Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
1,310 Commits 2 Branches 291 Tags 8.2 MiB
7e2efe0155
Commit Graph

372 Commits

Author SHA1 Message Date
Patrick Schleizer
2d37e3a1af
copyright 2022-05-20 14:46:38 -04:00
Patrick Schleizer
7651308787
Merge pull request #103 from 0xC0ncord/bugfix/selinuxfs_restrictions 
hide-hardware-info: re-enable restrictions on sysfs when using SELinux
 2022-05-19 19:39:42 -04:00
Patrick Schleizer
bb0307290b
update link 2022-04-16 14:18:35 -04:00
0xC0ncord
93efa506da hide-hardware-info: disable selinux whitelist by default 2022-03-17 11:41:57 -04:00
Patrick Schleizer
b0a0004a85
output 2022-02-10 13:47:10 -05:00
Patrick Schleizer
4f6f588fb5
fix, skip deletion of system.map files on read-only filesystems 
This is required for Qubes /lib/modules read-only implementation at time of writing.

Thanks to @marmarek for the bug report!

https://forums.whonix.org/t/remove-system-map-cannot-work-lib-modules-is-mounted-read-only/13324
 2022-02-10 13:44:55 -05:00
0xC0ncord
4172232eb7 hide-hardware-info: make indentation consistent 2021-10-10 16:03:40 -04:00
0xC0ncord
060d7d890a hide-hardware-info: re-enable restrictions on sysfs when using SELinux 
When using SELinux, restrict the parts of sysfs explicitly to ensure
restrictions are working as expected.
 2021-10-10 16:03:07 -04:00
Patrick Schleizer
be8c10496f
fix faillock implementation 
dovecot / ssh are exempted
 2021-09-01 15:55:53 -04:00
Patrick Schleizer
8b104f544a
fix, add sshd to pam_service_exclusion_list 
to avoid faillock
 2021-09-01 15:45:36 -04:00
Patrick Schleizer
db43cedcfd
LANG=C str_replace 2021-08-22 05:23:24 -04:00
Patrick Schleizer
582492d6d8
port from pam_tally2 to pam_faillock 
since pam_tally2 was deprecated upstream
 2021-08-10 17:13:00 -04:00
Patrick Schleizer
2bf0e7471c
port from pam_tally2 to pam_faillock 
since pam_tally2 was deprecated upstream
 2021-08-10 15:11:01 -04:00
Patrick Schleizer
2aea74bd71
renamed: usr/libexec/security-misc/pam_tally2-info -> usr/libexec/security-misc/pam-info 
renamed:    usr/libexec/security-misc/pam_tally2_not_if_x -> usr/libexec/security-misc/pam_faillock_not_if_x
renamed:    usr/share/pam-configs/tally2-security-misc -> usr/share/pam-configs/faillock-security-misc
 2021-08-10 15:06:04 -04:00
Patrick Schleizer
50bdd097df
move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS 2021-08-03 12:56:31 -04:00
Patrick Schleizer
4fadaad8c0
lintian FHS 2021-08-03 12:52:10 -04:00
Patrick Schleizer
6607c1e4bd
move /usr/lib/helper-scripts and /usr/lib/curl-scripts to /usr/libexec/helper-scripts as per lintian FHS 2021-08-03 12:48:57 -04:00
Patrick Schleizer
240ec7672a
replace no longer required /usr/lib/security-misc/apt-get-wrapper with apt-get --error-on=any 2021-08-03 12:19:26 -04:00
Patrick Schleizer
8eae635668
update lintian tag name 2021-08-03 11:51:31 -04:00
Patrick Schleizer
bb3e65f7a8
bullseye 2021-08-03 03:25:35 -04:00
Patrick Schleizer
b3e34f7f43
comment 2021-07-25 11:27:07 -04:00
Patrick Schleizer
7e128636b3
improve LKRG VirtualBox host configuration 
as per https://github.com/openwall/lkrg/issues/82#issuecomment-886188999
 2021-07-25 11:26:20 -04:00
Patrick Schleizer
257cef24ba
add LKRG compatibility settings automation for VirtualBox hosts 
https://github.com/openwall/lkrg/issues/82
 2021-07-24 18:03:40 -04:00
Patrick Schleizer
74e39cbf69
pam-abort-on-locked-password: more descriptive error handling 
https://forums.whonix.org/t/restrict-root-access/7658/1
 2021-06-20 11:18:56 -04:00
Patrick Schleizer
a67007f4b7
copyright 2021-03-17 09:45:21 -04:00
Patrick Schleizer
a1819e8cab
comment 2021-03-01 09:15:44 -05:00
Kenton Groombridge
4db7d6be64
hide-hardware-info: allow unrestricting selinuxfs 
On SELinux systems, the /sys/fs/selinux directory must be visible to
userspace utilities in order to function properly.
 2021-02-06 03:02:08 -05:00
Patrick Schleizer
af3244741d
comment 2021-01-29 23:15:52 -05:00
Patrick Schleizer
b0b7f569ee
comment 2021-01-28 02:11:54 -05:00
Patrick Schleizer
9622f28e25
skip counting failed login attempts from dovecot 
Failed dovecot logins should not result in account getting locked.

revert "use pam_tally2 only for login"
 2021-01-27 05:49:34 -05:00
Patrick Schleizer
6757104aa4
use pam_tally2 only for login 
to skip counting failed login attempts over ssh and mail login
 2021-01-24 05:04:48 -05:00
Patrick Schleizer
c5097ed599
comment 2020-12-06 04:23:09 -05:00
Patrick Schleizer
c031f22995
SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists 
`whitelists_disable_all=true`
 2020-12-01 05:14:48 -05:00
Patrick Schleizer
b09cc0de6a
Revert "SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists" 
This reverts commit 36a471ebce.
 2020-12-01 05:10:26 -05:00
Patrick Schleizer
36a471ebce
SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists 
`whitelists_disable_all=true`
 2020-12-01 05:02:34 -05:00
Patrick Schleizer
28a326a8a1
add feature /usr/lib/security-misc/permission-hardening-undo /path/to/filename 
to allow removing 1 SUID

fix, show INFO message if file does not exist during removal rather than ERROR
 2020-11-28 05:31:12 -05:00
Patrick Schleizer
abae787186
usability: pam abort when attempting to login to root when root password is locked 2020-11-05 06:47:16 -05:00
Patrick Schleizer
581e31af81
comment 2020-11-05 06:46:57 -05:00
Patrick Schleizer
dfe9b0f6c7
fix, no longer unconditionally abort pam for user accounts with locked passwords 
as locked user accounts might have valid sudoers exceptions

Thanks to @mimp for the bug report!

https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521
 2020-11-05 06:42:47 -05:00
Patrick Schleizer
211769dc65
comment 2020-11-05 06:41:51 -05:00
Patrick Schleizer
7952139731
comment 2020-11-05 06:39:32 -05:00
Patrick Schleizer
bb72c1278d
copyright 2020-11-05 06:36:39 -05:00
Patrick Schleizer
5c81e1f23f
import from anon-gpg-conf 2020-04-06 09:25:45 -04:00
Patrick Schleizer
1188a44f47
port to python 3.7 2020-04-04 16:49:30 -04:00
Patrick Schleizer
2ceea8d1fe
update copyright year 2020-04-01 08:49:59 -04:00
Patrick Schleizer
649ec5dfa1
pkexec wrapper: fix gdebi / synaptic 
but at cost of checking for passwordless sudo /etc/suders /etc/sudoers.d
exceptions.

http://forums.whonix.org/t/cannot-use-pkexec/8129/53
 2020-02-29 04:59:56 -05:00
Patrick Schleizer
9bbae903fe
remove-system.map: lower verbosity output 2020-02-15 05:29:48 -05:00
madaidan
31009f0bfa
Shred System.map files 2020-02-14 23:46:19 +00:00
Patrick Schleizer
1f6ed2cc70
add support for passing parameters to usr/lib/security-misc/apt-get-update 2020-02-03 08:55:20 -05:00
Patrick Schleizer
8627c9f76d
/usr/lib/security-misc/apt-get-update increase default timeout_after="600" 2020-01-31 12:18:02 -05:00