Patrick Schleizer
|
7dc99d54c0
|
fix
|
2023-11-03 12:09:39 -04:00 |
|
Patrick Schleizer
|
2a602e78d6
|
Merge branch 'master' into PAM-tmp-files-hardening
|
2023-11-03 12:08:50 -04:00 |
|
Patrick Schleizer
|
cdd66ee376
|
wrap-and-sort
|
2023-11-03 10:48:46 -04:00 |
|
Patrick Schleizer
|
07540db90d
|
Revert "Revert "set default umask to 027""
This reverts commit f8913ceb2e .
|
2023-11-03 09:45:12 -04:00 |
|
Patrick Schleizer
|
f8913ceb2e
|
Revert "set default umask to 027"
This reverts commit cd216095eb .
|
2023-11-03 09:43:44 -04:00 |
|
Patrick Schleizer
|
cd216095eb
|
set default umask to 027
using package libpam-umask
https://www.debian.org/doc/manuals/securing-debian-manual/ch04s11.en.html#id-1.5.14.19
https://github.com/Kicksecure/security-misc/pull/151
|
2023-11-03 09:12:24 -04:00 |
|
monsieuremre
|
3ee4be652b
|
depend on libpam-tmpdir
|
2023-11-02 09:36:58 +00:00 |
|
Patrick Schleizer
|
81ad786dfc
|
Kicksecure
|
2023-07-17 11:19:07 -04:00 |
|
Patrick Schleizer
|
ab56b7ca0c
|
Kicksecure
|
2023-07-17 11:10:05 -04:00 |
|
Patrick Schleizer
|
94a326ec7f
|
bookworm
|
2023-06-21 09:11:31 +00:00 |
|
Patrick Schleizer
|
07b3ce0bcd
|
Standards-Version: 4.6.1.0
|
2023-06-12 16:22:32 +00:00 |
|
Raja Grewal
|
7a4212dd76
|
Update copyright
|
2023-03-30 17:08:47 +11:00 |
|
Patrick Schleizer
|
ad5d0d4b12
|
disable kexec (revert enabling kexec)
remove kexec-utils for ram-wipe since moved to its own package
|
2023-01-09 06:37:45 -05:00 |
|
Patrick Schleizer
|
1e19c2cbad
|
Depends: kexec-tools
required for cold boot attack defense second RAM wipe after reboot
|
2023-01-07 15:32:25 -05:00 |
|
Patrick Schleizer
|
38cdf2722b
|
- Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks
- Confirm in console output if encrypted mounts (root disk) is unmounted. (Because that is a pre-condition for wiping the LUKS full disk encryption key from RAM.)
Thanks to @friedy10!
https://github.com/friedy10/dracut/tree/master/modules.d/40sdmem
https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596
|
2022-06-29 09:32:55 -04:00 |
|
Patrick Schleizer
|
2d37e3a1af
|
copyright
|
2022-05-20 14:46:38 -04:00 |
|
Patrick Schleizer
|
e2810f348b
|
Depends: libpam-modules-bin
|
2021-09-04 11:50:31 -04:00 |
|
Patrick Schleizer
|
5e3338f8d3
|
bullseye
|
2021-08-03 05:48:25 -04:00 |
|
Patrick Schleizer
|
a67007f4b7
|
copyright
|
2021-03-17 09:45:21 -04:00 |
|
Patrick Schleizer
|
611fbe2c61
|
description
|
2021-01-18 05:39:34 -05:00 |
|
madaidan
|
06ffd5d220
|
Restrict access to debugfs
|
2020-09-28 19:21:20 +00:00 |
|
Patrick Schleizer
|
72be31e870
|
disable proc-hidepid by default because incompatible with pkexec
and undo pkexec wrapper
|
2020-04-12 16:48:13 -04:00 |
|
Patrick Schleizer
|
565ff136e5
|
vm.swappiness=1
import from swappiness-lowest
https://forums.whonix.org/t/vm-swappiness-1-set-swapiness-to-lowest-setting-still-useful-swappiness-lowest/9278
|
2020-04-08 21:04:02 +00:00 |
|
Patrick Schleizer
|
a9d0baffe6
|
python -> python3
|
2020-04-08 16:57:32 +00:00 |
|
Patrick Schleizer
|
4153d8d088
|
apparmor-profile-anondist -> apparmor-profile-dist
|
2020-04-08 16:51:22 +00:00 |
|
Patrick Schleizer
|
663811a819
|
anon-base-files -> dist-base-files
|
2020-04-08 12:04:13 +00:00 |
|
Patrick Schleizer
|
5c81e1f23f
|
import from anon-gpg-conf
|
2020-04-06 09:25:45 -04:00 |
|
Patrick Schleizer
|
d9f2a0e4a1
|
remove 'Build-Depends: ronn' since no longer required
|
2020-04-01 17:34:59 -04:00 |
|
Patrick Schleizer
|
eda9c57a62
|
remove genmkfile
|
2020-04-01 16:57:33 -04:00 |
|
Patrick Schleizer
|
2ceea8d1fe
|
update copyright year
|
2020-04-01 08:49:59 -04:00 |
|
Patrick Schleizer
|
15dde15a36
|
typo
|
2020-03-03 09:42:24 -05:00 |
|
Patrick Schleizer
|
cd19c2da00
|
fix lintian warning
|
2020-03-03 09:18:24 -05:00 |
|
Patrick Schleizer
|
453aa8a4eb
|
Merge pull request #65 from madaidan/userfaultfd
Restrict the userfaultfd() syscall to root
|
2020-02-29 12:28:32 +00:00 |
|
Patrick Schleizer
|
e3e39f2235
|
Merge remote-tracking branch 'origin/master'
|
2020-02-29 05:01:41 -05:00 |
|
Patrick Schleizer
|
b31caefdeb
|
description
|
2020-02-29 04:59:02 -05:00 |
|
Patrick Schleizer
|
bd7678c574
|
Merge pull request #66 from madaidan/mce
Fix docs
|
2020-02-28 12:04:05 +00:00 |
|
madaidan
|
42d3b986c4
|
Update control
|
2020-02-27 17:41:14 +00:00 |
|
Patrick Schleizer
|
4043d2af3f
|
description
|
2020-02-25 02:06:48 -05:00 |
|
Patrick Schleizer
|
0e5187ff24
|
description
|
2020-02-25 02:00:27 -05:00 |
|
madaidan
|
60fbf8b0de
|
Update control
|
2020-02-24 18:24:07 +00:00 |
|
madaidan
|
8ea4e50c8e
|
Update control
|
2020-02-16 19:52:40 +00:00 |
|
Patrick Schleizer
|
1e5946c795
|
Merge branch 'master' into sysrq
|
2020-02-15 10:41:52 +00:00 |
|
madaidan
|
0f49736957
|
Update control
|
2020-02-14 18:18:18 +00:00 |
|
madaidan
|
ace6211176
|
Update control
|
2020-02-14 17:51:17 +00:00 |
|
Patrick Schleizer
|
ad6b766886
|
Merge pull request #57 from madaidan/sysctl
Prevent symlink/hardlink TOCTOU races
|
2020-02-13 18:40:58 +00:00 |
|
madaidan
|
2796c2dd00
|
Update control
|
2020-02-12 18:43:19 +00:00 |
|
madaidan
|
14f8458374
|
Update control
|
2020-02-12 18:05:32 +00:00 |
|
Patrick Schleizer
|
c1a0da60be
|
set kernel boot parameter l1tf=full,force and nosmt=force
https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17
|
2020-01-30 00:46:48 -05:00 |
|
Patrick Schleizer
|
f4c54881ac
|
description
|
2020-01-24 04:49:19 -05:00 |
|
Patrick Schleizer
|
a37da1c968
|
add digits to drop-in file names
|
2020-01-24 04:39:06 -05:00 |
|