Commit Graph

2181 Commits

Author SHA1 Message Date
Raja Grewal
f055fe5da2
Disable asynchronous I/O
io_uring creation is disabled for all processes. io_uring_setup always fails with -EPERM. Existing io_uring instances can still be used.
2023-12-15 08:33:36 +00:00
Patrick Schleizer
99f2edd4f6
bumped changelog version 2023-12-12 16:51:21 +00:00
Patrick Schleizer
039de1dc9b
add hardened fstab /usr/share/doc/security-misc/fstab-vm
to the documentation folder as an example

not directly used by security-misc

will later be used by Kicksecure VM build process

https://github.com/Kicksecure/security-misc/issues/157
2023-12-12 11:50:11 -05:00
Patrick Schleizer
dcaafa6c8b
bumped changelog version 2023-12-04 17:06:45 +00:00
Patrick Schleizer
5a73817a95
move to /usr/lib/issue.d/20_security-misc.issue
https://github.com/Kicksecure/security-misc/pull/167
2023-12-04 11:38:49 -05:00
Patrick Schleizer
dfaea492c7
remove etc/issue.net.d/20_security-misc
since not mentioned on debian.org
2023-12-04 11:37:02 -05:00
Patrick Schleizer
69c895af09
Merge remote-tracking branch 'github-kicksecure/master' 2023-12-04 11:27:53 -05:00
Patrick Schleizer
36850f89fb
Merge pull request #167 from monsieuremre/patch-4
Non-Identifiable and Generic Issue Banners that include the Recommended Keywords
2023-12-04 11:27:16 -05:00
Patrick Schleizer
c9ea7a4dca
use amd_iommu=force_isolation instead of amd_iommu=force_enable
because we set `iommu=force` already anyhow

fixes https://github.com/Kicksecure/security-misc/issues/175
2023-12-04 11:02:55 -05:00
Patrick Schleizer
e83c1d7ed6
Merge remote-tracking branch 'github-kicksecure/master' 2023-12-04 11:01:02 -05:00
Patrick Schleizer
befd21e0c0
Merge pull request #176 from monsieuremre/patch-1
Iommu Kernel Parameters
2023-12-04 11:00:29 -05:00
Patrick Schleizer
c4e21ca5f4
added development philosophy
https://github.com/Kicksecure/security-misc/issues/154
2023-12-04 10:58:16 -05:00
Patrick Schleizer
feab1432f9
clarify scope
https://github.com/Kicksecure/security-misc/issues/154
2023-12-04 10:48:27 -05:00
Patrick Schleizer
dc04040cb3
typo 2023-12-04 10:36:48 -05:00
Patrick Schleizer
2634dbff2b
shuffle 2023-12-04 10:36:21 -05:00
monsieuremre
f2ad8383cf
fix 2023-12-03 19:51:38 +00:00
monsieuremre
dd15823a97
undo superfluousness 2023-12-03 19:50:07 +00:00
monsieuremre
83e13bb62d
Update 40_enable_iommu.cfg 2023-12-03 19:42:34 +00:00
monsieuremre
0d7af9707f
Update 20_security-misc 2023-12-03 19:31:12 +00:00
monsieuremre
04d27a10b0
Update 20_security-misc 2023-12-03 19:30:55 +00:00
monsieuremre
7963f811e1
Merge branch 'Kicksecure:master' into patch-4 2023-12-03 19:30:22 +00:00
Patrick Schleizer
82bd9138de
bumped changelog version 2023-11-20 13:13:10 +00:00
Patrick Schleizer
c2b3ff5243
moved libpam-tmpdir dependency to kicksecure-meta-packages
https://github.com/Kicksecure/security-misc/pull/147
2023-11-20 04:40:28 -05:00
monsieuremre
c8b9f5a917
net 2023-11-18 10:03:19 +00:00
monsieuremre
3b614f3753
20_security-misc 2023-11-18 10:02:16 +00:00
Patrick Schleizer
4e4df5dd7c
bumped changelog version 2023-11-11 22:29:57 +00:00
Patrick Schleizer
a51674410c
fix 2023-11-11 17:29:37 -05:00
Patrick Schleizer
8d58077d68
bumped changelog version 2023-11-11 20:22:34 +00:00
Patrick Schleizer
5b85a0b34d
license 2023-11-11 14:46:35 -05:00
Patrick Schleizer
7757080519
change license to AGPL-3+
https://forums.whonix.org/t/license-change-to-agplv3/17455
2023-11-11 13:41:28 -05:00
Patrick Schleizer
20f804f19c
bumped changelog version 2023-11-06 17:28:21 -05:00
Patrick Schleizer
a1e00be0e0
update link 2023-11-06 16:58:23 -05:00
Patrick Schleizer
5bb357cac0
spice-client-glib-usb-acl-helper matchwhitelist 2023-11-06 16:55:00 -05:00
Patrick Schleizer
7309445ee5
comment 2023-11-06 16:52:27 -05:00
Patrick Schleizer
f09d97fc9e
whitelist VirtualBox 2023-11-06 16:50:19 -05:00
Patrick Schleizer
64c8c7a8d5
whitelist SSH 2023-11-06 16:47:31 -05:00
Patrick Schleizer
9682b51d54
whitelist virtualbox 2023-11-06 16:44:36 -05:00
Patrick Schleizer
a40b9bc095
comments 2023-11-06 16:40:22 -05:00
Patrick Schleizer
2c1a3da433
VirtualBoxVM matchwhitelist 2023-11-06 16:38:50 -05:00
Patrick Schleizer
4e96ffaabb
chrome-sandbox matchwhitelist 2023-11-06 16:37:19 -05:00
Patrick Schleizer
df5f3e8056
output 2023-11-06 16:36:22 -05:00
Patrick Schleizer
72f6e6bb9c
output 2023-11-06 16:28:23 -05:00
Patrick Schleizer
3bc831a1f7
lintian 2023-11-06 16:27:29 -05:00
Patrick Schleizer
fd1f38b2eb
remount-secure systemd unit
https://github.com/Kicksecure/security-misc/pull/152
2023-11-06 16:22:42 -05:00
Patrick Schleizer
79f9c1fb3a
add sysinit-post.target
https://github.com/Kicksecure/security-misc/pull/152
2023-11-06 15:48:09 -05:00
Patrick Schleizer
2de5ab4120
clarify scope of application specific hardening
fixes https://github.com/Kicksecure/security-misc/issues/154
2023-11-06 13:47:30 -05:00
Patrick Schleizer
5a96616b39
bumped changelog version 2023-11-05 21:13:14 -05:00
Patrick Schleizer
ad079ac5cc
readme
https://github.com/Kicksecure/security-misc/pull/152
2023-11-05 20:55:55 -05:00
Patrick Schleizer
be023c7722
readme
https://github.com/Kicksecure/security-misc/issues/159
2023-11-05 20:54:43 -05:00
Patrick Schleizer
e1f413c1ee
disable harden-module-loading.service for now
due to issues

https://github.com/Kicksecure/security-misc/issues/159
2023-11-05 20:53:26 -05:00