Patrick Schleizer
|
b3458cc6ee
|
fix checking existing entries to avoid needless calls to dpkg-statoverride
|
2019-12-20 10:45:59 -05:00 |
|
Patrick Schleizer
|
370f3c5e54
|
comment
|
2019-12-20 10:35:05 -05:00 |
|
Patrick Schleizer
|
133d09f298
|
output
|
2019-12-20 10:33:16 -05:00 |
|
Patrick Schleizer
|
1ffa8e197e
|
speed up setuid removal by using find with '-perm /u=s,g=s'
https://forums.whonix.org/t/permission-hardening/8655/19
|
2019-12-20 10:31:26 -05:00 |
|
Patrick Schleizer
|
4cfdf2c65b
|
fix, re-enforce nosuid even if changed on the disk
|
2019-12-20 10:21:27 -05:00 |
|
Patrick Schleizer
|
e36868e675
|
output
|
2019-12-20 10:02:46 -05:00 |
|
Patrick Schleizer
|
50b8f65490
|
add sanity test: count if we really processed all files
|
2019-12-20 09:59:28 -05:00 |
|
Patrick Schleizer
|
55faa7b997
|
fix missing processing files bug
https://forums.whonix.org/t/permission-hardening/8655/16
|
2019-12-20 09:43:23 -05:00 |
|
Patrick Schleizer
|
fbe2479f48
|
count processed file system objects
to be able to verify if any were "forgotten"
|
2019-12-20 08:54:56 -05:00 |
|
Patrick Schleizer
|
195ea522f5
|
fix
|
2019-12-20 08:52:14 -05:00 |
|
Patrick Schleizer
|
6f8231be70
|
debugging
|
2019-12-20 08:51:55 -05:00 |
|
Patrick Schleizer
|
ed50f98010
|
output
|
2019-12-20 08:47:22 -05:00 |
|
Patrick Schleizer
|
6d30e3b4a2
|
do not remove suid from whitelisted binaries ever
https://forums.whonix.org/t/permission-hardening/8655/13
|
2019-12-20 08:13:23 -05:00 |
|
Patrick Schleizer
|
d5f1bd8dd2
|
fix mode sanity check
no longer use seq due to issue
https://forums.whonix.org/t/permission-hardening/8655/13
|
2019-12-20 08:02:30 -05:00 |
|
Patrick Schleizer
|
0ae3e689b5
|
comment
|
2019-12-20 06:35:02 -05:00 |
|
Patrick Schleizer
|
050f4d8b94
|
comment
|
2019-12-20 06:34:37 -05:00 |
|
Patrick Schleizer
|
36043fe5cc
|
comment
|
2019-12-20 06:33:41 -05:00 |
|
Patrick Schleizer
|
fb4254547b
|
comment
|
2019-12-20 06:32:04 -05:00 |
|
Patrick Schleizer
|
cca0908d9a
|
fix
|
2019-12-20 06:11:38 -05:00 |
|
Patrick Schleizer
|
e254b8b52d
|
fix
|
2019-12-20 06:09:17 -05:00 |
|
Patrick Schleizer
|
7f8b3c76de
|
output
|
2019-12-20 06:02:17 -05:00 |
|
Patrick Schleizer
|
071c64dc41
|
enable 'set -e'
|
2019-12-20 06:01:49 -05:00 |
|
Patrick Schleizer
|
b97c66707c
|
minor
|
2019-12-20 05:59:05 -05:00 |
|
Patrick Schleizer
|
17b4f12276
|
output
|
2019-12-20 05:58:42 -05:00 |
|
Patrick Schleizer
|
918cbb4e25
|
output
|
2019-12-20 05:51:25 -05:00 |
|
Patrick Schleizer
|
c8cf09a4cb
|
output
|
2019-12-20 05:50:16 -05:00 |
|
Patrick Schleizer
|
46466c12ad
|
parse drop-in config folder rather than only one config file
|
2019-12-20 05:49:11 -05:00 |
|
Patrick Schleizer
|
66fd31189d
|
improve output if set-user-id / set-group-id is set
|
2019-12-20 05:37:33 -05:00 |
|
Patrick Schleizer
|
6dd6530fa5
|
remove hardening-enable
please invent package security-paranoid instead
https://forums.whonix.org/t/security-hardening-tool-usr-bin-hardening-enable-by-security-misc/8609
|
2019-12-20 05:32:26 -05:00 |
|
Patrick Schleizer
|
af0f074987
|
remount /lib with nosuid,nodev
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/22
|
2019-12-20 05:27:11 -05:00 |
|
Patrick Schleizer
|
a135ae9400
|
use must manually enable permission-hardening.service
until development finished
|
2019-12-20 05:22:59 -05:00 |
|
Patrick Schleizer
|
fa6f1e1568
|
output
|
2019-12-20 05:19:39 -05:00 |
|
Patrick Schleizer
|
a26cb94bfd
|
globstar no longer required
|
2019-12-20 04:49:21 -05:00 |
|
Patrick Schleizer
|
c66e9abe18
|
comment
|
2019-12-20 04:48:57 -05:00 |
|
Patrick Schleizer
|
d1d0afff34
|
fix
fso: /lib/
usr/lib/security-misc/permission-hardening: line 19: /usr/bin/stat: Argument list too long
https://forums.whonix.org/t/kernel-hardening/7296/326
|
2019-12-20 04:48:02 -05:00 |
|
Patrick Schleizer
|
e74d2e4f94
|
output
|
2019-12-20 04:23:14 -05:00 |
|
Patrick Schleizer
|
eb86359033
|
refactoring
|
2019-12-20 04:20:05 -05:00 |
|
Patrick Schleizer
|
bb84fca184
|
refactoring
|
2019-12-20 04:08:46 -05:00 |
|
Patrick Schleizer
|
f92b414195
|
refactoring
|
2019-12-20 04:06:28 -05:00 |
|
Patrick Schleizer
|
4c44871e9d
|
comment
|
2019-12-20 04:02:05 -05:00 |
|
Patrick Schleizer
|
6876a2eaa8
|
comment
|
2019-12-20 04:01:40 -05:00 |
|
Patrick Schleizer
|
35c4fce61b
|
fix "dpkg-statoverride: warning: stripping trailing /"
|
2019-12-20 03:54:46 -05:00 |
|
Patrick Schleizer
|
9bd9012ab1
|
refactoring
|
2019-12-20 03:46:50 -05:00 |
|
Patrick Schleizer
|
55933f8876
|
refactoring
|
2019-12-20 03:43:36 -05:00 |
|
Patrick Schleizer
|
9e493a9f48
|
refactoring
|
2019-12-20 03:42:09 -05:00 |
|
Patrick Schleizer
|
b92a690c16
|
refactoring
|
2019-12-20 03:40:47 -05:00 |
|
Patrick Schleizer
|
98535e3a2b
|
refactoring
|
2019-12-20 03:39:25 -05:00 |
|
Patrick Schleizer
|
ecbba2fd61
|
refactoring
|
2019-12-20 03:38:39 -05:00 |
|
Patrick Schleizer
|
20b8a407ac
|
refactoring
|
2019-12-20 03:25:17 -05:00 |
|
Patrick Schleizer
|
6cd9eb44fb
|
refactoring
|
2019-12-20 03:24:07 -05:00 |
|