Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
950 Commits 2 Branches 291 Tags 8.2 MiB
b5a2d1dc58
Commit Graph

950 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Patrick Schleizer
6dd6530fa5
remove hardening-enable 
please invent package security-paranoid instead

https://forums.whonix.org/t/security-hardening-tool-usr-bin-hardening-enable-by-security-misc/8609
 2019-12-20 05:32:26 -05:00
Patrick Schleizer
6c8127e3cd
remove "/lib/ nosuid" from permission hardening 
Takes 1 minute to parse. No SUID binaries there by default.
remount-secure mounts it with nosuid anyhow.
Therefore no processing it here.
 2019-12-20 05:29:37 -05:00
Patrick Schleizer
af0f074987
remount /lib with nosuid,nodev 
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/22
 2019-12-20 05:27:11 -05:00
Patrick Schleizer
7f20160477
comment 2019-12-20 05:24:00 -05:00
Patrick Schleizer
a135ae9400
use must manually enable permission-hardening.service 
until development finished
 2019-12-20 05:22:59 -05:00
Patrick Schleizer
fa6f1e1568
output 2019-12-20 05:19:39 -05:00
Patrick Schleizer
a26cb94bfd
globstar no longer required 2019-12-20 04:49:21 -05:00
Patrick Schleizer
c66e9abe18
comment 2019-12-20 04:48:57 -05:00
Patrick Schleizer
d1d0afff34
fix 
fso: /lib/
usr/lib/security-misc/permission-hardening: line 19: /usr/bin/stat: Argument list too long

https://forums.whonix.org/t/kernel-hardening/7296/326
 2019-12-20 04:48:02 -05:00
Patrick Schleizer
e74d2e4f94
output 2019-12-20 04:23:14 -05:00
Patrick Schleizer
eb86359033
refactoring 2019-12-20 04:20:05 -05:00
Patrick Schleizer
bb84fca184
refactoring 2019-12-20 04:08:46 -05:00
Patrick Schleizer
f92b414195
refactoring 2019-12-20 04:06:28 -05:00
Patrick Schleizer
4c44871e9d
comment 2019-12-20 04:02:05 -05:00
Patrick Schleizer
6876a2eaa8
comment 2019-12-20 04:01:40 -05:00
Patrick Schleizer
35c4fce61b
fix "dpkg-statoverride: warning: stripping trailing /" 2019-12-20 03:54:46 -05:00
Patrick Schleizer
9bd9012ab1
refactoring 2019-12-20 03:46:50 -05:00
Patrick Schleizer
788a2c1ba3
comment 2019-12-20 03:45:01 -05:00
Patrick Schleizer
55933f8876
refactoring 2019-12-20 03:43:36 -05:00
Patrick Schleizer
9e493a9f48
refactoring 2019-12-20 03:42:09 -05:00
Patrick Schleizer
b92a690c16
refactoring 2019-12-20 03:40:47 -05:00
Patrick Schleizer
98535e3a2b
refactoring 2019-12-20 03:39:25 -05:00
Patrick Schleizer
ecbba2fd61
refactoring 2019-12-20 03:38:39 -05:00
Patrick Schleizer
20b8a407ac
refactoring 2019-12-20 03:25:17 -05:00
Patrick Schleizer
6cd9eb44fb
refactoring 2019-12-20 03:24:07 -05:00
Patrick Schleizer
706dba104d
code simplification 2019-12-20 03:19:12 -05:00
Patrick Schleizer
01dd567f8b
fix, if fso has exactly the mode we want (not 3 instead of 4 string length), not need to reset it 2019-12-20 03:16:43 -05:00
Patrick Schleizer
4f65b0fc1e
refactoring 2019-12-20 03:13:27 -05:00
Patrick Schleizer
bfee6b60cb
comment 2019-12-20 03:11:11 -05:00
Patrick Schleizer
d64cdc1247
refactoring 2019-12-20 03:04:41 -05:00
Patrick Schleizer
7c5c65a6c1
comment 2019-12-20 03:04:13 -05:00
Patrick Schleizer
b31d8cd3fc
fix 2019-12-20 03:03:40 -05:00
Patrick Schleizer
c626290673
refactoring 2019-12-20 03:02:26 -05:00
Patrick Schleizer
d5ff1d6f28
refactoring 2019-12-20 03:00:39 -05:00
Patrick Schleizer
640ca1d24d
skip symlinks 
https://forums.whonix.org/t/kernel-hardening/7296/323?
 2019-12-20 02:57:57 -05:00
Patrick Schleizer
cc8f795799
comment 2019-12-20 02:47:04 -05:00
Patrick Schleizer
4e5b222a08
comment 2019-12-20 02:43:33 -05:00
Patrick Schleizer
fa895ee11e
refactoring 2019-12-20 02:40:42 -05:00
Patrick Schleizer
2c163bf439
check string length of permission variable 
https://forums.whonix.org/t/kernel-hardening/7296/322
 2019-12-20 02:39:53 -05:00
Patrick Schleizer
a89befd902
code simplification 2019-12-20 02:20:54 -05:00
Patrick Schleizer
72812da63f
comment 2019-12-20 02:16:32 -05:00
Patrick Schleizer
39a41cc27b
refactoring 2019-12-20 02:14:45 -05:00
Patrick Schleizer
2ed6452590
downgrade to info 2019-12-20 02:12:43 -05:00
Patrick Schleizer
a5e55dfcfc
quotes 2019-12-20 02:11:39 -05:00
Patrick Schleizer
3187cee4fb
output 2019-12-20 02:10:13 -05:00
Patrick Schleizer
5160b4c781
disable xtrace 2019-12-20 02:08:05 -05:00
Patrick Schleizer
27bfe95d25
add echo wrapper 2019-12-20 02:07:49 -05:00
Patrick Schleizer
a6988f3fb8
output 2019-12-20 02:06:31 -05:00
Patrick Schleizer
1819577b88
fix 2019-12-20 02:04:34 -05:00
Patrick Schleizer
278c60c5a0
exit non-zero if some line cannot be parsed 
therefore make systemd notice this

therefore allow the sysadmin to notice this
 2019-12-20 02:01:36 -05:00