Commit Graph

323 Commits

Author SHA1 Message Date
Raja Grewal
73f1e23332
shuffle and rewording 2022-07-19 02:29:46 +10:00
Raja Grewal
39314b2912
Merge branch 'harden' of https://github.com/raja-grewal/security-misc into harden 2022-07-19 00:49:08 +10:00
Raja Grewal
bb831d57bc
delete repeated commands 2022-07-19 00:38:32 +10:00
Raja Grewal
c77a2a78bc
enforce default net.ipv6.icmp_ignore_bogus_error_responses 2022-07-19 00:37:31 +10:00
Raja Grewal
c4a1094760
Merge branch 'Kicksecure:master' into harden 2022-07-18 13:36:23 +00:00
Raja Grewal
a72bbb1883
Corrected kerenl module disabling 2022-07-13 23:42:13 +10:00
Raja Grewal
4e93b4d37e
Revert "enforce defualt net.ipv4.ip_forward"
This reverts commit 57b5b2145c.
2022-07-13 21:10:39 +10:00
Raja Grewal
a47922ad28
enforce of IOMMU TLB invalidation 2022-07-13 04:47:07 +10:00
Raja Grewal
33df16af80
disables random.trust_bootloader 2022-07-13 04:37:03 +10:00
Raja Grewal
d0779a96fc
add reference 2022-07-13 04:36:34 +10:00
Raja Grewal
74858d257b
enable randomize_kstack_offset 2022-07-13 04:34:35 +10:00
Raja Grewal
f572332108
disable slub_debug 2022-07-13 04:32:03 +10:00
Raja Grewal
57b5b2145c
enforce defualt net.ipv4.ip_forward 2022-07-13 04:30:43 +10:00
Raja Grewal
79156262c9
enforce default net.ipv4.icmp_ignore_bogus_error_responses 2022-07-13 04:29:42 +10:00
Raja Grewal
dabcaf22e1
enforce default kernel.randomize_va_space 2022-07-13 04:28:03 +10:00
Raja Grewal
48089e5ba4
More verbose kernel module blocking error logs 2022-07-12 17:02:12 +10:00
Raja Grewal
40ec791774
Updated comments 2022-07-12 16:58:16 +10:00
Raja Grewal
ef1ef9917d
Blacklist automatic loading of CD-ROM modules 2022-07-10 04:53:25 +10:00
Raja Grewal
61ef9bd59f
Incorporated Ubuntu’s kernel module blacklists 2022-07-10 04:52:00 +10:00
Patrick Schleizer
26b2c9727f
not blacklist CD-ROM / DVD yet
https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
2022-07-07 15:39:40 -04:00
Patrick Schleizer
ca19d78d48
shuffle 2022-07-07 15:27:15 -04:00
Raja Grewal
780dc8eec9
replace /bin/false -> /bin/disabled-by-security-misc 2022-07-08 04:11:25 +10:00
Raja Grewal
fa2e30f512
Updated descriptions of disabled modules 2022-07-08 03:04:37 +10:00
Raja Grewal
da389d6682
Revert "replace /bin/false -> /bin/true"
This reverts commit f0511635a9.
2022-07-08 02:12:04 +10:00
raja-grewal
f0511635a9
replace /bin/false -> /bin/true 2022-07-07 09:27:53 +00:00
raja-grewal
18d67dbc53
Blacklist more modules 2022-07-07 09:26:55 +00:00
Patrick Schleizer
1c0e071948
comments 2022-07-05 10:45:55 -04:00
Patrick Schleizer
5d47f5f74c
comments 2022-07-05 10:45:09 -04:00
Patrick Schleizer
435c689cf9
comments 2022-07-05 10:44:28 -04:00
Patrick Schleizer
c20d588d78
comments 2022-07-05 10:42:37 -04:00
Patrick Schleizer
b342ce930e
add /etc/default/grub.d/40_cold_boot_attack_defense.cfg 2022-07-05 10:28:22 -04:00
Patrick Schleizer
67eaf8c916
comments 2022-06-29 11:40:38 -04:00
Patrick Schleizer
72908d6b0d
comments 2022-06-29 11:34:55 -04:00
Patrick Schleizer
55d16e1602
remove unicode 2022-06-08 09:04:03 -04:00
Patrick Schleizer
fcaec49675
Merge remote-tracking branch 'github-kicksecure/master' 2022-06-08 08:20:24 -04:00
Patrick Schleizer
5c43197f10
minor 2022-06-08 08:11:28 -04:00
Kuri Schlarb
6e8f584d88
permission-hardening: Keep pam_unix.so password checking helper SetGID shadow 2022-06-08 05:29:42 +00:00
Kuri Schlarb
3910e4ee15
permission-hardening: Keep passwd executable but non-SetUID 2022-06-07 08:11:51 +00:00
Patrick Schleizer
2d37e3a1af
copyright 2022-05-20 14:46:38 -04:00
Patrick Schleizer
bb0307290b
update link 2022-04-16 14:18:35 -04:00
Patrick Schleizer
c72567dbd2
fix 2021-09-14 14:18:44 -04:00
Patrick Schleizer
d62bbaab82
fix, unduplicate kernel command line 2021-09-12 11:40:58 -04:00
Patrick Schleizer
bd31b4085c
remove Debian buster support in /etc/default/grub.d 2021-09-09 12:16:18 -04:00
Patrick Schleizer
ac0c492663
do not set kernel parameter quiet loglevel=0 for recovery boot option
for easier debugging
2021-09-06 08:22:55 -04:00
Patrick Schleizer
49902b8c56
move grub quiet to separate config file /etc/default/grub.d/41_quiet.cfg 2021-09-06 08:19:41 -04:00
Patrick Schleizer
f5b0e4b5b8
debugging 2021-09-06 04:55:16 -04:00
Patrick Schleizer
6257bfa926
debugging 2021-09-05 15:54:20 -04:00
Patrick Schleizer
a4e18a2ae8
dracut reproducible=yes 2021-09-04 18:28:37 -04:00
Patrick Schleizer
db43cedcfd
LANG=C str_replace 2021-08-22 05:23:24 -04:00
Patrick Schleizer
582492d6d8
port from pam_tally2 to pam_faillock
since pam_tally2 was deprecated upstream
2021-08-10 17:13:00 -04:00