Patrick Schleizer
|
cd8efe5800
|
output
|
2019-12-20 11:03:22 -05:00 |
|
Patrick Schleizer
|
c0ddb76d74
|
bumped changelog version
|
2019-12-20 10:50:51 -05:00 |
|
Patrick Schleizer
|
b31abea0af
|
improve error handling
|
2019-12-20 10:49:31 -05:00 |
|
Patrick Schleizer
|
79cd3b86b6
|
comment
|
2019-12-20 10:47:23 -05:00 |
|
Patrick Schleizer
|
b3458cc6ee
|
fix checking existing entries to avoid needless calls to dpkg-statoverride
|
2019-12-20 10:45:59 -05:00 |
|
Patrick Schleizer
|
370f3c5e54
|
comment
|
2019-12-20 10:35:05 -05:00 |
|
Patrick Schleizer
|
133d09f298
|
output
|
2019-12-20 10:33:16 -05:00 |
|
Patrick Schleizer
|
1ffa8e197e
|
speed up setuid removal by using find with '-perm /u=s,g=s'
https://forums.whonix.org/t/permission-hardening/8655/19
|
2019-12-20 10:31:26 -05:00 |
|
Patrick Schleizer
|
4cfdf2c65b
|
fix, re-enforce nosuid even if changed on the disk
|
2019-12-20 10:21:27 -05:00 |
|
Patrick Schleizer
|
e36868e675
|
output
|
2019-12-20 10:02:46 -05:00 |
|
Patrick Schleizer
|
50b8f65490
|
add sanity test: count if we really processed all files
|
2019-12-20 09:59:28 -05:00 |
|
Patrick Schleizer
|
e28da89253
|
/bin/sudo whitelist / /bin/bwrap whitelist
|
2019-12-20 09:48:06 -05:00 |
|
Patrick Schleizer
|
55faa7b997
|
fix missing processing files bug
https://forums.whonix.org/t/permission-hardening/8655/16
|
2019-12-20 09:43:23 -05:00 |
|
Patrick Schleizer
|
fbe2479f48
|
count processed file system objects
to be able to verify if any were "forgotten"
|
2019-12-20 08:54:56 -05:00 |
|
Patrick Schleizer
|
195ea522f5
|
fix
|
2019-12-20 08:52:14 -05:00 |
|
Patrick Schleizer
|
6f8231be70
|
debugging
|
2019-12-20 08:51:55 -05:00 |
|
Patrick Schleizer
|
ed50f98010
|
output
|
2019-12-20 08:47:22 -05:00 |
|
Patrick Schleizer
|
089c40135f
|
bumped changelog version
|
2019-12-20 08:15:00 -05:00 |
|
Patrick Schleizer
|
6d30e3b4a2
|
do not remove suid from whitelisted binaries ever
https://forums.whonix.org/t/permission-hardening/8655/13
|
2019-12-20 08:13:23 -05:00 |
|
Patrick Schleizer
|
d5f1bd8dd2
|
fix mode sanity check
no longer use seq due to issue
https://forums.whonix.org/t/permission-hardening/8655/13
|
2019-12-20 08:02:30 -05:00 |
|
Patrick Schleizer
|
ddc0eec63d
|
bumped changelog version
|
2019-12-20 07:12:36 -05:00 |
|
Patrick Schleizer
|
65248a94ef
|
readme
|
2019-12-20 07:06:50 -05:00 |
|
Patrick Schleizer
|
8e112c3423
|
description
|
2019-12-20 06:53:24 -05:00 |
|
Patrick Schleizer
|
24ea70384b
|
description
|
2019-12-20 06:53:03 -05:00 |
|
Patrick Schleizer
|
0ae3e689b5
|
comment
|
2019-12-20 06:35:02 -05:00 |
|
Patrick Schleizer
|
050f4d8b94
|
comment
|
2019-12-20 06:34:37 -05:00 |
|
Patrick Schleizer
|
36043fe5cc
|
comment
|
2019-12-20 06:33:41 -05:00 |
|
Patrick Schleizer
|
fb4254547b
|
comment
|
2019-12-20 06:32:04 -05:00 |
|
Patrick Schleizer
|
cca0908d9a
|
fix
|
2019-12-20 06:11:38 -05:00 |
|
Patrick Schleizer
|
e254b8b52d
|
fix
|
2019-12-20 06:09:17 -05:00 |
|
Patrick Schleizer
|
7f8b3c76de
|
output
|
2019-12-20 06:02:17 -05:00 |
|
Patrick Schleizer
|
071c64dc41
|
enable 'set -e'
|
2019-12-20 06:01:49 -05:00 |
|
Patrick Schleizer
|
b97c66707c
|
minor
|
2019-12-20 05:59:05 -05:00 |
|
Patrick Schleizer
|
17b4f12276
|
output
|
2019-12-20 05:58:42 -05:00 |
|
Patrick Schleizer
|
48fe7312bf
|
update config
|
2019-12-20 05:57:41 -05:00 |
|
Patrick Schleizer
|
87d820d84c
|
comment
|
2019-12-20 05:54:16 -05:00 |
|
Patrick Schleizer
|
918cbb4e25
|
output
|
2019-12-20 05:51:25 -05:00 |
|
Patrick Schleizer
|
c8cf09a4cb
|
output
|
2019-12-20 05:50:16 -05:00 |
|
Patrick Schleizer
|
46466c12ad
|
parse drop-in config folder rather than only one config file
|
2019-12-20 05:49:11 -05:00 |
|
Patrick Schleizer
|
66fd31189d
|
improve output if set-user-id / set-group-id is set
|
2019-12-20 05:37:33 -05:00 |
|
Patrick Schleizer
|
6dd6530fa5
|
remove hardening-enable
please invent package security-paranoid instead
https://forums.whonix.org/t/security-hardening-tool-usr-bin-hardening-enable-by-security-misc/8609
|
2019-12-20 05:32:26 -05:00 |
|
Patrick Schleizer
|
6c8127e3cd
|
remove "/lib/ nosuid" from permission hardening
Takes 1 minute to parse. No SUID binaries there by default.
remount-secure mounts it with nosuid anyhow.
Therefore no processing it here.
|
2019-12-20 05:29:37 -05:00 |
|
Patrick Schleizer
|
af0f074987
|
remount /lib with nosuid,nodev
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/22
|
2019-12-20 05:27:11 -05:00 |
|
Patrick Schleizer
|
7f20160477
|
comment
|
2019-12-20 05:24:00 -05:00 |
|
Patrick Schleizer
|
a135ae9400
|
use must manually enable permission-hardening.service
until development finished
|
2019-12-20 05:22:59 -05:00 |
|
Patrick Schleizer
|
fa6f1e1568
|
output
|
2019-12-20 05:19:39 -05:00 |
|
Patrick Schleizer
|
a26cb94bfd
|
globstar no longer required
|
2019-12-20 04:49:21 -05:00 |
|
Patrick Schleizer
|
c66e9abe18
|
comment
|
2019-12-20 04:48:57 -05:00 |
|
Patrick Schleizer
|
d1d0afff34
|
fix
fso: /lib/
usr/lib/security-misc/permission-hardening: line 19: /usr/bin/stat: Argument list too long
https://forums.whonix.org/t/kernel-hardening/7296/326
|
2019-12-20 04:48:02 -05:00 |
|
Patrick Schleizer
|
e74d2e4f94
|
output
|
2019-12-20 04:23:14 -05:00 |
|