Commit Graph

1338 Commits

Author SHA1 Message Date
madaidan
5da2a27bf0
Distrust the CPU for initial entropy 2019-12-02 16:43:00 +00:00
Patrick Schleizer
6ca48fffdc
bumped changelog version 2019-11-28 10:22:41 -05:00
Patrick Schleizer
ab696f5571
readme 2019-11-28 10:05:39 -05:00
Patrick Schleizer
25aed91eb1
description 2019-11-28 09:20:46 -05:00
Patrick Schleizer
0c4e5df3e0
description 2019-11-28 09:18:05 -05:00
Patrick Schleizer
5ac2a6f9ac
description 2019-11-28 09:17:32 -05:00
Patrick Schleizer
ff3412fbe0
fix, make sure to undo pam changes on package removal
Thanks to minimal for the bug report!

https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/11
2019-11-27 10:22:31 -05:00
Patrick Schleizer
62b924eea7
Merge remote-tracking branch 'origin/master' 2019-11-26 13:00:36 -05:00
Patrick Schleizer
ba02dcb267
Merge pull request #37 from madaidan/apparmor-fixes
Fix permission-lockdown
2019-11-26 18:00:11 +00:00
madaidan
d9d6d07714
/dev/pts/[0-9]* rw, 2019-11-26 17:12:12 +00:00
Patrick Schleizer
9091f69edd
bumped changelog version 2019-11-25 08:51:36 +00:00
Patrick Schleizer
57ce06c0eb
readme 2019-11-25 08:41:45 +00:00
Patrick Schleizer
aa5451c8cd
Lock user accounts after 50 rather than 100 failed login attempts.
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19
2019-11-25 01:39:53 -05:00
Patrick Schleizer
6277db1383
bumped changelog version 2019-11-23 14:07:45 +00:00
Patrick Schleizer
6a6a638ef0
readme 2019-11-23 14:06:28 +00:00
Patrick Schleizer
fe1f1b73a7
load jitterentropy_rng kernel module for better entropy collection
https://www.whonix.org/wiki/Dev/Entropy

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972

https://forums.whonix.org/t/jitterentropy-rngd/7204
2019-11-23 11:20:32 +00:00
Patrick Schleizer
d32024a3da
/usr/sbin/pam_tally2 mrix,
https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/152
2019-11-23 05:53:19 -05:00
Patrick Schleizer
03e8023847
output 2019-11-22 14:11:30 -05:00
Patrick Schleizer
e76e1475b0
comment 2019-11-22 12:24:35 -05:00
Patrick Schleizer
a99dfd067a
bumped changelog version 2019-11-19 15:31:55 +00:00
Patrick Schleizer
81e4f580af
etc/apparmor.d/usr.lib.security-misc.permission-lockdown: /usr/bin/chmod mrix, 2019-11-19 15:29:02 +00:00
Patrick Schleizer
8ad8dbea5a
bumped changelog version 2019-11-18 19:16:16 +00:00
Patrick Schleizer
9a20b85fe1
Merge remote-tracking branch 'origin/master' 2019-11-17 11:20:17 -05:00
Patrick Schleizer
2b17c0f3e4
Merge pull request #36 from madaidan/hidepid-fix
Remove proc-hidepid systemd sandboxing
2019-11-17 16:19:55 +00:00
madaidan
e92022a21c
Remove systemd sandboxing 2019-11-16 14:56:28 +00:00
Patrick Schleizer
477d476bb1
etc/apparmor.d/usr.lib.security-misc.pam_tally2-info: add '#include <abstractions/base>' 2019-11-10 08:29:44 -05:00
Patrick Schleizer
11dc23bf08
etc/apparmor.d/usr.lib.security-misc.permission-lockdown: add '#include <abstractions/base>' 2019-11-10 08:28:32 -05:00
Patrick Schleizer
d1d61b106b
bumped changelog version 2019-11-09 18:44:50 +00:00
Patrick Schleizer
9f2932faab
/usr/bin/id rix, 2019-11-09 13:32:21 -05:00
Patrick Schleizer
6b7df973f6
bumped changelog version 2019-11-09 12:57:45 +00:00
Patrick Schleizer
2e73c053b5
fix lintian warning 2019-11-09 12:55:00 +00:00
Patrick Schleizer
6e28774f95
bumped changelog version 2019-11-09 12:23:15 +00:00
Patrick Schleizer
94d40c68d4
do not set kernel boot parameter page_poison=1 in Qubes since does not work
https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012
2019-11-05 10:02:55 -05:00
Patrick Schleizer
f57702c158
comments; copyright 2019-11-05 09:55:43 -05:00
Patrick Schleizer
74293bcd2f
output 2019-11-05 01:59:25 -05:00
Patrick Schleizer
2b5b06b602
output 2019-11-05 01:59:19 -05:00
Patrick Schleizer
d6977becba
refactoring 2019-11-05 01:51:14 -05:00
Patrick Schleizer
daf0006795
comment 2019-11-05 01:50:27 -05:00
Patrick Schleizer
78defc4d0b
add /var/cache/security-misc/state-files/placeholder file
to make sure folder already exists to avoid AppArmor issue

https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/76
2019-11-03 04:34:31 -05:00
Patrick Schleizer
7c0ec7e507
readme 2019-11-03 04:23:40 -05:00
Patrick Schleizer
b55c2fd62e
Enables punycode (network.IDN_show_punycode) by default in Thunderbird
to make phising attacks more difficult. Fixing URL not showing real Domain
Name (Homograph attack).

https://forums.whonix.org/t/enable-network-idn-show-punycode-by-default-in-thunderbird-to-fix-url-not-showing-real-domain-name-homograph-attack-punycode/8415
2019-11-03 02:50:51 -05:00
Patrick Schleizer
bf62306d4f
bumped changelog version 2019-10-31 16:34:35 +00:00
Patrick Schleizer
e1375802eb
apparmor fix
https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/67
2019-10-31 16:32:28 +00:00
Patrick Schleizer
6e5d8b357d
bumped changelog version 2019-10-31 16:06:51 +00:00
Patrick Schleizer
203d5cfa68
copyright 2019-10-31 11:19:44 -04:00
Patrick Schleizer
f001250ae6
Merge remote-tracking branch 'origin/master' 2019-10-28 10:31:30 -04:00
Patrick Schleizer
5a3cbe8100
Merge pull request #35 from madaidan/apparmor
Apparmor profiles
2019-10-28 14:30:45 +00:00
madaidan
0e49bdc45f
Licensing 2019-10-28 14:26:14 +00:00
madaidan
5d5ad92638
Licensing 2019-10-28 14:26:05 +00:00
madaidan
0699747fcb
Debian packaging 2019-10-28 14:24:37 +00:00