Patrick Schleizer
|
640ca1d24d
|
skip symlinks
https://forums.whonix.org/t/kernel-hardening/7296/323?
|
2019-12-20 02:57:57 -05:00 |
|
Patrick Schleizer
|
cc8f795799
|
comment
|
2019-12-20 02:47:04 -05:00 |
|
Patrick Schleizer
|
4e5b222a08
|
comment
|
2019-12-20 02:43:33 -05:00 |
|
Patrick Schleizer
|
fa895ee11e
|
refactoring
|
2019-12-20 02:40:42 -05:00 |
|
Patrick Schleizer
|
2c163bf439
|
check string length of permission variable
https://forums.whonix.org/t/kernel-hardening/7296/322
|
2019-12-20 02:39:53 -05:00 |
|
Patrick Schleizer
|
a89befd902
|
code simplification
|
2019-12-20 02:20:54 -05:00 |
|
Patrick Schleizer
|
72812da63f
|
comment
|
2019-12-20 02:16:32 -05:00 |
|
Patrick Schleizer
|
39a41cc27b
|
refactoring
|
2019-12-20 02:14:45 -05:00 |
|
Patrick Schleizer
|
2ed6452590
|
downgrade to info
|
2019-12-20 02:12:43 -05:00 |
|
Patrick Schleizer
|
a5e55dfcfc
|
quotes
|
2019-12-20 02:11:39 -05:00 |
|
Patrick Schleizer
|
3187cee4fb
|
output
|
2019-12-20 02:10:13 -05:00 |
|
Patrick Schleizer
|
5160b4c781
|
disable xtrace
|
2019-12-20 02:08:05 -05:00 |
|
Patrick Schleizer
|
27bfe95d25
|
add echo wrapper
|
2019-12-20 02:07:49 -05:00 |
|
Patrick Schleizer
|
a6988f3fb8
|
output
|
2019-12-20 02:06:31 -05:00 |
|
Patrick Schleizer
|
1819577b88
|
fix
|
2019-12-20 02:04:34 -05:00 |
|
Patrick Schleizer
|
278c60c5a0
|
exit non-zero if some line cannot be parsed
therefore make systemd notice this
therefore allow the sysadmin to notice this
|
2019-12-20 02:01:36 -05:00 |
|
Patrick Schleizer
|
66bcba8313
|
improve character whitelisting
|
2019-12-20 01:58:35 -05:00 |
|
Patrick Schleizer
|
8f14e808a9
|
send error messages to stderr
|
2019-12-20 01:32:49 -05:00 |
|
Patrick Schleizer
|
d8c9fac2e5
|
output
|
2019-12-20 01:32:08 -05:00 |
|
Patrick Schleizer
|
f19abaf627
|
refactoring
|
2019-12-20 01:31:37 -05:00 |
|
Patrick Schleizer
|
c5d1e9dda7
|
Merge remote-tracking branch 'origin/master'
|
2019-12-20 01:30:31 -05:00 |
|
Patrick Schleizer
|
a20b30013f
|
Merge pull request #44 from madaidan/permission-hardening
Remove SUID bits
|
2019-12-20 06:29:58 +00:00 |
|
madaidan
|
9df7407286
|
Remove SUID bits
|
2019-12-19 17:01:33 +00:00 |
|
madaidan
|
3c2ca0257f
|
Support for removing SUID bits
|
2019-12-19 17:01:08 +00:00 |
|
Patrick Schleizer
|
62eb462920
|
skip console_users_check for Qubes users
|
2019-12-16 06:46:48 -05:00 |
|
Patrick Schleizer
|
ab68182e11
|
bumped changelog version
|
2019-12-16 06:27:51 -05:00 |
|
Patrick Schleizer
|
2cab38a8b3
|
readme
|
2019-12-16 06:24:14 -05:00 |
|
Patrick Schleizer
|
4ca9fc5920
|
fix
|
2019-12-16 03:53:10 -05:00 |
|
Patrick Schleizer
|
f68efd53cf
|
remount /sys/kernel/security with nodev,nosuid[,noexec]
as suggested by @madaidan
http://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/238
|
2019-12-16 03:52:09 -05:00 |
|
Patrick Schleizer
|
2c4170e6f3
|
description
|
2019-12-12 09:47:58 -05:00 |
|
Patrick Schleizer
|
2d5ef378f3
|
description
|
2019-12-12 09:39:39 -05:00 |
|
Patrick Schleizer
|
300f010fc2
|
increase priority of pam-abort-on-locked-password-security-misc
since it has its own user help output
so it shows before pam tally2 info
to avoid duplicate non-applicable help text
|
2019-12-12 09:29:00 -05:00 |
|
Patrick Schleizer
|
a10597de92
|
bumped changelog version
|
2019-12-12 09:04:15 -05:00 |
|
Patrick Schleizer
|
729fa26eca
|
use pam_acccess only for /etc/pam.d/login
remove "Allow members of group 'ssh' to login."
remove "+:ssh:ALL EXCEPT LOCAL"
|
2019-12-12 09:00:08 -05:00 |
|
Patrick Schleizer
|
22b6480bc4
|
bumped changelog version
|
2019-12-10 11:44:02 -05:00 |
|
Patrick Schleizer
|
88bea2a6ef
|
comment
|
2019-12-10 03:53:10 -05:00 |
|
Patrick Schleizer
|
7d8001ddc9
|
refactoring
|
2019-12-10 03:51:39 -05:00 |
|
Patrick Schleizer
|
d2f6ac0491
|
fix, do user/group modifications in preinst rather than postinst
|
2019-12-10 03:50:23 -05:00 |
|
Patrick Schleizer
|
64ae53edb9
|
bumped changelog version
|
2019-12-09 08:25:30 -05:00 |
|
Patrick Schleizer
|
d80bf036f3
|
Disable permission hardening now until development finished / tested.
|
2019-12-09 03:50:43 -05:00 |
|
Patrick Schleizer
|
b72eb30056
|
quotes
|
2019-12-09 02:32:05 -05:00 |
|
Patrick Schleizer
|
c258376b7e
|
use read (built-in) rather than awk (external)
|
2019-12-09 02:31:10 -05:00 |
|
Patrick Schleizer
|
02165201ab
|
read -r; refactoring
as per https://mywiki.wooledge.org/BashFAQ/001
|
2019-12-09 02:23:43 -05:00 |
|
Patrick Schleizer
|
7467252122
|
quotes
|
2019-12-09 02:22:16 -05:00 |
|
Patrick Schleizer
|
9bea996017
|
Merge remote-tracking branch 'origin/master'
|
2019-12-09 02:21:47 -05:00 |
|
Patrick Schleizer
|
af62da3445
|
Merge pull request #42 from madaidan/permission-hardening
File permission hardening
|
2019-12-08 20:45:16 +00:00 |
|
madaidan
|
d7e2deae92
|
Create permission-hardening.service
|
2019-12-08 16:50:54 +00:00 |
|
madaidan
|
6c564f6e95
|
Create permission-hardening.conf
|
2019-12-08 16:50:11 +00:00 |
|
madaidan
|
61e19fa5f1
|
Create permission-hardening
|
2019-12-08 16:49:28 +00:00 |
|
Patrick Schleizer
|
6f944234a9
|
bumped changelog version
|
2019-12-08 05:26:29 -05:00 |
|