T486
2016-10-10 16:10:30 +00:00
Patrick Schleizer
192d1e0cee
/etc/sysctl.d/nf_conntrack_helper.conf disabled for now as it needs more work
https://phabricator.whonix.org/T486
2016-04-25 23:19:54 +00:00
HulaHoopWhonix
92d738db56 Create nf_conntrack_helper.conf 2016-03-31 02:53:12 +00:00
HulaHoopWhonix
5992a7f026 Create tcp_timestamps.conf 2016-03-31 02:48:06 +00:00
Patrick Schleizer
d3ccf0eeaf
initial commit 2015-12-15 02:00:24 +00:00