Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-26 10:56:31 -05:00
Code Issues Projects Releases Packages Wiki Activity
2973 commits 2 branches 291 tags 8.2 MiB
Commit graph

2973 commits

This branch
This branch
All branches
Author SHA1 Message Date
Patrick Schleizer
e24eee361d
remove unicode 2025-11-01 04:10:17 -04:00
Patrick Schleizer
53d3809891
Merge remote-tracking branch 'ArrayBolt3/arraybolt3/trixie' 2025-11-01 04:02:46 -04:00
Patrick Schleizer
dcccad9266
no longer depend on sudo 2025-11-01 03:58:33 -04:00
Patrick Schleizer
cfaa953373
output 2025-11-01 03:42:33 -04:00
Aaron Rainbolt
8b766fc3ad
Lock down flatpak software management 2025-10-31 15:23:12 -05:00
Patrick Schleizer
948c96afe9
bumped changelog version 2025-10-31 14:38:30 +00:00
Patrick Schleizer
aae472d9cf
Revert "Move apparmor-info, apparmor-watch to security-misc, enable systemd-journald audit transport" 
This reverts commit d1e148eba7.
 2025-10-31 10:24:31 -04:00
Patrick Schleizer
3b2092ee76
Merge remote-tracking branch 'ArrayBolt3/arraybolt3/trixie' 2025-10-31 10:19:08 -04:00
Aaron Rainbolt
d1e148eba7
Move apparmor-info, apparmor-watch to security-misc, enable systemd-journald audit transport 2025-10-30 23:05:19 -05:00
Patrick Schleizer
b168c37e84
bumped changelog version 2025-10-27 11:48:10 +00:00
Patrick Schleizer
c9d48ef7fd
readme 2025-10-27 07:07:25 -04:00
Patrick Schleizer
2dda826e02
bumped changelog version 2025-10-26 12:30:29 +00:00
Patrick Schleizer
cb70f19837
more robust, standardized kernel_cmdline variable detection 2025-10-26 08:06:26 -04:00
Patrick Schleizer
53db631964
bumped changelog version 2025-10-23 06:03:26 +00:00
Patrick Schleizer
f2b33b1ad5
update 2025-10-23 01:08:38 -04:00
Patrick Schleizer
1f093f8175
do not start usbguard-notifier if /sys/bus/usb does not exist 2025-10-22 00:37:36 -04:00
Patrick Schleizer
7969ffd4a5
bumped changelog version 2025-10-19 08:43:36 +00:00
Patrick Schleizer
f555c48c51
fix USBGuard-notifier accept / reject buttons 
https://forums.kicksecure.com/t/usbguard-what-should-we-allow-or-disallow-by-default/1248/49
 2025-10-19 04:42:24 -04:00
Patrick Schleizer
929421bd25
bumped changelog version 2025-10-18 09:19:07 +00:00
Patrick Schleizer
f5b7aab87e
update 2025-10-18 05:18:55 -04:00
Patrick Schleizer
806eec423a
Merge remote-tracking branch 'ArrayBolt3/arraybolt3/trixie' 2025-10-18 04:44:41 -04:00
Aaron Rainbolt
70fbbc230c
Set USBGuard settings to permit USB hubs and Qubes USB passthrough 2025-10-17 15:49:42 -05:00
Aaron Rainbolt
3d5e659b78
Remove trailing spaces 2025-10-15 19:02:48 -05:00
Aaron Rainbolt
29639fe69e
Merge remote-tracking branch 'raja/bad_ipv6_ra' into arraybolt3/trixie 2025-10-15 19:01:08 -05:00
Aaron Rainbolt
026d55ac41
Typo fixes 2025-10-15 18:30:52 -05:00
Aaron Rainbolt
35fce26476
Merge remote-tracking branch 'raja/stop_ptrace' into arraybolt3/trixie 2025-10-15 18:18:33 -05:00
Aaron Rainbolt
4f63af4200
Allow listing USB devices via usbguard 2025-10-15 17:53:26 -05:00
raja-grewal
2304174171
Insert empty new line 2025-10-12 02:32:45 +00:00
raja-grewal
7161430a60
Seperate ptrace() disabling into own file 2025-10-12 02:27:48 +00:00
Patrick Schleizer
6cc1c27fb3
bumped changelog version 2025-10-10 12:08:28 +00:00
Patrick Schleizer
4d9c3dc357
minor 2025-10-10 08:08:10 -04:00
Patrick Schleizer
968de33c65
Force immediate kernel panic on OOM. 
This is to avoid security features such as the screen locker, kloak, emerg-shutdown
from being arbitrarily terminated when the system starts running out of memory.

https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14

https://github.com/Kicksecure/security-misc/issues/324

`vm.panic_on_oom=2`

implements https://github.com/Kicksecure/security-misc/issues/324
 2025-10-10 08:03:03 -04:00
Patrick Schleizer
98f27c3b2e
comment 2025-10-10 06:53:04 -04:00
Patrick Schleizer
28a88c7091
comment 2025-10-10 06:52:13 -04:00
Patrick Schleizer
f4a87e7748
Merge remote-tracking branch 'github-kicksecure/master' 2025-10-10 06:51:31 -04:00
Patrick Schleizer
6cf8a623fe
Merge pull request #325 from raja-grewal/hash_pointers 
Docs detailing future improvements to `slab_debug`
 2025-10-10 06:50:46 -04:00
raja-grewal
e89c7ae025
Update docs on slab_debug for future improvements 2025-10-08 02:39:20 +00:00
Patrick Schleizer
685070bd02
bumped changelog version 2025-10-07 08:40:32 +00:00
Patrick Schleizer
ba6ec919f0
Merge remote-tracking branch 'ArrayBolt3/arraybolt3/trixie' 2025-10-07 04:34:51 -04:00
Aaron Rainbolt
718772ea78
Remove unsafe sanitizer compiler flags from emerg-shutdown 2025-10-06 15:03:31 -05:00
raja-grewal
0c8f2f1b44
Add docs about the risks associated with IPv6 RAs 2025-10-02 07:05:00 +00:00
Patrick Schleizer
dd961b8427
bumped changelog version 2025-09-28 21:09:46 +00:00
Patrick Schleizer
e6ba4dad46
Merge remote-tracking branch 'ArrayBolt3/arraybolt3/trixie' 2025-09-28 17:00:24 -04:00
Aaron Rainbolt
60f8153f64
Fix emerg-shutdown gcc build, remove AddressSanitizer from hardening options since it is incompatible with static builds 2025-09-28 15:05:21 -05:00
Aaron Rainbolt
7e016b5632
Allow users in the qubes group to access USBGuard IPC 2025-09-28 14:11:59 -05:00
raja-grewal
194b8fce4e
Disable the usage of ptrace() by all processes 2025-09-28 03:20:24 +00:00
Patrick Schleizer
22c9863493
bumped changelog version 2025-09-26 08:40:20 +00:00
Patrick Schleizer
08199dfe94
Merge remote-tracking branch 'ArrayBolt3/arraybolt3/trixie' 2025-09-26 04:31:02 -04:00
Aaron Rainbolt
58cc6731f2
Additional hardening on emerg-shutdown 2025-09-26 00:13:59 -05:00
Patrick Schleizer
590aaec73d
bumped changelog version 2025-09-24 14:32:35 +00:00