Patrick Schleizer
|
b153e8f7df
|
fix path
|
2019-07-17 21:02:48 +00:00 |
|
Patrick Schleizer
|
2299ed041f
|
passwordless recovery / emergency console
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211
bc5ca2de85
https://forums.whonix.org/t/restrict-root-access/7658/46
|
2019-07-17 20:36:51 +00:00 |
|
Patrick Schleizer
|
cb668459e8
|
port umask from /etc/pam.d to /usr/share/pam-configs implementation
https://forums.whonix.org/t/change-default-umask/7416
|
2019-07-13 10:35:10 -04:00 |
|
Patrick Schleizer
|
ac25733de8
|
remove etc/pam.d/common-password.security-misc rounds=65536
due to unclean implementation, see:
https://forums.whonix.org/t/restrict-root-access/7658/37
|
2019-07-13 14:01:53 +00:00 |
|
Patrick Schleizer
|
69b97981f3
|
convert etc/pam.d/su.security-misc to usr/share/pam-configs/wheel
https://forums.whonix.org/t/restrict-root-access/7658/32
|
2019-07-13 12:33:51 +00:00 |
|
Patrick Schleizer
|
4079632d1a
|
remove modifying to /etc/pam.d directly (unrelased)
config-package-dev displace /etc/securetty
remove trailing spaces
https://forums.whonix.org/t/restrict-root-access/7658/31
|
2019-07-13 11:41:37 +00:00 |
|
madaidan
|
b63d4ccb41
|
Update uncommon-network-protocols.conf
|
2019-07-11 15:28:56 +00:00 |
|
madaidan
|
4058e283a5
|
Blacklist more uncommon network protocols
|
2019-07-10 14:27:19 +00:00 |
|
madaidan
|
d70440aaed
|
Remove duplicate
|
2019-07-09 21:57:37 +00:00 |
|
madaidan
|
2d27bdd808
|
Blacklist more uncommon network protocols
|
2019-07-09 21:55:37 +00:00 |
|
Patrick Schleizer
|
3df6a44e98
|
also allow members of group sudo to run /usr/lib/security-misc/panic-on-oops
|
2019-07-09 06:56:23 -04:00 |
|
Patrick Schleizer
|
0f15303eb4
|
Merge branch 'master' into patch-16
|
2019-07-09 10:54:24 +00:00 |
|
madaidan
|
24d9eadcb2
|
Use 65536 hashing rounds
|
2019-07-08 23:19:59 +00:00 |
|
madaidan
|
86117d9577
|
Create common-password.security-misc
|
2019-07-08 23:19:19 +00:00 |
|
madaidan
|
8ad9a54b09
|
Don't allow root login from a terminal
|
2019-07-08 23:17:17 +00:00 |
|
madaidan
|
890298a3c8
|
Restrict su to users in the root group
|
2019-07-08 23:15:56 +00:00 |
|
madaidan
|
38099a2a5d
|
Create su.security-misc
|
2019-07-08 23:11:17 +00:00 |
|
madaidan
|
2a17427055
|
Create security-misc
|
2019-07-08 23:01:30 +00:00 |
|
madaidan
|
4ac700ded0
|
Create 50panic_on_oops
|
2019-07-08 22:59:39 +00:00 |
|
Patrick Schleizer
|
e543c4bf82
|
apparmor fixes (this broke whonixcheck apparmor profile)
|
2019-07-07 16:37:46 -04:00 |
|
Patrick Schleizer
|
3558a9949f
|
Enable APT seccomp sandboxing.
Thanks to @torjunkie for the suggestion!
https://forums.whonix.org/t/apt-seccomp-bpf-sandboxing/7702
|
2019-07-07 09:37:25 +00:00 |
|
madaidan
|
46409be8b6
|
Use install instead of blacklist
|
2019-07-04 14:25:28 +00:00 |
|
madaidan
|
eb7eaffba1
|
Blacklist n-hdlc
|
2019-07-04 14:24:44 +00:00 |
|
Patrick Schleizer
|
93c0821054
|
config-package-dev displace files for change umask
https://forums.whonix.org/t/change-default-umask/7416
|
2019-07-01 13:35:45 +00:00 |
|
Patrick Schleizer
|
a73f0566e9
|
change default umask to 006
session optional pam_umask.so usergroups
https://forums.whonix.org/t/change-default-umask/7416/17
|
2019-07-01 13:25:23 +00:00 |
|
Patrick Schleizer
|
41b61e3277
|
revert to Debian buster original
|
2019-07-01 13:24:29 +00:00 |
|
madaidan
|
eedeaa0e7f
|
Update common-session-noninteractive
|
2019-06-30 13:12:59 +00:00 |
|
madaidan
|
a9af85f585
|
Update common-session
|
2019-06-30 13:12:16 +00:00 |
|
madaidan
|
1e1d29cfde
|
Create common-session-noninteractive
|
2019-06-30 13:11:31 +00:00 |
|
madaidan
|
501901f7c0
|
Change default umask to 006
|
2019-06-30 13:10:54 +00:00 |
|
madaidan
|
09a5c27f47
|
Create common-session
|
2019-06-30 13:10:29 +00:00 |
|
madaidan
|
a319333493
|
Create login.defs
|
2019-06-30 13:09:51 +00:00 |
|
madaidan
|
230ef34db4
|
Create disable-coredumps.conf
|
2019-06-30 00:19:04 +00:00 |
|
madaidan
|
1bf802f846
|
Create coredumps.conf
|
2019-06-30 00:16:50 +00:00 |
|
madaidan
|
f040081a59
|
Prevent setuid processes from creating coredumps.
|
2019-06-30 00:13:52 +00:00 |
|
Patrick Schleizer
|
ab312235ba
|
Merge pull request #14 from madaidan/patch-10
Add some hardening for other distributions
|
2019-06-28 06:59:16 +00:00 |
|
Patrick Schleizer
|
5e02100e34
|
Merge pull request #13 from madaidan/patch-9
Remove System.map and restrict the SysRq key.
|
2019-06-28 06:58:32 +00:00 |
|
Patrick Schleizer
|
7e12e16dc0
|
Merge pull request #11 from madaidan/patch-7
Protect against DMA attacks
|
2019-06-28 06:57:42 +00:00 |
|
madaidan
|
3801a53a9e
|
Update tcp_hardening.conf
|
2019-06-27 18:17:58 +00:00 |
|
madaidan
|
c54125270b
|
Create dmesg_restrict.conf
|
2019-06-27 18:15:57 +00:00 |
|
madaidan
|
01c839c815
|
Restrict what the SysRq key can do
|
2019-06-25 19:16:43 +00:00 |
|
Patrick Schleizer
|
2a6289980e
|
syntax fix
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"
https://forums.whonix.org/t/kernel-hardening/7296/70
|
2019-06-23 18:46:52 +00:00 |
|
Patrick Schleizer
|
aec6da28e9
|
Merge pull request #10 from madaidan/patch-6
Enable more kernel hardening parameters
|
2019-06-23 18:45:24 +00:00 |
|
madaidan
|
641407c8e9
|
Enable IOMMU
|
2019-06-23 18:38:50 +00:00 |
|
madaidan
|
07c6362f1a
|
Blacklist thunderbolt and firewire
|
2019-06-23 18:34:45 +00:00 |
|
madaidan
|
2178fb37a8
|
Add more kernel hardening parameters
|
2019-06-23 17:54:34 +00:00 |
|
madaidan
|
807ac7d659
|
Create tcp_sack.conf
|
2019-06-22 16:08:30 +00:00 |
|
Patrick Schleizer
|
49873e8e02
|
solve package file conflict
https://github.com/QubesOS/qubes-issues/issues/1885#issuecomment-500200375
|
2019-06-09 10:06:58 +00:00 |
|
madaidan
|
7177c6041a
|
Create uncommon-network-protocols.conf
|
2019-05-16 20:30:49 +00:00 |
|
Patrick Schleizer
|
7d7b899dd1
|
Merge pull request #6 from madaidan/patch-2
Even more kernel hardening
|
2019-05-16 19:52:52 +00:00 |
|
madaidan
|
b814f338b8
|
Update tcp_hardening.conf
|
2019-05-16 16:33:03 +00:00 |
|
madaidan
|
e6794721bd
|
Update ptrace_scope.conf
|
2019-05-16 16:29:20 +00:00 |
|
Patrick Schleizer
|
137bc073c5
|
port to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml
https://forums.whonix.org/t/whonix-xfce-development/6213/84?u=patrick
|
2019-05-08 21:38:25 -04:00 |
|
Patrick Schleizer
|
b00a264ce2
|
Disable thunar-volman by default.
|
2019-05-08 21:29:36 -04:00 |
|
madaidan
|
a4852ad6c8
|
Create fs_protected.conf
|
2019-05-06 20:37:53 +00:00 |
|
madaidan
|
0296e51e06
|
Create ptrace_scope.conf
|
2019-05-06 15:46:37 +00:00 |
|
madaidan
|
2923fc96ef
|
Create tcp_hardening.conf
|
2019-05-06 15:45:53 +00:00 |
|
madaidan
|
4216299ee8
|
Create kexec.conf
|
2019-05-06 15:42:55 +00:00 |
|
Patrick Schleizer
|
f917c27a19
|
remove trailing spaces
|
2019-05-06 05:51:14 -04:00 |
|
madaidan
|
02e8888b0b
|
Update 40_kernel_hardening.cfg
|
2019-05-05 20:17:33 +00:00 |
|
madaidan
|
3695d7491e
|
Create 40_kernel_hardening.cfg
|
2019-05-05 14:42:03 +00:00 |
|
madaidan
|
d2ca85c686
|
Create mmap_aslr.conf
|
2019-05-05 14:36:30 +00:00 |
|
madaidan
|
197c1120a9
|
Create harden_bpf.conf
|
2019-05-05 14:35:42 +00:00 |
|
madaidan
|
351db0ef7f
|
Create kptr_restrict.conf
|
2019-05-05 14:34:41 +00:00 |
|
Patrick Schleizer
|
63b080f40b
|
fix hiding network bookmark in thunar by default
Thanks to @Algernon for suggesting the fix!
|
2018-11-19 06:27:52 -05:00 |
|
Patrick Schleizer
|
daf7fc002b
|
Disables network bookmark by default.
|
2018-11-19 03:08:20 -05:00 |
|
Algernon-01
|
f84f988118
|
Enabled hidden files and volume management.
|
2018-11-08 07:22:35 +00:00 |
|
Algernon-01
|
5aebf29214
|
Security and general settings for Thunar.
|
2018-11-02 10:16:09 +00:00 |
|
Patrick Schleizer
|
008a97d9e7
|
disable previews in thunar
|
2018-10-31 02:22:43 -04:00 |
|
Patrick Schleizer
|
5b3fc2f6b9
|
update copyright
|
2018-01-29 15:22:05 +00:00 |
|
Patrick Schleizer
|
ff28f5932c
|
update copyright
|
2018-01-29 15:09:42 +00:00 |
|
Patrick Schleizer
|
49cde21078
|
Whonix 14 KDE plasma 5 fixes
https://phabricator.whonix.org/T633
|
2017-02-21 19:54:41 +00:00 |
|
Patrick Schleizer
|
c59d15d48f
|
Debian stretch / kde plasma5 fix: KDEDIRS -> XDG_CONFIG_DIRS
https://phabricator.whonix.org/T633
|
2017-02-15 20:46:22 +00:00 |
|
Patrick Schleizer
|
6cda8b1496
|
disable conntrack helper for better security
https://phabricator.whonix.org/T486
|
2016-10-10 16:10:30 +00:00 |
|
Patrick Schleizer
|
192d1e0cee
|
/etc/sysctl.d/nf_conntrack_helper.conf disabled for now as it needs more work
https://phabricator.whonix.org/T486
|
2016-04-25 23:19:54 +00:00 |
|
HulaHoopWhonix
|
92d738db56
|
Create nf_conntrack_helper.conf
|
2016-03-31 02:53:12 +00:00 |
|
HulaHoopWhonix
|
5992a7f026
|
Create tcp_timestamps.conf
|
2016-03-31 02:48:06 +00:00 |
|
Patrick Schleizer
|
d3ccf0eeaf
|
initial commit
|
2015-12-15 02:00:24 +00:00 |
|