Patrick Schleizer
6a4c493213
merge the many sysctl config files into 1
...
and use a name starting with double digits
to make it easier to disable settings using a lexically higher config file
2020-01-24 04:26:36 -05:00
Patrick Schleizer
f653b94e77
bumped changelog version
2020-01-24 03:49:02 -05:00
Patrick Schleizer
8616728ce0
remove duplicate
2020-01-24 03:35:15 -05:00
Patrick Schleizer
3b283ec00f
bumped changelog version
2020-01-22 07:10:47 -05:00
Patrick Schleizer
531f17cb68
add update initramfs trigger
...
https://github.com/Whonix/security-misc/pull/53
2020-01-22 07:08:31 -05:00
Patrick Schleizer
df0b2afda1
bumped changelog version
2020-01-21 10:12:32 -05:00
Patrick Schleizer
627b95e0b3
bumped changelog version
2020-01-20 08:51:25 -05:00
Patrick Schleizer
fbe9b60d95
fix Whonix / Kicksecure
...
/var/lib/dpkg/tmp.ci/preinst: ERROR: No user is a member of group 'console'. Installation aborted.
/var/lib/dpkg/tmp.ci/preinst: ERROR: You probably want to run:
sudo adduser user console
2020-01-20 08:49:02 -05:00
Patrick Schleizer
960e1ff6e8
bumped changelog version
2020-01-17 03:32:57 -05:00
madaidan
1df48a226d
Update control
2020-01-15 20:30:17 +00:00
Patrick Schleizer
e110ea0b84
bumped changelog version
2020-01-15 11:37:52 -05:00
Patrick Schleizer
0618b53464
fix lintian warning
2020-01-15 11:35:07 -05:00
Patrick Schleizer
47ce3bec75
bumped changelog version
2020-01-15 11:05:54 -05:00
Patrick Schleizer
528c5fc4c4
Merge branch 'master' into sysctl-initramfs
2020-01-15 11:02:03 +00:00
Patrick Schleizer
1059ccf225
bumped changelog version
2020-01-14 09:28:28 -05:00
Patrick Schleizer
660837dc38
fix case when user "user" does not exists
2020-01-14 09:25:32 -05:00
Patrick Schleizer
18c726c3ee
comment
2020-01-14 09:23:02 -05:00
Patrick Schleizer
b8652681e7
fix legacy
2020-01-14 09:21:47 -05:00
Patrick Schleizer
cc21f912a3
bumped changelog version
2020-01-14 09:20:36 -05:00
madaidan
0953bbe1d7
Update control
2020-01-13 21:05:35 +00:00
madaidan
9dc43eae38
Description
2020-01-12 21:42:07 +00:00
Patrick Schleizer
8341242abc
bumped changelog version
2020-01-11 15:19:29 -05:00
Patrick Schleizer
61a2d390a7
lintian
2020-01-11 15:15:12 -05:00
madaidan
6088444c37
Update control
2020-01-11 18:38:17 +00:00
Patrick Schleizer
13a1e1321e
bumped changelog version
2020-01-01 05:59:59 -05:00
Patrick Schleizer
b2bdeb9095
bumped changelog version
2019-12-31 06:08:32 -05:00
Patrick Schleizer
2a3aae62b1
fix
2019-12-31 06:06:52 -05:00
Patrick Schleizer
427deec3f5
bumped changelog version
2019-12-31 06:03:48 -05:00
Patrick Schleizer
e89552c984
add user "user" to group "console" in Whonix and Kicksecure
...
enable Console Lockdown in Whonix and Kicksecure
2019-12-31 05:55:44 -05:00
Patrick Schleizer
b5a2d1dc58
bumped changelog version
2019-12-31 02:54:58 -05:00
Patrick Schleizer
06ed728d79
bumped changelog version
2019-12-30 06:42:14 -05:00
Patrick Schleizer
e4e9c4e3b0
bumped changelog version
2019-12-30 05:59:43 -05:00
Patrick Schleizer
d7f58db52c
bumped changelog version
2019-12-27 05:30:12 -05:00
Patrick Schleizer
507a30d6e3
bumped changelog version
2019-12-24 18:35:49 -05:00
Patrick Schleizer
0326cd5ee9
bumped changelog version
2019-12-24 08:07:55 -05:00
Patrick Schleizer
7a80837b4f
bumped changelog version
2019-12-23 08:48:04 -05:00
Patrick Schleizer
bef41a38c2
bumped changelog version
2019-12-23 03:58:00 -05:00
Patrick Schleizer
9ec5b0ee82
description: lockdown not enabled yet
2019-12-23 03:38:49 -05:00
Patrick Schleizer
1ff51ee061
merge
2019-12-23 03:37:28 -05:00
Patrick Schleizer
42ff53e9ad
bumped changelog version
2019-12-23 02:42:07 -05:00
Patrick Schleizer
175d1c2845
bumped changelog version
2019-12-23 02:13:13 -05:00
Patrick Schleizer
3670fcf48b
depend on libcap2-bin for setcap / getcap / capsh
2019-12-23 00:49:33 -05:00
Patrick Schleizer
bce02ffdc0
Merge pull request #47 from madaidan/msr
...
Blacklist CPU MSRs
2019-12-22 15:26:07 +00:00
madaidan
8f11a520f4
Update control
2019-12-22 13:54:16 +00:00
Patrick Schleizer
008ce4817c
bumped changelog version
2019-12-21 14:55:03 -05:00
Patrick Schleizer
1213415ce6
bumped changelog version
2019-12-21 14:23:35 -05:00
Patrick Schleizer
1c99b56c9b
bumped changelog version
2019-12-21 07:49:55 -05:00
Patrick Schleizer
b74e5ca972
comment
2019-12-21 07:47:00 -05:00
Patrick Schleizer
0c4db8c2b0
bumped changelog version
2019-12-21 07:38:25 -05:00
Patrick Schleizer
af8b04b73d
rm_conffile /etc/apparmor.d/usr.lib.security-misc.pam_tally2-info
...
rm_conffile /etc/apparmor.d/usr.lib.security-misc.permission-lockdown
https://github.com/Whonix/security-misc/pull/45
2019-12-21 06:58:01 -05:00
Patrick Schleizer
fac17a963d
bumped changelog version
2019-12-21 06:28:19 -05:00
Patrick Schleizer
78d33d8b57
bumped changelog version
2019-12-21 06:12:20 -05:00
Patrick Schleizer
ff48b672a8
bumped changelog version
2019-12-21 06:00:17 -05:00
Patrick Schleizer
65b5adb2d7
bumped changelog version
2019-12-21 05:38:39 -05:00
Patrick Schleizer
2b5a49a61b
bumped changelog version
2019-12-21 05:31:55 -05:00
Patrick Schleizer
ed20980f4c
refactoring
2019-12-21 05:07:10 -05:00
Patrick Schleizer
89be5f2ecb
bumped changelog version
2019-12-21 02:05:39 -05:00
Patrick Schleizer
1cd5fb6a00
bumped changelog version
2019-12-20 11:50:25 -05:00
Patrick Schleizer
28d12c3966
bumped changelog version
2019-12-20 11:09:22 -05:00
Patrick Schleizer
c0ddb76d74
bumped changelog version
2019-12-20 10:50:51 -05:00
Patrick Schleizer
089c40135f
bumped changelog version
2019-12-20 08:15:00 -05:00
Patrick Schleizer
ddc0eec63d
bumped changelog version
2019-12-20 07:12:36 -05:00
Patrick Schleizer
8e112c3423
description
2019-12-20 06:53:24 -05:00
Patrick Schleizer
24ea70384b
description
2019-12-20 06:53:03 -05:00
Patrick Schleizer
6dd6530fa5
remove hardening-enable
...
please invent package security-paranoid instead
https://forums.whonix.org/t/security-hardening-tool-usr-bin-hardening-enable-by-security-misc/8609
2019-12-20 05:32:26 -05:00
Patrick Schleizer
62eb462920
skip console_users_check for Qubes users
2019-12-16 06:46:48 -05:00
Patrick Schleizer
ab68182e11
bumped changelog version
2019-12-16 06:27:51 -05:00
Patrick Schleizer
2c4170e6f3
description
2019-12-12 09:47:58 -05:00
Patrick Schleizer
2d5ef378f3
description
2019-12-12 09:39:39 -05:00
Patrick Schleizer
a10597de92
bumped changelog version
2019-12-12 09:04:15 -05:00
Patrick Schleizer
729fa26eca
use pam_acccess only for /etc/pam.d/login
...
remove "Allow members of group 'ssh' to login."
remove "+:ssh:ALL EXCEPT LOCAL"
2019-12-12 09:00:08 -05:00
Patrick Schleizer
22b6480bc4
bumped changelog version
2019-12-10 11:44:02 -05:00
Patrick Schleizer
88bea2a6ef
comment
2019-12-10 03:53:10 -05:00
Patrick Schleizer
7d8001ddc9
refactoring
2019-12-10 03:51:39 -05:00
Patrick Schleizer
d2f6ac0491
fix, do user/group modifications in preinst rather than postinst
2019-12-10 03:50:23 -05:00
Patrick Schleizer
64ae53edb9
bumped changelog version
2019-12-09 08:25:30 -05:00
Patrick Schleizer
6f944234a9
bumped changelog version
2019-12-08 05:26:29 -05:00
Patrick Schleizer
c192644ee3
security-misc /usr/share/pam-configs/permission-lockdown-security-misc
is no longer required, removed.
...
Thereby fix apparmor issue.
> Dec 08 09:47:50 host audit[3232]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=3232 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
> Dec 08 09:47:50 host sudo[3232]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied
It is no longer required, because...
existing linux user accounts:
* Get permission lock down because security-misc `debian/security-misc.postinst` calls `/usr/lib/security-misc/permission-lockdown`.
new linux user accounts (created at first boot):
* security-misc `/usr/share/pam-configs/mkhomedir-security-misc` pam mkhomedir sets secure permissions using `umask=027`.
2019-12-08 05:21:35 -05:00
Patrick Schleizer
edcc2de71d
bumped changelog version
2019-12-08 04:38:33 -05:00
Patrick Schleizer
17d81d0083
bumped changelog version
2019-12-08 04:27:01 -05:00
Patrick Schleizer
ebae9eef38
skip sudo_users_check in Qubes
...
Qubes users can use dom0 to get a root terminal emulator.
For example:
qvm-run -u root debian-10 xterm
2019-12-08 04:25:19 -05:00
Patrick Schleizer
53e4717c62
bumped changelog version
2019-12-08 04:05:29 -05:00
Patrick Schleizer
a345a0fb64
abort installation if ssh.service is enabled but no user is member of group ssh
2019-12-08 03:27:12 -05:00
Patrick Schleizer
cea598dc1a
refactoring
2019-12-08 02:43:05 -05:00
Patrick Schleizer
54f5e02c21
comment
2019-12-08 02:42:30 -05:00
Patrick Schleizer
b4265195f4
refactoring
2019-12-08 02:41:36 -05:00
Patrick Schleizer
0f65b2e85c
abort installation if no user is a member of group "console"; output
...
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/7
2019-12-08 02:38:19 -05:00
Patrick Schleizer
1dbca1ea2d
add usr/bin/hardening-enable
2019-12-08 02:27:09 -05:00
Patrick Schleizer
24423b42f0
description
2019-12-08 02:03:05 -05:00
Patrick Schleizer
6b01e5be14
comment
2019-12-08 02:01:22 -05:00
Patrick Schleizer
66bebefc9f
description
2019-12-08 02:00:23 -05:00
Patrick Schleizer
52e0f104cc
comment
2019-12-08 01:59:55 -05:00
Patrick Schleizer
731d486fa0
refactoring
2019-12-08 01:58:58 -05:00
Patrick Schleizer
221a2df2a2
refactoring
2019-12-08 01:58:37 -05:00
Patrick Schleizer
b871421a54
usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc
2019-12-08 01:57:43 -05:00
Patrick Schleizer
d36669596f
comment
2019-12-08 01:56:30 -05:00
Patrick Schleizer
1a0f353708
comment
2019-12-08 01:47:40 -05:00
Patrick Schleizer
eed1f0a462
comment
2019-12-08 01:46:32 -05:00
Patrick Schleizer
2491b62393
refactoring, add all groups first before adding any users to any groups
2019-12-08 01:43:45 -05:00
Patrick Schleizer
1464f01d19
description
2019-12-08 01:30:42 -05:00
Patrick Schleizer
c1800b13fe
separate group "ssh" for incoming ssh console permission
...
Thanks to @madaidan
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16
2019-12-07 11:26:39 -05:00
Patrick Schleizer
55225aa30e
description
2019-12-07 07:16:07 -05:00
Patrick Schleizer
34a2bc16c8
description
2019-12-07 07:15:58 -05:00
Patrick Schleizer
d823f06c78
description
2019-12-07 07:13:42 -05:00
Patrick Schleizer
090ddbe96a
description
2019-12-07 06:00:41 -05:00
Patrick Schleizer
6479c883bf
Console Lockdown.
...
Allow members of group 'console' to use tty1 to tty7. Everyone else except
members of group 'console-unrestricted' are restricted from using console
using ancient, unpopular login methods such as using /bin/login over networks,
which might be exploitable. (CVE-2001-0797)
Not enabled by default in this package since this package does not know which
users shall be added to group 'console'.
In new Whonix builds, user 'user" will be added to group 'console' and
pam console-lockdown enabled by package anon-base-files.
/usr/share/pam-configs/console-lockdown
/etc/security/access-security-misc.conf
https://forums.whonix.org/t/etc-security-hardening/8592
2019-12-07 05:40:20 -05:00
Patrick Schleizer
52934c9288
bumped changelog version
2019-12-07 02:02:32 -05:00
Patrick Schleizer
6d92d03b31
description
2019-12-07 01:54:50 -05:00
Patrick Schleizer
0afcc5e798
bumped changelog version
2019-12-06 12:43:21 -05:00
Patrick Schleizer
af0cf058e7
bumped changelog version
2019-12-06 11:18:20 -05:00
Patrick Schleizer
bff425fec2
bumped changelog version
2019-12-06 09:32:18 -05:00
Patrick Schleizer
470cad6e91
remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
...
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
2019-12-06 05:14:02 -05:00
madaidan
af9e19c51f
Update control
2019-12-05 20:14:55 +00:00
Patrick Schleizer
0c25a96b59
description / comments
2019-12-03 02:18:32 -05:00
madaidan
8d63da3cef
Update control
2019-12-02 16:46:12 +00:00
Patrick Schleizer
6ca48fffdc
bumped changelog version
2019-11-28 10:22:41 -05:00
Patrick Schleizer
25aed91eb1
description
2019-11-28 09:20:46 -05:00
Patrick Schleizer
0c4e5df3e0
description
2019-11-28 09:18:05 -05:00
Patrick Schleizer
5ac2a6f9ac
description
2019-11-28 09:17:32 -05:00
Patrick Schleizer
ff3412fbe0
fix, make sure to undo pam changes on package removal
...
Thanks to minimal for the bug report!
https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/11
2019-11-27 10:22:31 -05:00
Patrick Schleizer
9091f69edd
bumped changelog version
2019-11-25 08:51:36 +00:00
Patrick Schleizer
aa5451c8cd
Lock user accounts after 50 rather than 100 failed login attempts.
...
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19
2019-11-25 01:39:53 -05:00
Patrick Schleizer
6277db1383
bumped changelog version
2019-11-23 14:07:45 +00:00
Patrick Schleizer
fe1f1b73a7
load jitterentropy_rng kernel module for better entropy collection
...
https://www.whonix.org/wiki/Dev/Entropy
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972
https://forums.whonix.org/t/jitterentropy-rngd/7204
2019-11-23 11:20:32 +00:00
Patrick Schleizer
e76e1475b0
comment
2019-11-22 12:24:35 -05:00
Patrick Schleizer
a99dfd067a
bumped changelog version
2019-11-19 15:31:55 +00:00
Patrick Schleizer
8ad8dbea5a
bumped changelog version
2019-11-18 19:16:16 +00:00
Patrick Schleizer
d1d61b106b
bumped changelog version
2019-11-09 18:44:50 +00:00
Patrick Schleizer
6b7df973f6
bumped changelog version
2019-11-09 12:57:45 +00:00
Patrick Schleizer
6e28774f95
bumped changelog version
2019-11-09 12:23:15 +00:00
Patrick Schleizer
b55c2fd62e
Enables punycode (network.IDN_show_punycode
) by default in Thunderbird
...
to make phising attacks more difficult. Fixing URL not showing real Domain
Name (Homograph attack).
https://forums.whonix.org/t/enable-network-idn-show-punycode-by-default-in-thunderbird-to-fix-url-not-showing-real-domain-name-homograph-attack-punycode/8415
2019-11-03 02:50:51 -05:00
Patrick Schleizer
bf62306d4f
bumped changelog version
2019-10-31 16:34:35 +00:00
Patrick Schleizer
6e5d8b357d
bumped changelog version
2019-10-31 16:06:51 +00:00
Patrick Schleizer
203d5cfa68
copyright
2019-10-31 11:19:44 -04:00
madaidan
0699747fcb
Debian packaging
2019-10-28 14:24:37 +00:00
madaidan
fe4e29d392
Depend on dh-apparmor
2019-10-28 14:22:47 +00:00
Patrick Schleizer
d832ab91bd
bumped changelog version
2019-10-23 10:22:03 +00:00
Patrick Schleizer
9c8f678cb9
bumped changelog version
2019-10-21 09:55:41 +00:00
Patrick Schleizer
2d436f3602
bumped changelog version
2019-10-21 09:51:36 +00:00
Patrick Schleizer
40707e70db
Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid.
...
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040
https://forums.whonix.org/t/cannot-use-pkexec/8129
Thanks to AnonymousUser for the bug report!
2019-10-21 05:46:49 -04:00
Patrick Schleizer
31b771ac2e
bumped changelog version
2019-10-18 10:39:43 +00:00
Patrick Schleizer
957deac5cb
fix lintian warning
...
W: security-misc: maintainer-script-should-not-parse-etc-passwd-or-group preinst:19
2019-10-18 10:38:25 +00:00
Patrick Schleizer
d301e7f365
description, fix lintian warning
2019-10-18 10:36:44 +00:00
Patrick Schleizer
ce6b64a9ba
bumped changelog version
2019-10-18 08:55:07 +00:00
Patrick Schleizer
c9d75ef9ea
abort installation if no user is part of group sudo
...
https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4
Thanks to minimal for the bug report!
2019-10-17 06:46:47 -04:00
Patrick Schleizer
8a42c5b023
Merge pull request #34 from madaidan/whitelist
...
Add a whitelist for /sys and /proc/cpuinfo
2019-10-17 09:59:12 +00:00
madaidan
259b1f2c71
Update control
2019-10-16 19:21:24 +00:00
madaidan
af607d5eb2
Create sysfs and cpuinfo groups
2019-10-15 21:02:03 +00:00
Patrick Schleizer
4b1b3b7d66
bumped changelog version
2019-10-14 10:23:01 +00:00
Patrick Schleizer
8b4f2befd4
comment out sack by default
...
https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/8?u=patrick
2019-10-05 13:15:34 +00:00
Patrick Schleizer
02096f8d7c
Revert "undo Disabling TCP SACK, DSACK, FACK"
...
This reverts commit 5fb4eb8e56
.
2019-10-05 13:13:46 +00:00
Patrick Schleizer
62a0239207
bumped changelog version
2019-10-05 11:33:15 +00:00
Patrick Schleizer
5fb4eb8e56
undo Disabling TCP SACK, DSACK, FACK
...
https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/5
2019-10-05 07:00:47 -04:00
Patrick Schleizer
213aef6eb9
bumped changelog version
2019-10-05 09:40:26 +00:00
madaidan
ec5fcf813b
Update control
2019-10-03 20:50:48 +00:00
Patrick Schleizer
ddc778b452
bumped changelog version
2019-09-16 13:34:11 +00:00
Patrick Schleizer
c2e444479c
bumped changelog version
2019-09-15 14:08:13 +00:00
Patrick Schleizer
619550da23
description
2019-09-15 14:00:24 +00:00
Patrick Schleizer
b95b66e429
description
2019-09-15 13:56:37 +00:00
Patrick Schleizer
ae804a15e7
description
2019-09-15 13:21:02 +00:00
Patrick Schleizer
3d187dab99
bumped changelog version
2019-09-12 12:50:42 +00:00
Patrick Schleizer
f13a73e569
undo SysRq restrictions
...
https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079
2019-09-10 12:35:42 -04:00
Patrick Schleizer
1f75a10650
bumped changelog version
2019-09-09 12:10:24 +00:00
Patrick Schleizer
9d875d7c31
bumped changelog version
2019-09-07 06:11:32 +00:00
Patrick Schleizer
8132052ce0
run update-grub from postinst so /etc/default/grub.d changes take effect
2019-09-07 05:44:23 +00:00
Patrick Schleizer
661bcd8603
allow loading unsigned modules due to issues
...
https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
2019-09-07 05:39:56 +00:00
Patrick Schleizer
9ee9309f54
bumped changelog version
2019-09-06 13:04:57 +00:00
Patrick Schleizer
ea0779e42a
rm_conffile /etc/sudoers.d/umask-security-misc
2019-09-06 13:00:20 +00:00
Patrick Schleizer
3a9939dccb
bumped changelog version
2019-09-06 11:47:40 +00:00
Patrick Schleizer
5960c1682a
description
2019-09-06 11:46:22 +00:00
Patrick Schleizer
fccfacfdaf
description
2019-09-06 11:45:54 +00:00
Patrick Schleizer
610d3488e9
bumped changelog version
2019-09-06 09:33:06 +00:00
Patrick Schleizer
0e20e33d16
description
2019-09-05 02:31:57 -04:00
Patrick Schleizer
0b3dcef13d
description
2019-09-05 02:30:40 -04:00
Patrick Schleizer
f2e5883b4c
description
2019-09-05 02:29:48 -04:00
Patrick Schleizer
a4913ae092
description
2019-09-05 02:28:43 -04:00
Patrick Schleizer
a2aeb401a2
bumped changelog version
2019-08-31 13:44:37 +00:00
Patrick Schleizer
3a5bdddf5c
depend on adduser
2019-08-31 08:43:46 -04:00
Patrick Schleizer
8bbebf64cf
bumped changelog version
2019-08-24 16:41:27 +00:00
Patrick Schleizer
0ae5c5ff14
remove umask changes since these are causing issues are are not needed anymore
...
thanks to home folder permission lockdown
https://forums.whonix.org/t/change-default-umask/7416/45
2019-08-24 12:14:22 -04:00
Patrick Schleizer
41c4682280
bumped changelog version
2019-08-23 16:57:12 +00:00
Patrick Schleizer
a74b983283
remove LLC - IEEE 802.2 from blacklist
...
since required by KVM
https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107
https://forums.whonix.org/t/blacklist-uncommon-network-protocols/7391/22
https://github.com/Whonix/security-misc/pull/29
2019-08-19 12:46:59 +00:00
Patrick Schleizer
e15b560305
bumped changelog version
2019-08-17 10:54:08 +00:00
Patrick Schleizer
e535232728
description
2019-08-17 10:37:49 +00:00
Patrick Schleizer
7ffdd7c240
description
2019-08-17 10:37:42 +00:00
Patrick Schleizer
207399439f
description
2019-08-17 10:37:36 +00:00
Patrick Schleizer
d4fb485e70
description
2019-08-17 10:35:31 +00:00
Patrick Schleizer
e0e25364e2
bumped changelog version
2019-08-17 09:57:48 +00:00
Patrick Schleizer
ed90d8b025
change default umask to 027
...
as per:
https://forums.whonix.org/t/change-default-umask/7416/47
2019-08-17 09:55:20 +00:00
Patrick Schleizer
b9127faac3
bumped changelog version
2019-08-16 16:05:51 +00:00
Patrick Schleizer
f9e3825e91
fix lintian warning
2019-08-16 16:05:09 +00:00
Patrick Schleizer
ec99720811
bumped changelog version
2019-08-16 15:59:14 +00:00
Patrick Schleizer
224f95799c
sudo default umask 006
...
https://forums.whonix.org/t/change-default-umask/7416/43
2019-08-16 11:15:25 -04:00
Patrick Schleizer
85502ad430
Merge branch 'master' into patch-21
2019-08-16 14:35:51 +00:00
Patrick Schleizer
34672b88a8
bumped changelog version
2019-08-15 15:18:02 +00:00
Patrick Schleizer
ff9bc1d7ea
informational output during PAM:
...
* Show failed and remaining password attempts.
* Document unlock procedure if Linux user account got locked.
* Point out, that there is no password feedback for `su`.
* Explain locked (root) account if locked.
* /usr/share/pam-configs/tally2-security-misc
* /usr/lib/security-misc/pam_tally2-info
2019-08-15 13:37:28 +00:00
Patrick Schleizer
ce4a30d3ce
bumped changelog version
2019-08-14 11:52:26 +00:00
Patrick Schleizer
a7c25a451c
remove unneeded dependency on libpam-cgfs
2019-08-14 11:50:53 +00:00
Patrick Schleizer
633854c6be
bumped changelog version
2019-08-14 11:13:25 +00:00
Patrick Schleizer
0feb54b28e
add Depends: apparmor-profile-anondist to fix apparmor issue
...
sudo[19806]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied
sudo[18961]: pam_exec(sudo:session): /usr/lib/security-misc/permission-lockdown failed: exit code 13
kernel: audit: type=1400 audit(1565780860.972:224): apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=19806 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
2019-08-14 11:10:18 +00:00
Patrick Schleizer
5213cfbcdc
bumped changelog version
2019-08-14 10:08:18 +00:00
Patrick Schleizer
01b3a0bfae
description
2019-08-14 09:52:53 +00:00
Patrick Schleizer
dee195d89e
description
2019-08-14 09:40:41 +00:00
Patrick Schleizer
21489111d1
run permission lockdown during pam
...
https://forums.whonix.org/t/change-default-umask/7416
2019-08-14 08:34:03 +00:00
Patrick Schleizer
42f2d5f666
description
2019-08-14 07:39:28 +00:00
Patrick Schleizer
f210294f40
description
2019-08-14 07:24:24 +00:00
Patrick Schleizer
f1d8cbc9fb
bumped changelog version
2019-08-14 07:02:09 +00:00
Patrick Schleizer
a82448d46a
description
2019-08-14 07:01:25 +00:00
Patrick Schleizer
6f8acf06d7
bumped changelog version
2019-08-11 12:07:07 +00:00
Patrick Schleizer
aacd9c7679
description
2019-08-11 10:34:38 +00:00
Patrick Schleizer
c0b5c70de4
description
2019-08-11 10:33:22 +00:00
Patrick Schleizer
75769151cd
bumped changelog version
2019-08-10 11:37:02 +00:00
Patrick Schleizer
a703865dcf
bumped changelog version
2019-08-01 12:02:41 +00:00
Patrick Schleizer
5d0aec1321
bumped changelog version
2019-07-31 19:12:27 +00:00
madaidan
4a6f87f3fa
Update control
2019-07-31 18:33:28 +00:00
Patrick Schleizer
864de10659
bumped changelog version
2019-07-31 15:17:51 +00:00
Patrick Schleizer
c09fb208d1
bumped changelog version
2019-07-31 07:44:50 +00:00
Patrick Schleizer
ac1220e14b
depend on sudo so group sudo exists during postinst
2019-07-31 07:32:59 +00:00
Patrick Schleizer
09f75fb1ff
description
2019-07-31 07:32:36 +00:00
Patrick Schleizer
2ad087dcd9
description
2019-07-31 07:30:40 +00:00
Patrick Schleizer
404f597c0a
description
2019-07-31 07:29:42 +00:00
Patrick Schleizer
c921872016
description
2019-07-31 07:27:13 +00:00
Patrick Schleizer
39e1b1c5f0
update file path
2019-07-31 07:26:25 +00:00
Patrick Schleizer
031a1c8751
bumped changelog version
2019-07-22 01:16:18 +00:00
Patrick Schleizer
8c538ba318
bumped changelog version
2019-07-17 21:38:26 +00:00
Patrick Schleizer
940054d53f
bumped changelog version
2019-07-17 21:08:23 +00:00
Patrick Schleizer
c0a4a10d6b
description
2019-07-17 21:05:11 +00:00
Patrick Schleizer
7352b2ac31
description
2019-07-17 21:03:54 +00:00
Patrick Schleizer
4bf2360b95
description
2019-07-17 21:02:27 +00:00
Patrick Schleizer
9f2e300e72
description
2019-07-17 20:48:33 +00:00
Patrick Schleizer
d044780c04
description
2019-07-17 20:42:14 +00:00
Patrick Schleizer
75e5714d18
description
2019-07-17 20:40:01 +00:00
Patrick Schleizer
8c2f983578
description
2019-07-17 20:39:42 +00:00
Patrick Schleizer
50036b2934
bumped changelog version
2019-07-17 19:13:57 +00:00
Patrick Schleizer
1b772c6a9a
bumped changelog version
2019-07-16 19:45:52 +00:00
Patrick Schleizer
2499ae0890
description
2019-07-16 07:28:50 -04:00
Patrick Schleizer
d0124b24d1
description
2019-07-16 07:27:56 -04:00
Patrick Schleizer
4b604bbb24
bumped changelog version
2019-07-15 13:26:47 +00:00
Patrick Schleizer
5c741d2149
shuffle
2019-07-15 13:02:30 +00:00
Patrick Schleizer
d247b7534b
sort description by categories
2019-07-15 13:01:46 +00:00
Patrick Schleizer
168ea5a660
shuffle
2019-07-15 08:48:17 -04:00
Patrick Schleizer
1731196c9f
bumped changelog version
2019-07-13 18:51:32 +00:00
Patrick Schleizer
7afddb028f
bumped changelog version
2019-07-13 16:30:39 +00:00
Patrick Schleizer
ea90f95f1c
cleanup
2019-07-13 16:26:40 +00:00
Patrick Schleizer
ea8b22ee78
shuffle
2019-07-13 16:26:14 +00:00
Patrick Schleizer
ca7e0e0161
description
2019-07-13 16:25:08 +00:00
Patrick Schleizer
ffb5a9c482
formatting
2019-07-13 16:23:39 +00:00
Patrick Schleizer
41675ddcff
removed: The amount of hashing rounds used by shadow is bumped to 65536.
...
This increases the security of hashed passwords.
Since we do not do that currently.
https://forums.whonix.org/t/restrict-root-access/7658/37
2019-07-13 16:21:34 +00:00
Patrick Schleizer
3f031a297d
Removes read, write and execute access for others for all users who have home
...
folders under folder /home by running for example "chmod o-rwx /home/user"
during package installation or upgrade. This will be done only once per folder
in folder /home so users who wish to relax file permissions are free to do so.
This is to protect previously created files in user home folder which were
previously created with lax file permissions prior installation of this
package.
2019-07-13 16:20:14 +00:00
Patrick Schleizer
4740e8b335
cleanup
2019-07-13 16:13:55 +00:00
Patrick Schleizer
834fcc4671
bumped changelog version
2019-07-13 15:17:16 +00:00
Patrick Schleizer
e2b6268702
bumped changelog version
2019-07-13 14:58:47 +00:00
Patrick Schleizer
1d8a0dbec7
remove no longer shipped files in etc/pam.d/*
2019-07-13 14:57:51 +00:00
Patrick Schleizer
8e5d45352e
bumped changelog version
2019-07-13 14:55:31 +00:00
Patrick Schleizer
4079632d1a
remove modifying to /etc/pam.d directly (unrelased)
...
config-package-dev displace /etc/securetty
remove trailing spaces
https://forums.whonix.org/t/restrict-root-access/7658/31
2019-07-13 11:41:37 +00:00
Patrick Schleizer
cdb7c6f7eb
bumped changelog version
2019-07-11 18:28:04 +00:00
Patrick Schleizer
aee6b34635
fix lintian warning
2019-07-11 18:26:17 +00:00
madaidan
1aee08fa5e
Update control
2019-07-11 15:30:09 +00:00
madaidan
853c2eb377
Update control
2019-07-11 15:26:14 +00:00
Patrick Schleizer
f5356cee2c
bumped changelog version
2019-07-11 07:16:38 +00:00
Patrick Schleizer
0057c0dd8c
fix lintian warning
2019-07-11 07:07:01 +00:00
madaidan
1e4d349516
Update control
2019-07-10 14:28:39 +00:00
madaidan
a8b44c75f9
Update control
2019-07-09 21:57:07 +00:00
Patrick Schleizer
0f15303eb4
Merge branch 'master' into patch-16
2019-07-09 10:54:24 +00:00
madaidan
24b326d906
Update control
2019-07-08 23:24:41 +00:00
madaidan
45f8102d56
Update control
2019-07-08 23:04:47 +00:00
Patrick Schleizer
50c00fcfa1
bumped changelog version
2019-07-08 00:23:52 +00:00
Patrick Schleizer
223b691833
add 'Depends: libpam-cgfs'
...
https://forums.whonix.org/t/change-default-umask/7416/30?u=patrick
2019-07-07 23:39:58 +00:00
Patrick Schleizer
d31a16f264
bumped changelog version
2019-07-07 23:00:27 +00:00
Patrick Schleizer
673aab6bc2
shut up pam-auth-update
2019-07-07 22:18:47 +00:00
Patrick Schleizer
67ff83262b
move to pam-auth-update --force
...
--package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.
2019-07-07 21:31:56 +00:00
Patrick Schleizer
8399a11367
bumped changelog version
2019-07-07 21:11:08 +00:00
Patrick Schleizer
d4c79cce69
add "Depends: libpam-runtime" so pam-auth-update is available
...
for Debian maintainer script
2019-07-07 21:09:26 +00:00
Patrick Schleizer
f68b96241c
comment
2019-07-07 21:08:28 +00:00
Patrick Schleizer
91fb21aafb
Due to error:
...
Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so
run:
pam-auth-update --package
from Debian maintainer scripts
2019-07-07 16:51:40 -04:00
Patrick Schleizer
8f4a5f33b9
bumped changelog version
2019-07-07 09:39:12 +00:00
Patrick Schleizer
93e81b4330
bumped changelog version
2019-07-06 13:56:28 +00:00
Patrick Schleizer
3cd1a5ec09
fix lintian warning
2019-07-06 13:56:00 +00:00
Patrick Schleizer
b73cdfd7cc
bumped changelog version
2019-07-06 13:53:10 +00:00
madaidan
8888147e1e
Update control
2019-07-04 14:26:31 +00:00
Patrick Schleizer
6df7b3c295
bumped changelog version
2019-07-01 15:23:49 +00:00
Patrick Schleizer
81b38529d9
add copyright for files in etc/pam.d/*
2019-07-01 13:58:20 +00:00
Patrick Schleizer
552b6edbed
fix machine readable copyright format
2019-07-01 13:51:00 +00:00
Patrick Schleizer
a05264934b
add copyright for etc/login.defs.security-misc
2019-07-01 13:46:01 +00:00
Patrick Schleizer
48e511347c
fix lintian warning
2019-07-01 13:37:55 +00:00
Patrick Schleizer
93c0821054
config-package-dev displace files for change umask
...
https://forums.whonix.org/t/change-default-umask/7416
2019-07-01 13:35:45 +00:00
madaidan
cfaafe400c
Update control
2019-06-30 13:16:12 +00:00
Patrick Schleizer
f26ad14d4c
bumped changelog version
2019-06-30 07:21:58 -04:00
Patrick Schleizer
f3a4800987
bumped changelog version
2019-06-30 08:23:51 +00:00
Patrick Schleizer
85f61758c5
fix package description
2019-06-30 04:11:38 -04:00
Patrick Schleizer
67de5247c8
Merge branch 'master' into patch-13
2019-06-30 08:10:04 +00:00
madaidan
dbfb9e1cdf
Update control
2019-06-30 00:21:46 +00:00
madaidan
024a698249
Update control
2019-06-30 00:20:38 +00:00
madaidan
22267c895b
Update control
2019-06-29 22:30:41 +00:00
Patrick Schleizer
24b19c5976
bumped changelog version
2019-06-29 10:35:13 +00:00
Patrick Schleizer
befa03fea8
fix lintian warning
2019-06-29 10:34:48 +00:00
madaidan
9e9c854d27
Update control
2019-06-28 11:34:35 +00:00
madaidan
b26d861dff
Update control
2019-06-28 11:33:48 +00:00
Patrick Schleizer
ecf5d80fdf
bumped changelog version
2019-06-28 07:20:53 +00:00
Patrick Schleizer
fe69dc6173
bumped changelog version
2019-06-28 07:09:35 +00:00
Patrick Schleizer
0a0be1ad28
bumped changelog version
2019-06-23 19:57:42 +00:00
Patrick Schleizer
4e32438d75
debian/control syntax fix
2019-06-23 19:47:05 +00:00
Patrick Schleizer
90d676ec18
Merge pull request #12 from madaidan/patch-8
...
Update control
2019-06-23 19:45:31 +00:00
madaidan
1a07d90ed2
Update control
2019-06-23 19:26:03 +00:00
Patrick Schleizer
cd7346699c
bumped changelog version
2019-06-23 12:22:13 +00:00
Patrick Schleizer
d404624bac
bumped changelog version
2019-06-23 08:38:01 +00:00
Patrick Schleizer
5269cfeef9
bumped changelog version
2019-06-21 05:40:04 +00:00
Patrick Schleizer
ca1aa1e577
bumped changelog version
2019-06-10 15:42:58 +00:00
Patrick Schleizer
8b5e84d76a
cleanup, delete debian/security-misc.maintscript to fix lintian warning
2019-06-09 10:24:53 +00:00
Patrick Schleizer
49873e8e02
solve package file conflict
...
https://github.com/QubesOS/qubes-issues/issues/1885#issuecomment-500200375
2019-06-09 10:06:58 +00:00
Patrick Schleizer
d5127e7166
bumped changelog version
2019-06-08 11:32:12 +00:00
Patrick Schleizer
9fe5872810
fix debian/watch lintian warning debian-watch-contains-dh_make-template
2019-06-08 00:05:35 -04:00
Patrick Schleizer
e7edbe5fb4
bumped changelog version
2019-05-24 20:48:59 +00:00
Patrick Schleizer
afb5f5f965
bumped changelog version
2019-05-23 22:38:13 +00:00
Patrick Schleizer
65d7eb81a6
bumped changelog version
2019-05-16 20:25:46 +00:00
Patrick Schleizer
71bf63511b
bumped changelog version
2019-05-12 11:08:32 +00:00
Patrick Schleizer
26fe4305a1
bumped changelog version
2019-05-12 10:48:27 +00:00
Patrick Schleizer
06b86229a4
update path to pre.bsh
2019-05-12 02:58:45 -04:00
Patrick Schleizer
137bc073c5
port to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml
...
https://forums.whonix.org/t/whonix-xfce-development/6213/84?u=patrick
2019-05-08 21:38:25 -04:00
Patrick Schleizer
c80b7465bf
bumped changelog version
2019-05-06 09:58:44 +00:00
Patrick Schleizer
74cdecfd6b
bumped changelog version
2019-05-03 11:34:25 +00:00
Patrick Schleizer
db9e60c894
bumped changelog version
2019-04-06 12:13:43 +00:00
Patrick Schleizer
a985581c68
port to debian buster
2019-04-04 05:51:06 -04:00
Patrick Schleizer
2913acda63
bumped changelog version
2019-03-29 10:02:51 +00:00
Patrick Schleizer
2ea9957e4c
https://www.whonix.org/wiki/Dev/Licensing
2019-03-29 09:03:18 +00:00
Patrick Schleizer
c5768683f4
bumped changelog version
2019-03-12 11:36:25 +00:00
Patrick Schleizer
811852656e
add improved legal protections clauses
...
The license for software created by Whonix is the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version with additional terms applicable per GNU GPL version 3 section 7.
The additional terms are based on the Doom 3 license which is Debian refers to as `GPL-3+-with-id-software-additional-terms`, which is Debian DFSG [1] (The Debian Free Software Guidelines) approved and which is therefore suitable for Debian `main`. Whonix made applied minimal changes to it:
* Rewrite `The Doom 3 BFG Edition GPL Source Code` to the more common `this program` which is used throughout the GPL.
* Added a "trump clause" [2], in other words, any conflicts or disputes between the additional terms and the GPLv3 shall be resolved in favor of the GPLv3 by adding `Notwithstanding any other provision of this License` (as mentioned in GPL FAQ [3]) at the beginning of the additional terms.
[1] https://www.debian.org/social_contract#guidelines
[2] https://www.fsf.org/news/canonical-updated-licensing-terms
[3] https://www.gnu.org/licenses/gpl-faq.html#v3Notwithstanding
For more considerations, see also:
https://www.whonix.org/wiki/Dev/Licensing
2019-03-01 14:32:41 +00:00
Patrick Schleizer
2298d0f6b0
bumped changelog version
2018-11-28 06:33:14 +00:00
Patrick Schleizer
2bd6dabc7c
bumped changelog version
2018-11-08 09:55:41 +00:00
Patrick Schleizer
f9e18772d7
bumped changelog version
2018-11-01 07:42:29 +00:00
Patrick Schleizer
4ecd32ef99
description
2018-10-31 02:26:13 -04:00
Patrick Schleizer
256e4bac52
bumped changelog version
2018-09-14 13:20:11 +00:00
Patrick Schleizer
73e5319711
'Depends: libglib2.0-bin' - contains glib-compile-schemas (required by postinst)
2018-09-14 10:46:00 +00:00
Patrick Schleizer
64b5e55d8c
bumped changelog version
2018-08-27 16:49:44 +00:00
Patrick Schleizer
c296cba838
bumped changelog version
2018-02-01 15:18:55 +00:00
Patrick Schleizer
5b3fc2f6b9
update copyright
2018-01-29 15:22:05 +00:00
Patrick Schleizer
c3b6a44e97
update copyright
2018-01-29 15:15:17 +00:00
Patrick Schleizer
ff28f5932c
update copyright
2018-01-29 15:09:42 +00:00
Patrick Schleizer
674d2d8abf
bumped changelog version
2017-12-21 20:35:29 +00:00
Patrick Schleizer
7b2d3c9e2f
bumped changelog version
2017-07-26 14:37:34 +00:00
Patrick Schleizer
61bd4d05b7
bumped changelog version
2017-03-06 16:16:32 +00:00
Patrick Schleizer
99bb1e877e
"$@"
2017-03-06 15:00:33 +00:00
Patrick Schleizer
2130b4c654
use python rather than unbuffer
...
because unbuffer eats exit code when process is killed
2017-02-27 23:16:32 +00:00
Patrick Schleizer
1fb48e3548
bumped changelog version
2017-02-27 02:04:00 +00:00
Patrick Schleizer
966e90ebe2
add missing dependency tcl8.6 (which is required by unbuffer [package expect])
2017-02-27 00:17:36 +00:00
Patrick Schleizer
5653b7732a
fix, show progress during apt-get-wrapper
...
fix, propagate signals to apt-get child process
2017-02-26 23:57:17 +00:00
Patrick Schleizer
0228e87d47
minor
2017-02-19 22:37:10 +00:00
Patrick Schleizer
dfe8a569b6
override glib-compile-schemas with || true in postinst
...
https://phabricator.whonix.org/T500
2017-02-19 22:32:04 +00:00
Patrick Schleizer
5ba2a5b6ff
disable previews in nautilus by default for better security
...
copied solution by @unman
https://github.com/QubesOS/qubes-issues/issues/1108
https://github.com/QubesOS/qubes-core-agent-linux/pull/39
https://phabricator.whonix.org/T500
2017-02-19 22:25:28 +00:00
Patrick Schleizer
91adab0d1b
bumped changelog version
2017-02-17 14:08:56 +00:00
Patrick Schleizer
0bb059093f
remove faketime from Build-Depends:
...
since no longer used for reproducible builds
2017-02-10 15:47:52 +00:00
Patrick Schleizer
be8084ad1c
remove debian/gain-root-command workaround
2017-02-10 15:35:25 +00:00
Patrick Schleizer
1e66e03da1
bumped changelog version
2017-01-15 15:35:31 +00:00
Patrick Schleizer
d80d576953
fix lintian warning
2017-01-15 13:11:38 +00:00
Patrick Schleizer
59633fbc60
packaging, bumped Standards-Version from 3.9.6 to 3.9.8 for jessie support
2017-01-15 08:35:40 +01:00
Patrick Schleizer
814d6c5f74
bumped changelog version
2017-01-12 02:56:55 +00:00
Patrick Schleizer
7b3ef3a00f
bumped changelog version
2016-12-10 02:30:50 +00:00
Patrick Schleizer
0d66fc60b9
bumped changelog version
2016-04-25 23:27:58 +00:00
Patrick Schleizer
492ce12890
bumped changelog version
2016-04-07 22:54:45 +00:00
Patrick Schleizer
9d7ad9e97e
fixed package description and package description linitan warnings
2016-03-31 15:53:40 +00:00
Patrick Schleizer
d5e61eb4b1
added 'Replaces: tcp-timestamps-disable'
...
https://phabricator.whonix.org/T486
2016-03-31 15:36:59 +00:00
HulaHoopWhonix
989f2f54e2
Update control
2016-03-31 03:18:05 +00:00
HulaHoopWhonix
c7d88571e4
Update control
2016-03-31 03:16:10 +00:00
Patrick Schleizer
ba7b06ce30
bumped changelog version
2015-12-15 04:16:14 +00:00
Patrick Schleizer
c47f9697b4
deactivate preview in Nautilus
2015-12-15 04:14:00 +00:00
Patrick Schleizer
4b7d8a4bd8
bumped changelog version
2015-12-15 02:00:39 +00:00
Patrick Schleizer
d3ccf0eeaf
initial commit
2015-12-15 02:00:24 +00:00