Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-27 00:39:25 -05:00
Code Issues Packages Projects Releases Wiki Activity
619 Commits 2 Branches 291 Tags 8.2 MiB
8b3f5a555b
Commit Graph

263 Commits

Author SHA1 Message Date
Patrick Schleizer
090ddbe96a
description 2019-12-07 06:00:41 -05:00
Patrick Schleizer
6479c883bf
Console Lockdown. 
Allow members of group 'console' to use tty1 to tty7. Everyone else except
members of group 'console-unrestricted' are restricted from using console
using ancient, unpopular login methods such as using /bin/login over networks,
which might be exploitable. (CVE-2001-0797)

Not enabled by default in this package since this package does not know which
users shall be added to group 'console'.

In new Whonix builds, user 'user" will be added to group 'console' and
pam console-lockdown enabled by package anon-base-files.

/usr/share/pam-configs/console-lockdown

/etc/security/access-security-misc.conf

https://forums.whonix.org/t/etc-security-hardening/8592
 2019-12-07 05:40:20 -05:00
Patrick Schleizer
52934c9288
bumped changelog version 2019-12-07 02:02:32 -05:00
Patrick Schleizer
6d92d03b31
description 2019-12-07 01:54:50 -05:00
Patrick Schleizer
0afcc5e798
bumped changelog version 2019-12-06 12:43:21 -05:00
Patrick Schleizer
af0cf058e7
bumped changelog version 2019-12-06 11:18:20 -05:00
Patrick Schleizer
bff425fec2
bumped changelog version 2019-12-06 09:32:18 -05:00
Patrick Schleizer
470cad6e91
remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in) 
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
 2019-12-06 05:14:02 -05:00
madaidan
af9e19c51f
Update control 2019-12-05 20:14:55 +00:00
Patrick Schleizer
0c25a96b59
description / comments 2019-12-03 02:18:32 -05:00
madaidan
8d63da3cef
Update control 2019-12-02 16:46:12 +00:00
Patrick Schleizer
6ca48fffdc
bumped changelog version 2019-11-28 10:22:41 -05:00
Patrick Schleizer
25aed91eb1
description 2019-11-28 09:20:46 -05:00
Patrick Schleizer
0c4e5df3e0
description 2019-11-28 09:18:05 -05:00
Patrick Schleizer
5ac2a6f9ac
description 2019-11-28 09:17:32 -05:00
Patrick Schleizer
ff3412fbe0
fix, make sure to undo pam changes on package removal 
Thanks to minimal for the bug report!

https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/11
 2019-11-27 10:22:31 -05:00
Patrick Schleizer
9091f69edd
bumped changelog version 2019-11-25 08:51:36 +00:00
Patrick Schleizer
aa5451c8cd
Lock user accounts after 50 rather than 100 failed login attempts. 
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19
 2019-11-25 01:39:53 -05:00
Patrick Schleizer
6277db1383
bumped changelog version 2019-11-23 14:07:45 +00:00
Patrick Schleizer
fe1f1b73a7
load jitterentropy_rng kernel module for better entropy collection 
https://www.whonix.org/wiki/Dev/Entropy

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972

https://forums.whonix.org/t/jitterentropy-rngd/7204
 2019-11-23 11:20:32 +00:00
Patrick Schleizer
e76e1475b0
comment 2019-11-22 12:24:35 -05:00
Patrick Schleizer
a99dfd067a
bumped changelog version 2019-11-19 15:31:55 +00:00
Patrick Schleizer
8ad8dbea5a
bumped changelog version 2019-11-18 19:16:16 +00:00
Patrick Schleizer
d1d61b106b
bumped changelog version 2019-11-09 18:44:50 +00:00
Patrick Schleizer
6b7df973f6
bumped changelog version 2019-11-09 12:57:45 +00:00
Patrick Schleizer
6e28774f95
bumped changelog version 2019-11-09 12:23:15 +00:00
Patrick Schleizer
b55c2fd62e
Enables punycode (network.IDN_show_punycode) by default in Thunderbird 
to make phising attacks more difficult. Fixing URL not showing real Domain
Name (Homograph attack).

https://forums.whonix.org/t/enable-network-idn-show-punycode-by-default-in-thunderbird-to-fix-url-not-showing-real-domain-name-homograph-attack-punycode/8415
 2019-11-03 02:50:51 -05:00
Patrick Schleizer
bf62306d4f
bumped changelog version 2019-10-31 16:34:35 +00:00
Patrick Schleizer
6e5d8b357d
bumped changelog version 2019-10-31 16:06:51 +00:00
Patrick Schleizer
203d5cfa68
copyright 2019-10-31 11:19:44 -04:00
madaidan
0699747fcb
Debian packaging 2019-10-28 14:24:37 +00:00
madaidan
fe4e29d392
Depend on dh-apparmor 2019-10-28 14:22:47 +00:00
Patrick Schleizer
d832ab91bd
bumped changelog version 2019-10-23 10:22:03 +00:00
Patrick Schleizer
9c8f678cb9
bumped changelog version 2019-10-21 09:55:41 +00:00
Patrick Schleizer
2d436f3602
bumped changelog version 2019-10-21 09:51:36 +00:00
Patrick Schleizer
40707e70db
Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid. 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040

https://forums.whonix.org/t/cannot-use-pkexec/8129

Thanks to AnonymousUser for the bug report!
 2019-10-21 05:46:49 -04:00
Patrick Schleizer
31b771ac2e
bumped changelog version 2019-10-18 10:39:43 +00:00
Patrick Schleizer
957deac5cb
fix lintian warning 
W: security-misc: maintainer-script-should-not-parse-etc-passwd-or-group preinst:19
 2019-10-18 10:38:25 +00:00
Patrick Schleizer
d301e7f365
description, fix lintian warning 2019-10-18 10:36:44 +00:00
Patrick Schleizer
ce6b64a9ba
bumped changelog version 2019-10-18 08:55:07 +00:00
Patrick Schleizer
c9d75ef9ea
abort installation if no user is part of group sudo 
https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4

Thanks to minimal for the bug report!
 2019-10-17 06:46:47 -04:00
Patrick Schleizer
8a42c5b023
Merge pull request #34 from madaidan/whitelist 
Add a whitelist for /sys and /proc/cpuinfo
 2019-10-17 09:59:12 +00:00
madaidan
259b1f2c71
Update control 2019-10-16 19:21:24 +00:00
madaidan
af607d5eb2
Create sysfs and cpuinfo groups 2019-10-15 21:02:03 +00:00
Patrick Schleizer
4b1b3b7d66
bumped changelog version 2019-10-14 10:23:01 +00:00
Patrick Schleizer
8b4f2befd4
comment out sack by default 
https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/8?u=patrick
 2019-10-05 13:15:34 +00:00
Patrick Schleizer
02096f8d7c
Revert "undo Disabling TCP SACK, DSACK, FACK" 
This reverts commit 5fb4eb8e56.
 2019-10-05 13:13:46 +00:00
Patrick Schleizer
62a0239207
bumped changelog version 2019-10-05 11:33:15 +00:00
Patrick Schleizer
5fb4eb8e56
undo Disabling TCP SACK, DSACK, FACK 
https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/5
 2019-10-05 07:00:47 -04:00
Patrick Schleizer
213aef6eb9
bumped changelog version 2019-10-05 09:40:26 +00:00