Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
844 Commits 2 Branches 291 Tags 8.2 MiB
b5f88efe20
Commit Graph

31 Commits

Author SHA1 Message Date
Patrick Schleizer
7f20160477
comment 2019-12-20 05:24:00 -05:00
Patrick Schleizer
a135ae9400
use must manually enable permission-hardening.service 
until development finished
 2019-12-20 05:22:59 -05:00
Patrick Schleizer
d80bf036f3
Disable permission hardening now until development finished / tested. 2019-12-09 03:50:43 -05:00
madaidan
d7e2deae92
Create permission-hardening.service 2019-12-08 16:50:54 +00:00
Patrick Schleizer
1227ccd1f7
After=qubes-sysinit.service 2019-12-08 04:37:53 -05:00
Patrick Schleizer
2954dcbccf
minor 2019-12-06 12:24:55 -05:00
Patrick Schleizer
f3647e7478
RemainAfterExit=yes 2019-12-06 12:18:18 -05:00
Patrick Schleizer
470cad6e91
remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in) 
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
 2019-12-06 05:14:02 -05:00
madaidan
e92022a21c
Remove systemd sandboxing 2019-11-16 14:56:28 +00:00
Patrick Schleizer
203d5cfa68
copyright 2019-10-31 11:19:44 -04:00
madaidan
42c1701d5c
Whitelist user@.service 2019-10-15 21:00:03 +00:00
Patrick Schleizer
c87fc75f2a
fix, run remove-system-map.service during sysinit.target 2019-10-05 09:36:21 +00:00
Patrick Schleizer
25b6746784
fix systemd unit file proc-hidepid.service: WantedBy=sysinit.target 2019-10-05 09:14:54 +00:00
madaidan
7345287560
Use sysinit.target instead 2019-10-04 17:32:52 +00:00
madaidan
e06eeec678
Disable hide-hardware-info.service by default 2019-10-03 21:42:06 +00:00
madaidan
b06ab912c0
Add licensing 2019-10-03 21:37:29 +00:00
madaidan
ce97e5ed82
Create hide-hardware-info.service 2019-10-03 20:45:29 +00:00
Patrick Schleizer
fbd1a5bde9
hidepid before sysinit.target 2019-09-10 12:23:00 -04:00
madaidan
932524cbd1
Move disable-coredumps.conf to correct position 2019-07-10 15:28:48 +00:00
Patrick Schleizer
f82731698c
re-enable PrivateNetwork=true 2019-07-01 14:53:01 +00:00
Patrick Schleizer
24cc8e380d
comment out proc-hidepid.service hardening for now 
since broken in Qubes Debian AppVMs

https://forums.whonix.org/t/kernel-hardening/7296/104
 2019-07-01 03:43:02 -04:00
Patrick Schleizer
0bffc7a930
Merge remote-tracking branch 'origin/master' 2019-07-01 03:08:26 -04:00
Patrick Schleizer
3c176ce158
allow permissions openat mkdir 
since required in Qubes Debian templates
 2019-07-01 03:07:14 -04:00
madaidan
b8f2aee905
Add licensing 2019-06-30 13:22:43 +00:00
Patrick Schleizer
67de5247c8
Merge branch 'master' into patch-13 2019-06-30 08:10:04 +00:00
madaidan
c6b669f1a5
Create disable-coredumps.conf 2019-06-30 00:11:13 +00:00
madaidan
a2c676ed48
Update proc-hidepid.service 2019-06-29 22:28:41 +00:00
madaidan
dcf57bebf0
Create proc-hidepid.service 2019-06-29 22:27:24 +00:00
Patrick Schleizer
36c2b1d283
fix lintian warning 2019-06-28 07:18:30 +00:00
madaidan
b809185008
Update remove-system-map.service 2019-06-27 16:09:52 +00:00
madaidan
3116a56f13
Create remove-system-map.service 2019-06-25 19:25:32 +00:00