Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
241 Commits 2 Branches 291 Tags 8.2 MiB
8793708906
Commit Graph

241 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Patrick Schleizer
8793708906
Merge remote-tracking branch 'origin/master' 2019-07-09 03:23:26 -04:00
Patrick Schleizer
a9441e7be4
Merge pull request #22 from madaidan/patch-17 
Restrict access to the root account
 2019-07-09 07:21:47 +00:00
madaidan
24b326d906
Update control 2019-07-08 23:24:41 +00:00
madaidan
24d9eadcb2
Use 65536 hashing rounds 2019-07-08 23:19:59 +00:00
madaidan
86117d9577
Create common-password.security-misc 2019-07-08 23:19:19 +00:00
madaidan
8ad9a54b09
Don't allow root login from a terminal 2019-07-08 23:17:17 +00:00
madaidan
890298a3c8
Restrict su to users in the root group 2019-07-08 23:15:56 +00:00
madaidan
38099a2a5d
Create su.security-misc 2019-07-08 23:11:17 +00:00
Patrick Schleizer
50c00fcfa1
bumped changelog version 2019-07-08 00:23:52 +00:00
Patrick Schleizer
223b691833
add 'Depends: libpam-cgfs' 
https://forums.whonix.org/t/change-default-umask/7416/30?u=patrick
 2019-07-07 23:39:58 +00:00
Patrick Schleizer
d31a16f264
bumped changelog version 2019-07-07 23:00:27 +00:00
Patrick Schleizer
673aab6bc2
shut up pam-auth-update 2019-07-07 22:18:47 +00:00
Patrick Schleizer
67ff83262b
move to pam-auth-update --force 
--package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.
 2019-07-07 21:31:56 +00:00
Patrick Schleizer
8399a11367
bumped changelog version 2019-07-07 21:11:08 +00:00
Patrick Schleizer
d4c79cce69
add "Depends: libpam-runtime" so pam-auth-update is available 
for Debian maintainer script
 2019-07-07 21:09:26 +00:00
Patrick Schleizer
f68b96241c
comment 2019-07-07 21:08:28 +00:00
Patrick Schleizer
91fb21aafb
Due to error: 
Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so

run:
pam-auth-update --package
from Debian maintainer scripts
 2019-07-07 16:51:40 -04:00
Patrick Schleizer
e543c4bf82
apparmor fixes (this broke whonixcheck apparmor profile) 2019-07-07 16:37:46 -04:00
Patrick Schleizer
8f4a5f33b9
bumped changelog version 2019-07-07 09:39:12 +00:00
Patrick Schleizer
3558a9949f
Enable APT seccomp sandboxing. 
Thanks to @torjunkie for the suggestion!

https://forums.whonix.org/t/apt-seccomp-bpf-sandboxing/7702
 2019-07-07 09:37:25 +00:00
Patrick Schleizer
93e81b4330
bumped changelog version 2019-07-06 13:56:28 +00:00
Patrick Schleizer
3cd1a5ec09
fix lintian warning 2019-07-06 13:56:00 +00:00
Patrick Schleizer
b73cdfd7cc
bumped changelog version 2019-07-06 13:53:10 +00:00
Patrick Schleizer
7b0b9da32c
Merge remote-tracking branch 'origin/master' 2019-07-06 07:06:54 -04:00
Patrick Schleizer
649878fdcb
Merge pull request #20 from madaidan/patch-15 
Blacklist HDLC and use "install" for blacklisting firewire/thunderbolt
 2019-07-06 11:06:25 +00:00
madaidan
8888147e1e
Update control 2019-07-04 14:26:31 +00:00
madaidan
46409be8b6
Use install instead of blacklist 2019-07-04 14:25:28 +00:00
madaidan
eb7eaffba1
Blacklist n-hdlc 2019-07-04 14:24:44 +00:00
Patrick Schleizer
6df7b3c295
bumped changelog version 2019-07-01 15:23:49 +00:00
Patrick Schleizer
f82731698c
re-enable PrivateNetwork=true 2019-07-01 14:53:01 +00:00
Patrick Schleizer
81b38529d9
add copyright for files in etc/pam.d/* 2019-07-01 13:58:20 +00:00
Patrick Schleizer
552b6edbed
fix machine readable copyright format 2019-07-01 13:51:00 +00:00
Patrick Schleizer
a05264934b
add copyright for etc/login.defs.security-misc 2019-07-01 13:46:01 +00:00
Patrick Schleizer
48e511347c
fix lintian warning 2019-07-01 13:37:55 +00:00
Patrick Schleizer
93c0821054
config-package-dev displace files for change umask 
https://forums.whonix.org/t/change-default-umask/7416
 2019-07-01 13:35:45 +00:00
Patrick Schleizer
a73f0566e9
change default umask to 006 
session optional  pam_umask.so usergroups

https://forums.whonix.org/t/change-default-umask/7416/17
 2019-07-01 13:25:23 +00:00
Patrick Schleizer
41b61e3277
revert to Debian buster original 2019-07-01 13:24:29 +00:00
Patrick Schleizer
88a78b1c87
Merge remote-tracking branch 'origin/master' 2019-07-01 09:21:05 -04:00
Patrick Schleizer
8c60e7c67f
Merge pull request #18 from madaidan/patch-14 
Change the default umask to 006
 2019-07-01 13:20:21 +00:00
Patrick Schleizer
24cc8e380d
comment out proc-hidepid.service hardening for now 
since broken in Qubes Debian AppVMs

https://forums.whonix.org/t/kernel-hardening/7296/104
 2019-07-01 03:43:02 -04:00
Patrick Schleizer
0bffc7a930
Merge remote-tracking branch 'origin/master' 2019-07-01 03:08:26 -04:00
Patrick Schleizer
3c176ce158
allow permissions openat mkdir 
since required in Qubes Debian templates
 2019-07-01 03:07:14 -04:00
Patrick Schleizer
344d009032
Merge pull request #19 from madaidan/patch-15 
Add licensing to proc-hidepid.service
 2019-07-01 06:39:28 +00:00
madaidan
b8f2aee905
Add licensing 2019-06-30 13:22:43 +00:00
madaidan
cfaafe400c
Update control 2019-06-30 13:16:12 +00:00
madaidan
eedeaa0e7f
Update common-session-noninteractive 2019-06-30 13:12:59 +00:00
madaidan
a9af85f585
Update common-session 2019-06-30 13:12:16 +00:00
madaidan
1e1d29cfde
Create common-session-noninteractive 2019-06-30 13:11:31 +00:00
madaidan
501901f7c0
Change default umask to 006 2019-06-30 13:10:54 +00:00
madaidan
09a5c27f47
Create common-session 2019-06-30 13:10:29 +00:00