security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00

Author	SHA1	Message	Date
Raja Grewal	8559079312	Enable `vdso32=0`	2024-08-05 15:10:02 +10:00
Patrick Schleizer	725118c575	Merge pull request #243 from raja-grewal/namespaces Restrict unprivileged user namespaces	2024-08-04 16:19:52 -04:00
Patrick Schleizer	6d97408a6d	Merge pull request #255 from raja-grewal/SLUB Restore option to enable `slub_debug=FZ`	2024-08-04 16:11:46 -04:00
Raja Grewal	22b6cee80c	Add details about `slub_debug`	2024-08-03 15:11:14 +10:00
Raja Grewal	b77d1a2b98	Revert "Remove the optional `slub_debug` parameter since it is no longer recommended" This reverts commit `48e1ac4163`.	2024-08-03 14:49:48 +10:00
Raja Grewal	ca2179bb6a	Provide the option to disable legacy TIOCSTI operation	2024-08-03 00:25:49 +10:00
Raja Grewal	52aeacb4da	Provide option to disable 32 bit vDSO mappings	2024-08-03 00:13:38 +10:00
Raja Grewal	9099ecce8a	Provide option to enable the kernel Electric-Fence	2024-08-03 00:12:50 +10:00
Patrick Schleizer	886f6095db	Merge pull request #250 from raja-grewal/Panik-Kalm Add details on "oopes" and kernel panics	2024-07-26 11:08:30 -04:00
Raja Grewal	ed3336694c	Provide the option to immediately reboot on a kernel panics	2024-07-25 10:28:27 +10:00
Raja Grewal	3926b91dcf	Add documentation on `sysctl kernel.panic_on_oops=1`	2024-07-25 10:26:23 +10:00
Raja Grewal	fb494c2ba5	Update docs relating to the `cfi=kcfi` kernel parameter	2024-07-23 13:12:13 +10:00
Raja Grewal	d6fc71dba7	Add option to switch (back) to using kCFI in the future	2024-07-22 17:26:00 +10:00
Patrick Schleizer	9f53a0182b	undo io_uring related changes as these should be done in a separate pull request (if apprpriate) https://github.com/Kicksecure/security-misc/pull/244#issuecomment-2238889062	2024-07-19 07:20:59 -04:00
Raja Grewal	95286df502	Update README.md regarding secure ICMP redirects	2024-07-18 15:28:31 +10:00
Raja Grewal	13cc1f0986	Clarify (future) disabling of `io_uring`	2024-07-18 12:25:00 +10:00
Raja Grewal	9e6facda70	Update module disabling presentation	2024-07-18 12:21:37 +10:00
Raja Grewal	faa9181a6c	Typos	2024-07-18 12:19:27 +10:00
Raja Grewal	6d211faf59	Restrict unprivileged user namespaces	2024-07-18 11:04:54 +10:00
Patrick Schleizer	5cec685cf9	spelling	2024-07-17 10:49:21 -04:00
Patrick Schleizer	821a416fe3	spelling	2024-07-17 10:43:16 -04:00
Patrick Schleizer	0da22c2031	minor	2024-07-17 09:07:31 -04:00
Patrick Schleizer	df80385289	Merge pull request #237 from raja-grewal/intel_pmt Disable some Intel PMT kernel modules	2024-07-17 09:04:18 -04:00
Patrick Schleizer	afe3c25a49	update readme https://github.com/Kicksecure/security-misc/issues/239	2024-07-17 08:58:00 -04:00
Patrick Schleizer	f7772fb85a	minor	2024-07-17 08:57:35 -04:00
Patrick Schleizer	a2802f352f	Merge remote-tracking branch 'raja/kargs'	2024-07-17 08:38:23 -04:00
Patrick Schleizer	070bb46a08	Merge remote-tracking branch 'raja/sysctl'	2024-07-17 08:02:45 -04:00
Patrick Schleizer	cf5f0edbb8	Merge remote-tracking branch 'raja/sysctl'	2024-07-17 07:59:35 -04:00
Raja Grewal	25fd532ce6	Update README.md relating to `sysctl`'s	2024-07-17 21:56:40 +10:00
Raja Grewal	d1119c38b6	Apply changes from code review	2024-07-17 00:31:23 +10:00
Raja Grewal	724435e56e	Disable some Intel Platform Monitoring Technology Telemetry (PMT) modules	2024-07-15 22:38:43 +10:00
Raja Grewal	8219a1e257	Update README.md relating to disabled miscellaneous modules	2024-07-15 21:02:10 +10:00
Raja Grewal	82c5a93f7c	Disable another GPS module	2024-07-15 20:53:07 +10:00
Raja Grewal	b2657bc61f	Improve docs	2024-07-15 15:05:00 +10:00
Raja Grewal	69c8e84927	Fix typos	2024-07-15 14:38:21 +10:00
Raja Grewal	48e1ac4163	Remove the optional `slub_debug` parameter since it is no longer recommended	2024-07-15 02:04:25 +10:00
Raja Grewal	99038c7a06	Add option to disable support for x86 processes and syscalls in the future	2024-07-15 02:02:01 +10:00
Raja Grewal	f550fbe07c	Add option to disable the entire IPv6 stack functionality	2024-07-15 01:59:04 +10:00
Raja Grewal	a33d4cd099	Refactor existing kernel parameters for clarity	2024-07-15 01:56:25 +10:00
Raja Grewal	acd60e45d8	Add comment about enabling core dump files	2024-07-14 20:07:31 +10:00
Raja Grewal	5cf9afc215	Include optional `sysctl`'s in README.md	2024-07-14 17:05:49 +10:00
Raja Grewal	9f58266546	Move nf_conntrack_helper disabling into separate file	2024-07-13 23:32:01 +10:00
Raja Grewal	8f2ec75f81	Clarify README.mmd relating to module disabling	2024-07-13 23:30:55 +10:00
Raja Grewal	2de3a79599	Refactor existing sysctl for clarity	2024-07-13 22:41:40 +10:00
Raja Grewal	5f10cc8bcf	Update README.md relating to modprobe	2024-07-12 16:22:10 +10:00
Raja Grewal	b02230a783	Split modprobe into blacklisted and disabled configurations	2024-07-12 02:42:37 +10:00
Patrick Schleizer	c815304026	readme	2024-06-01 14:12:57 -04:00
raja-grewal	2f716050d1	Update README.md	2024-05-12 01:06:34 +00:00
Raja Grewal	dddac1dc40	Update README.md	2024-05-11 13:15:42 +10:00
Patrick Schleizer	0d78ecaee3	README	2024-01-16 09:26:21 -05:00

1 2 3 4

173 Commits