security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-12-17 13:23:59 -05:00

Author	SHA1	Message	Date
Aaron Rainbolt	84e193c44e	Merge remote-tracking branch 'raja/stop_tw_reuse' into arraybolt3/trixie	2025-11-28 14:21:59 -06:00
Aaron Rainbolt	65c45fc3d7	Minor fixes to NMI panic docs	2025-11-28 00:13:45 -06:00
Aaron Rainbolt	37b1d055f1	Merge remote-tracking branch 'raja/panic_nmi' into arraybolt3/trixie	2025-11-28 00:09:43 -06:00
Patrick Schleizer	5c4d3162ab	fix	2025-11-23 05:25:13 -05:00
raja-grewal	ebc011e67b	Typo	2025-11-19 11:35:04 +11:00
raja-grewal	d891313d57	Provide options to panic upon receiving NMIs	2025-11-11 11:39:21 +00:00
raja-grewal	5ac02d2d52	Set `net.ipv4.tcp_tw_reuse=0`	2025-11-10 06:13:35 +00:00
Aaron Rainbolt	5fbd42bbec	Add kill-vboxdrmclient-on-shutdown.service	2025-11-09 18:38:54 -06:00
Patrick Schleizer	0391411885	revert Force immediate kernel panic on OOM. https://github.com/Kicksecure/security-misc/issues/324#issuecomment-3507949741	2025-11-09 05:47:00 -05:00
Aaron Rainbolt	fa32ba6c4f	Suppress usbguard startup unless a USB controller is visible to lspci	2025-11-07 17:09:34 -06:00
Patrick Schleizer	1f093f8175	do not start usbguard-notifier if /sys/bus/usb does not exist	2025-10-22 00:37:36 -04:00
Aaron Rainbolt	29639fe69e	Merge remote-tracking branch 'raja/bad_ipv6_ra' into arraybolt3/trixie	2025-10-15 19:01:08 -05:00
Aaron Rainbolt	026d55ac41	Typo fixes	2025-10-15 18:30:52 -05:00
Aaron Rainbolt	35fce26476	Merge remote-tracking branch 'raja/stop_ptrace' into arraybolt3/trixie	2025-10-15 18:18:33 -05:00
raja-grewal	2304174171	Insert empty new line	2025-10-12 02:32:45 +00:00
raja-grewal	7161430a60	Seperate `ptrace()` disabling into own file	2025-10-12 02:27:48 +00:00
Patrick Schleizer	968de33c65	Force immediate kernel panic on OOM. This is to avoid security features such as the screen locker, kloak, emerg-shutdown from being arbitrarily terminated when the system starts running out of memory. https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14 https://github.com/Kicksecure/security-misc/issues/324 `vm.panic_on_oom=2` implements https://github.com/Kicksecure/security-misc/issues/324	2025-10-10 08:03:03 -04:00
raja-grewal	0c8f2f1b44	Add docs about the risks associated with IPv6 RAs	2025-10-02 07:05:00 +00:00
raja-grewal	194b8fce4e	Disable the usage of `ptrace()` by all processes	2025-09-28 03:20:24 +00:00
Aaron Rainbolt	2a39d5997c	security-misc split string changes	2025-09-21 16:06:11 -05:00
Patrick Schleizer	f70550d015	Split the `security-misc` into `security-misc-shared`, `security-misc-desktop` and `security-misc-server`: rename files https://github.com/Kicksecure/security-misc/issues/187	2025-09-17 14:49:28 -04:00
Aaron Rainbolt	cd44a7e136	Disable memlockd service by default, fix systemd path	2025-08-22 16:00:25 -05:00
Aaron Rainbolt	28f44d2e1d	Disable emerg-shutdown and ensure-shutdown on Qubes OS	2025-08-22 15:50:28 -05:00
Aaron Rainbolt	53e930b4cc	Merge branch 'master' into arraybolt3/trixie	2025-08-21 20:09:48 -05:00
Aaron Rainbolt	df8a323d03	Fix XDG handling, replace Xfce with LXQt where appropriate, make USBGuard configuration work	2025-08-21 18:39:28 -05:00
raja-grewal	e48897cc44	Merge branch 'master' into panic_limits	2025-08-21 10:27:44 +10:00
raja-grewal	add054933b	Update docs on instant reboot when kernel panic	2025-08-21 00:24:28 +00:00
Patrick Schleizer	5d67277c9f	comments	2025-08-20 09:46:43 -04:00
raja-grewal	a471069378	Remove link	2025-08-19 11:03:05 +10:00
Aaron Rainbolt	b5a36e02f1	Merge remote-tracking branch 'raja/panic_limits' into arraybolt3/trixie	2025-08-17 13:52:01 -05:00
raja-grewal	6df3e3cde8	Update kernel panic service description	2025-08-17 06:32:11 +00:00
raja-grewal	247015bcc6	Set `sysctl kernel.panic=-1`	2025-08-17 06:27:44 +00:00
raja-grewal	c33f7d04e2	Remove duplicate comment	2025-08-16 03:32:48 +00:00
Aaron Rainbolt	a2a9e8440b	Merge branch 'trixie_docs' into arraybolt3/trixie	2025-08-15 16:06:35 -05:00
Aaron Rainbolt	4930703b8c	Merge branch 'master' into arraybolt3/trixie	2025-08-09 21:30:45 -05:00
Patrick Schleizer	046c932898	`disable emerg-shutdown.service`: Disabled due to bug: breaks ISO Live Mode Calamares installer	2025-08-09 05:40:11 -04:00
Aaron Rainbolt	5f2425ba6f	Merge branch 'arraybolt3/emerg-shutdown' into arraybolt3/trixie	2025-08-06 20:21:01 -05:00
Aaron Rainbolt	44e7d3059a	Integrate emerg-shutdown into the initramfs	2025-08-06 19:10:14 -05:00
Aaron Rainbolt	86f44063eb	Port to Trixie.	2025-08-05 22:58:06 -05:00
raja-grewal	498551536c	Update docs	2025-08-06 03:12:06 +00:00
raja-grewal	45d20dd972	Upgrade sysctls and docs on kernel panics	2025-08-06 02:35:15 +00:00
Aaron Rainbolt	5a17e67c0a	Fix local-fs.target dependency in emerg-shutdown.service	2025-08-05 20:14:07 -05:00
Aaron Rainbolt	63f2909341	Fix emerg-shutdown and ensure-shutdown libexec scripts, start emerg-shutdown and ensure-shutdown earlier	2025-08-03 15:00:14 -05:00
Aaron Rainbolt	1a60da71ed	emerg-shutdown: Add shutdown timeout for preventing stuck shutdowns, briefly document feature set and usage	2025-07-29 21:16:51 -05:00
Aaron Rainbolt	e42078e90d	emerg-shutdown: fix the hang-on-shutdown bug, add autodetection of new keyboards, shutdown key configuration, and instant shutdown option	2025-07-28 20:43:54 -05:00
Aaron Rainbolt	e387086de4	Allow specifying alternative keys in panic key combo, fix optical disk eject handling	2025-07-15 00:01:50 -05:00
Aaron Rainbolt	2a7071055f	Merge branch 'master' into arraybolt3/emerg-shutdown	2025-07-13 15:21:34 -05:00
raja-grewal	bb208fb134	Merge branch 'Kicksecure:master' into erst	2025-07-02 11:35:50 +10:00
raja-grewal	4314b1e85b	Add comment	2025-07-01 13:36:39 +10:00
raja-grewal	dd0b55cc45	Add reference	2025-06-03 12:32:17 +10:00

1 2 3 4 5 ...

610 commits