Raja Grewal
|
9300c208e2
|
Fix script
|
2024-07-15 21:36:25 +10:00 |
|
Raja Grewal
|
f2db11269e
|
Fix script
|
2024-07-15 21:18:32 +10:00 |
|
Raja Grewal
|
fda3832eaf
|
Replace bash file presented for disabling of miscellaneous modules
|
2024-07-15 21:08:45 +10:00 |
|
Raja Grewal
|
cb2fb95b81
|
Disable more miscellaneous drivers
|
2024-07-15 21:01:36 +10:00 |
|
Raja Grewal
|
96aa63267a
|
Disable more Thunderbolt modules
|
2024-07-15 20:57:14 +10:00 |
|
Raja Grewal
|
51f7776bc8
|
Disable more network protocols/drivers
|
2024-07-15 20:56:12 +10:00 |
|
Raja Grewal
|
9e40ff0551
|
Disable more network file systems
|
2024-07-15 20:54:18 +10:00 |
|
Raja Grewal
|
82c5a93f7c
|
Disable another GPS module
|
2024-07-15 20:53:07 +10:00 |
|
Raja Grewal
|
99b0ce7948
|
Disable more file systems
|
2024-07-15 20:47:56 +10:00 |
|
Raja Grewal
|
4476a477a7
|
Provide option to disable more Bluetooth modules
|
2024-07-15 20:47:07 +10:00 |
|
Raja Grewal
|
9f58266546
|
Move nf_conntrack_helper disabling into separate file
|
2024-07-13 23:32:01 +10:00 |
|
Raja Grewal
|
98580bb39a
|
Update modprobe presentation
|
2024-07-13 23:29:52 +10:00 |
|
Raja Grewal
|
41a3bf92fb
|
Sort 30_security-misc_disable.conf
|
2024-07-12 16:21:41 +10:00 |
|
Raja Grewal
|
b02230a783
|
Split modprobe into blacklisted and disabled configurations
|
2024-07-12 02:42:37 +10:00 |
|
Raja Grewal
|
fc792ff232
|
Alphabetically sort existing modprobe
|
2024-07-12 02:29:36 +10:00 |
|
Raja Grewal
|
fe20f3240e
|
Refactor existing modprobe for clarity
|
2024-07-12 02:28:48 +10:00 |
|
Raja Grewal
|
275a4ffc11
|
Remove redundant disabled modules
|
2024-07-12 02:27:56 +10:00 |
|
Ashlen
|
e198447866
|
fix(etc): delete typo in /etc/apparmor.d tunables
/etc/pam.d was present twice in a row ("/etc/pam.d//etc/pam.d") in this
file: /etc/apparmor.d/tunables/home.d/security-misc.
|
2024-06-08 22:17:05 -06:00 |
|
Patrick Schleizer
|
e0cd9579d6
|
remove duplicate fsckobjects = true from /etc/gitconfig
|
2024-06-01 13:32:13 -04:00 |
|
Patrick Schleizer
|
4efa293f3b
|
add /etc/gitconfig by default for better git security
```
[core]
symlinks = false
[transfer]
fsckobjects = true
fsckobjects = true
[fetch]
fsckobjects = true
fsckobjects = true
[receive]
fsckobjects = true
fsckobjects = true
```
+ additional suggestions as comments
fixes https://github.com/Kicksecure/security-misc/issues/225
|
2024-05-28 07:51:06 -04:00 |
|
Raja Grewal
|
1bb843ec38
|
Update Copyright (C) to 2024
|
2024-05-11 13:18:36 +10:00 |
|
Patrick Schleizer
|
0f1119f326
|
Merge pull request #221 from raja-grewal/firewire
Disable Firewire Module
|
2024-05-10 06:45:57 -04:00 |
|
Patrick Schleizer
|
547757f451
|
Merge pull request #220 from raja-grewal/block_gps
Block Several GPS-related Modules
|
2024-05-10 06:45:34 -04:00 |
|
raja-grewal
|
677f75ae8e
|
Disable firewire-net module
|
2024-05-09 02:34:02 +00:00 |
|
raja-grewal
|
06f13bb766
|
Disable GPS modules like GNSS
|
2024-05-09 02:28:53 +00:00 |
|
raja-grewal
|
4694268b8f
|
Remove a word
|
2024-05-05 12:52:51 +00:00 |
|
raja-grewal
|
8f7768ce96
|
Add vendor links
|
2024-05-05 12:50:39 +00:00 |
|
raja-grewal
|
0c031a29d3
|
RFDS mitigation on Intel Atom CPUs (including E-cores)
|
2024-05-01 13:55:09 +10:00 |
|
raja-grewal
|
1122b3402c
|
GDS mitigation for CPUs
|
2024-05-01 13:50:42 +10:00 |
|
raja-grewal
|
c002bd62e8
|
Clarify use of mitigations=auto
|
2024-05-01 13:49:34 +10:00 |
|
raja-grewal
|
d89d7e8ef8
|
Add reference for RETBleed
|
2024-05-01 13:49:00 +10:00 |
|
raja-grewal
|
015dcc4212
|
Add reference for SSB
|
2024-05-01 13:48:13 +10:00 |
|
raja-grewal
|
de4f4be947
|
Merge spectre mitigations
|
2024-05-01 13:47:40 +10:00 |
|
raja-grewal
|
965c8641fd
|
Update BHI mitigation reference
|
2024-05-01 13:47:02 +10:00 |
|
raja-grewal
|
493576836c
|
BHI mitigation on Intel CPUs
|
2024-04-12 00:17:06 +10:00 |
|
Patrick Schleizer
|
7dba3fb7be
|
no longer disable MSR by default
fixes https://github.com/Kicksecure/security-misc/issues/215
|
2024-04-01 02:56:27 -04:00 |
|
Patrick Schleizer
|
6b76373395
|
fix panic-on-oops started every 10s in Qubes-Whonix
by changing from a /etc/profile.d etc. related mechanism to start to a systemd unit file based approach
Thanks to @marmarek for the bug report!
https://forums.whonix.org/t/panic-on-oops-started-every-10s/19450
|
2024-03-04 06:44:26 -05:00 |
|
Patrick Schleizer
|
af6c6971a7
|
comment
|
2024-03-04 06:33:51 -05:00 |
|
Patrick Schleizer
|
e013070e0b
|
newline
|
2024-03-04 06:33:21 -05:00 |
|
Daniel Winzen
|
ef44ecea44
|
Add option to disabe /sys hardening
|
2024-02-22 17:27:46 +01:00 |
|
raja-grewal
|
b16c99ab62
|
Remove hardcoded spec_rstack_overflow setting
|
2024-01-29 13:39:40 +00:00 |
|
raja-grewal
|
139b10a9aa
|
Control RAS overflow mitigation on AMD Zen CPUs
|
2024-01-29 12:59:13 +00:00 |
|
raja-grewal
|
6c54e35027
|
Enable mitigations for RETBleed vulnerability and disable SMT
|
2024-01-29 12:58:51 +00:00 |
|
raja-grewal
|
4509a5fc95
|
Enable known mitigations for CPU vulnerabilities and disable SMT
|
2024-01-29 12:58:14 +00:00 |
|
raja-grewal
|
4231155efa
|
Add reference for kernel parameters
|
2024-01-29 12:57:48 +00:00 |
|
Patrick Schleizer
|
071b984a1e
|
sort -d
https://github.com/Kicksecure/security-misc/issues/190
|
2024-01-17 13:49:05 -05:00 |
|
Patrick Schleizer
|
011e55e3e5
|
remove duplicates after usrmerge
https://github.com/Kicksecure/security-misc/issues/190
|
2024-01-17 13:45:17 -05:00 |
|
Patrick Schleizer
|
0efee2f50f
|
usrmerge
fixes https://github.com/Kicksecure/security-misc/issues/190
|
2024-01-17 13:39:56 -05:00 |
|
Patrick Schleizer
|
4f7973bc56
|
comment
|
2024-01-16 08:56:26 -05:00 |
|
Ben Grande
|
abf72c2ee4
|
Rename file permission hardening script
Hardener as the script is the agent that is hardening the file
permissions.
|
2024-01-02 13:34:29 +01:00 |
|