security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-26 14:47:23 -05:00

Author	SHA1	Message	Date
Patrick Schleizer	31fd316e72	comments	2025-08-20 09:48:20 -04:00
Patrick Schleizer	5d67277c9f	comments	2025-08-20 09:46:43 -04:00
raja-grewal	a471069378	Remove link	2025-08-19 11:03:05 +10:00
Aaron Rainbolt	b5a36e02f1	Merge remote-tracking branch 'raja/panic_limits' into arraybolt3/trixie	2025-08-17 13:52:01 -05:00
raja-grewal	6df3e3cde8	Update kernel panic service description	2025-08-17 06:32:11 +00:00
raja-grewal	247015bcc6	Set `sysctl kernel.panic=-1`	2025-08-17 06:27:44 +00:00
raja-grewal	f1de0da69b	Clarify description on panics on oopses and warns	2025-08-16 04:01:12 +00:00
raja-grewal	c33f7d04e2	Remove duplicate comment	2025-08-16 03:32:48 +00:00
Aaron Rainbolt	a2a9e8440b	Merge branch 'trixie_docs' into arraybolt3/trixie	2025-08-15 16:06:35 -05:00
raja-grewal	fce86dccb6	Typo	2025-08-13 10:44:40 +10:00
Aaron Rainbolt	c33ea7be6d	Move security-misc/apt-get-update* to helper-scripts	2025-08-10 15:23:48 -05:00
Aaron Rainbolt	7aa38245de	Merge branch 'arraybolt3/emerg-shutdown' into arraybolt3/trixie	2025-08-09 23:31:55 -05:00
Aaron Rainbolt	c59a3b233b	Fix unexpected shutdowns when booting Kicksecure from optical media	2025-08-09 23:29:42 -05:00
Aaron Rainbolt	4930703b8c	Merge branch 'master' into arraybolt3/trixie	2025-08-09 21:30:45 -05:00
Patrick Schleizer	046c932898	`disable emerg-shutdown.service`: Disabled due to bug: breaks ISO Live Mode Calamares installer	2025-08-09 05:40:11 -04:00
Aaron Rainbolt	5f2425ba6f	Merge branch 'arraybolt3/emerg-shutdown' into arraybolt3/trixie	2025-08-06 20:21:01 -05:00
Aaron Rainbolt	3a77abe5c9	Port hardening options from kloak to emerg-shutdown, fix new compiler warnings	2025-08-06 20:11:02 -05:00
Aaron Rainbolt	0c1af00aae	Implement paranoid mode in emerg-shutdown	2025-08-06 19:33:38 -05:00
Aaron Rainbolt	29480df770	Improve emerg-shutdown usage documentation	2025-08-06 19:25:19 -05:00
Aaron Rainbolt	44e7d3059a	Integrate emerg-shutdown into the initramfs	2025-08-06 19:10:14 -05:00
Aaron Rainbolt	86f44063eb	Port to Trixie.	2025-08-05 22:58:06 -05:00
raja-grewal	498551536c	Update docs	2025-08-06 03:12:06 +00:00
raja-grewal	45d20dd972	Upgrade sysctls and docs on kernel panics	2025-08-06 02:35:15 +00:00
Aaron Rainbolt	5a17e67c0a	Fix local-fs.target dependency in emerg-shutdown.service	2025-08-05 20:14:07 -05:00
Aaron Rainbolt	63f2909341	Fix emerg-shutdown and ensure-shutdown libexec scripts, start emerg-shutdown and ensure-shutdown earlier	2025-08-03 15:00:14 -05:00
Patrick Schleizer	92bcd824e4	also parse /usr/local/etc	2025-08-03 07:17:25 -04:00
Patrick Schleizer	b9416fa77a	validate configuration file	2025-08-03 07:15:41 -04:00
Aaron Rainbolt	1a60da71ed	emerg-shutdown: Add shutdown timeout for preventing stuck shutdowns, briefly document feature set and usage	2025-07-29 21:16:51 -05:00
Aaron Rainbolt	e42078e90d	emerg-shutdown: fix the hang-on-shutdown bug, add autodetection of new keyboards, shutdown key configuration, and instant shutdown option	2025-07-28 20:43:54 -05:00
Aaron Rainbolt	5889d134a2	emerg-shutdow: Improve recvmsg handling, call reboot syscall directly	2025-07-20 14:14:09 -05:00
Aaron Rainbolt	b745c8ddae	emerg-shutdown: Enable actual shutdown code, fix infinite loop when started too early	2025-07-15 00:02:02 -05:00
Aaron Rainbolt	e387086de4	Allow specifying alternative keys in panic key combo, fix optical disk eject handling	2025-07-15 00:01:50 -05:00
Aaron Rainbolt	dfb6f143f0	Add panic key handling to emergency shutdown utility	2025-07-13 20:53:29 -05:00
Aaron Rainbolt	2a7071055f	Merge branch 'master' into arraybolt3/emerg-shutdown	2025-07-13 15:21:34 -05:00
raja-grewal	bb208fb134	Merge branch 'Kicksecure:master' into erst	2025-07-02 11:35:50 +10:00
raja-grewal	4314b1e85b	Add comment	2025-07-01 13:36:39 +10:00
Aaron Rainbolt	109c013467	Add comment related to approx package caching proxy	2025-06-12 01:08:34 -05:00
raja-grewal	dd0b55cc45	Add reference	2025-06-03 12:32:17 +10:00
Patrick Schleizer	3e102df765	fix	2025-05-28 08:37:03 -04:00
Ashlen	3559bc86b7	fix(permission-hardener): ssh-agent gets 2755 perms Change from exactwhitelist to matchwhitelist. Discussion revealed that there's a good reason to leave setgid in here, which is essentially defense-in-depth (sometimes users may want to revert Kicksecure's default of kernel.yama.ptrace_scope=2, e.g. to debug a program, and Kicksecure should not be less secure than vanilla Debian in that situation).	2025-05-27 15:32:41 -06:00
maybebyte	c59b2e4bc5	Merge branch 'Kicksecure:master' into ssh-agent-to-allowlist	2025-05-27 20:33:07 +00:00
maybebyte	017ee29eb3	Merge branch 'Kicksecure:master' into ssh-agent-to-allowlist	2025-05-27 18:25:47 +00:00
Patrick Schleizer	5195977be4	protect against grep pipefail	2025-05-27 11:57:21 -04:00
Patrick Schleizer	395169fbce	Merge pull request #308 from maybebyte/permission-hardener-speedboost perf(permission-hardener): optimize string match	2025-05-27 10:58:50 -04:00
Patrick Schleizer	142ea21189	fix	2025-05-21 12:42:16 -04:00
Patrick Schleizer	a969fa350e	fix	2025-05-21 12:40:27 -04:00
Patrick Schleizer	f023651c98	nounset	2025-05-21 12:35:37 -04:00
Patrick Schleizer	f086787464	fix	2025-05-21 12:35:23 -04:00
Patrick Schleizer	d7643954d1	minor	2025-05-21 12:33:50 -04:00
Patrick Schleizer	aa905fc887	further validation of output of `faillock`	2025-05-21 12:32:16 -04:00

1 2 3 4 5 ...

1099 commits