security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00

Author	SHA1	Message	Date
Patrick Schleizer	abae787186	usability: pam abort when attempting to login to root when root password is locked	2020-11-05 06:47:16 -05:00
Patrick Schleizer	581e31af81	comment	2020-11-05 06:46:57 -05:00
Patrick Schleizer	dfe9b0f6c7	fix, no longer unconditionally abort pam for user accounts with locked passwords as locked user accounts might have valid sudoers exceptions Thanks to @mimp for the bug report! https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521	2020-11-05 06:42:47 -05:00
Patrick Schleizer	211769dc65	comment	2020-11-05 06:41:51 -05:00
Patrick Schleizer	7952139731	comment	2020-11-05 06:39:32 -05:00
Patrick Schleizer	bb72c1278d	copyright	2020-11-05 06:36:39 -05:00
Patrick Schleizer	5c81e1f23f	import from anon-gpg-conf	2020-04-06 09:25:45 -04:00
Patrick Schleizer	1188a44f47	port to python 3.7	2020-04-04 16:49:30 -04:00
Patrick Schleizer	2ceea8d1fe	update copyright year	2020-04-01 08:49:59 -04:00
Patrick Schleizer	649ec5dfa1	pkexec wrapper: fix gdebi / synaptic but at cost of checking for passwordless sudo /etc/suders /etc/sudoers.d exceptions. http://forums.whonix.org/t/cannot-use-pkexec/8129/53	2020-02-29 04:59:56 -05:00
Patrick Schleizer	9bbae903fe	remove-system.map: lower verbosity output	2020-02-15 05:29:48 -05:00
madaidan	31009f0bfa	Shred System.map files	2020-02-14 23:46:19 +00:00
Patrick Schleizer	1f6ed2cc70	add support for passing parameters to usr/lib/security-misc/apt-get-update	2020-02-03 08:55:20 -05:00
Patrick Schleizer	8627c9f76d	/usr/lib/security-misc/apt-get-update increase default timeout_after="600"	2020-01-31 12:18:02 -05:00
Patrick Schleizer	829e28aa90	/usr/lib/security-misc/apt-get-update environment variable timeout_after kill_after support	2020-01-31 12:17:07 -05:00
Patrick Schleizer	d4a37b6df2	remove-system.map: source /usr/lib/helper-scripts/pre.bsh	2020-01-24 03:18:17 -05:00
Patrick Schleizer	18041efa2f	fix pam tally2 check when read-only disk boot without ro-mode-init or grub-live	2020-01-21 10:01:17 -05:00
Patrick Schleizer	80159545a5	fix xfce4-power-manager xfpm-power-backlight-helper pkexec lxsudo popup https://forums.whonix.org/t/xfce4-power-manager-xfpm-power-backlight-helper-pkexec-lxsudo-popup/8764 do show lxqt-sudo password prompt if there is a sudoers exceptoin improved pkexec wrapper logging	2020-01-15 02:42:10 -05:00
Patrick Schleizer	d90ca4b1ad	refactoring	2020-01-14 15:12:13 -05:00
Patrick Schleizer	082f04f2d4	add logging to pkexec wrapper	2020-01-14 15:04:58 -05:00
Patrick Schleizer	5031e7cc4b	better output if trying to login with non-existing user	2019-12-31 08:18:38 -05:00
Patrick Schleizer	20697db3ee	improve console lockdown info output	2019-12-31 02:53:02 -05:00
Patrick Schleizer	788914de95	group ssh check was removed https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/27	2019-12-31 02:46:32 -05:00
Patrick Schleizer	1a0f7a7733	debugging	2019-12-29 04:43:32 -05:00
Patrick Schleizer	5271892cb1	debugging	2019-12-29 04:42:54 -05:00
Patrick Schleizer	683028049c	debugging	2019-12-29 04:41:23 -05:00
Patrick Schleizer	e3e1ff2a31	exit with error if a config line cannot be processed rather than skipping https://forums.whonix.org/t/disable-suid-binaries/7706/59	2019-12-29 04:35:46 -05:00
Patrick Schleizer	d5c99f3a60	output	2019-12-29 04:27:21 -05:00
Patrick Schleizer	04f438f75d	comment	2019-12-24 18:09:37 -05:00
Patrick Schleizer	9da0e428ed	debugging	2019-12-24 17:54:31 -05:00
Patrick Schleizer	e18ec533c3	comment	2019-12-24 17:54:02 -05:00
Patrick Schleizer	f8f2e6c704	fix disablewhitelist feature	2019-12-23 02:35:13 -05:00
Patrick Schleizer	47ddcad0c0	rename keyword whitelist to exactwhitelist add new keyword disablewhitelist refactoring	2019-12-23 02:29:47 -05:00
Patrick Schleizer	34bf245713	output	2019-12-23 01:35:45 -05:00
Patrick Schleizer	ba30e45d15	output	2019-12-23 01:32:42 -05:00
Patrick Schleizer	ee9c5742da	output	2019-12-23 01:29:48 -05:00
Patrick Schleizer	6d05359abc	output	2019-12-23 01:21:52 -05:00
Patrick Schleizer	a1e78e8515	fix needlessly re-adding entries	2019-12-23 01:20:56 -05:00
Patrick Schleizer	906b3d32e7	output	2019-12-23 01:09:57 -05:00
Patrick Schleizer	4f76867da6	lower debugging	2019-12-23 01:08:02 -05:00
Patrick Schleizer	dc6e5d8508	fix	2019-12-23 01:06:38 -05:00
Patrick Schleizer	87b999f92a	refactoring	2019-12-23 00:59:43 -05:00
Patrick Schleizer	065ff4bd05	sanity_tests	2019-12-23 00:59:24 -05:00
Patrick Schleizer	fef1469fe6	exit non-zero if capability removal failed	2019-12-23 00:51:14 -05:00
Patrick Schleizer	17a8c29470	fix capability removal error handling https://forums.whonix.org/t/disable-suid-binaries/7706/45	2019-12-23 00:47:49 -05:00
Patrick Schleizer	b631e2ecd8	refactoring	2019-12-23 00:36:41 -05:00
Patrick Schleizer	7aea304549	comment	2019-12-23 00:26:15 -05:00
Patrick Schleizer	f4b1df02ee	Remove suid / gid and execute permission for 'group' and 'others'. Similar to: chmod og-ugx /path/to/filename Removing execution permission is useful to make binaries such as 'su' fail closed rather than fail open if suid was removed from these. Do not remove read access since no security benefit and easier to manually undo for users. chmod 744	2019-12-22 19:42:40 -05:00
Patrick Schleizer	d300db3cde	output	2019-12-21 14:45:11 -05:00
Patrick Schleizer	3921846df6	comment	2019-12-21 14:36:42 -05:00

1 2 3 4 5 ...

336 Commits