Patrick Schleizer
731d486fa0
refactoring
2019-12-08 01:58:58 -05:00
Patrick Schleizer
221a2df2a2
refactoring
2019-12-08 01:58:37 -05:00
Patrick Schleizer
b871421a54
usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc
2019-12-08 01:57:43 -05:00
Patrick Schleizer
d36669596f
comment
2019-12-08 01:56:30 -05:00
Patrick Schleizer
1a0f353708
comment
2019-12-08 01:47:40 -05:00
Patrick Schleizer
eed1f0a462
comment
2019-12-08 01:46:32 -05:00
Patrick Schleizer
2491b62393
refactoring, add all groups first before adding any users to any groups
2019-12-08 01:43:45 -05:00
Patrick Schleizer
1464f01d19
description
2019-12-08 01:30:42 -05:00
Patrick Schleizer
491dd4d93d
Merge remote-tracking branch 'origin/master'
2019-12-08 01:22:16 -05:00
Patrick Schleizer
a78a7e5571
Merge pull request #41 from madaidan/system.map
...
Check for more locations of System.map
2019-12-08 06:21:44 +00:00
madaidan
6846a94327
Check for more locations of System.map
2019-12-07 19:38:12 +00:00
Patrick Schleizer
9432d16378
/usr/bin/cat mrix,
2019-12-07 12:13:42 -05:00
Patrick Schleizer
373e8733d3
Merge remote-tracking branch 'origin/master'
2019-12-07 11:34:42 -05:00
Patrick Schleizer
447eb14432
Merge pull request #40 from madaidan/system.map
...
Remove hyphen from remove-system.map
2019-12-07 16:34:21 +00:00
Patrick Schleizer
c1800b13fe
separate group "ssh" for incoming ssh console permission
...
Thanks to @madaidan
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16
2019-12-07 11:26:39 -05:00
madaidan
668b6420de
Remove hyphen
2019-12-07 14:15:02 +00:00
Patrick Schleizer
55225aa30e
description
2019-12-07 07:16:07 -05:00
Patrick Schleizer
34a2bc16c8
description
2019-12-07 07:15:58 -05:00
Patrick Schleizer
d823f06c78
description
2019-12-07 07:13:42 -05:00
Patrick Schleizer
9ba84f34c6
comment
2019-12-07 06:51:59 -05:00
Patrick Schleizer
dc1dfc8c20
output
2019-12-07 06:51:16 -05:00
Patrick Schleizer
8636d2f629
add securetty
2019-12-07 06:51:10 -05:00
Patrick Schleizer
532a1525c2
comment
2019-12-07 06:26:55 -05:00
Patrick Schleizer
14aa6c5077
comment
2019-12-07 06:26:23 -05:00
Patrick Schleizer
8b3f5a555b
add console lockdown to pam info output
2019-12-07 06:25:45 -05:00
Patrick Schleizer
021b06dac9
add hvc0 to hvc9
2019-12-07 06:04:45 -05:00
Patrick Schleizer
8a59662a44
comment
2019-12-07 06:02:45 -05:00
Patrick Schleizer
090ddbe96a
description
2019-12-07 06:00:41 -05:00
Patrick Schleizer
cda6724755
add pts/0 to pts/9
2019-12-07 05:56:57 -05:00
Patrick Schleizer
218cbddba9
comment
2019-12-07 05:52:06 -05:00
Patrick Schleizer
6479c883bf
Console Lockdown.
...
Allow members of group 'console' to use tty1 to tty7. Everyone else except
members of group 'console-unrestricted' are restricted from using console
using ancient, unpopular login methods such as using /bin/login over networks,
which might be exploitable. (CVE-2001-0797)
Not enabled by default in this package since this package does not know which
users shall be added to group 'console'.
In new Whonix builds, user 'user" will be added to group 'console' and
pam console-lockdown enabled by package anon-base-files.
/usr/share/pam-configs/console-lockdown
/etc/security/access-security-misc.conf
https://forums.whonix.org/t/etc-security-hardening/8592
2019-12-07 05:40:20 -05:00
Patrick Schleizer
52934c9288
bumped changelog version
2019-12-07 02:02:32 -05:00
Patrick Schleizer
6faa977cd7
readme
2019-12-07 02:02:06 -05:00
Patrick Schleizer
6d92d03b31
description
2019-12-07 01:54:50 -05:00
Patrick Schleizer
5a4eda0d05
also support /usr/local/etc/remount-disable and /usr/local/etc/noexec
2019-12-07 01:53:33 -05:00
Patrick Schleizer
0afcc5e798
bumped changelog version
2019-12-06 12:43:21 -05:00
Patrick Schleizer
2954dcbccf
minor
2019-12-06 12:24:55 -05:00
Patrick Schleizer
f3647e7478
RemainAfterExit=yes
2019-12-06 12:18:18 -05:00
Patrick Schleizer
af0cf058e7
bumped changelog version
2019-12-06 11:18:20 -05:00
Patrick Schleizer
9b14f24d5e
refactoring
2019-12-06 11:17:32 -05:00
Patrick Schleizer
a6133f5912
output
2019-12-06 11:16:43 -05:00
Patrick Schleizer
c1ea35e2ef
output
2019-12-06 11:15:54 -05:00
Patrick Schleizer
4bec41379d
fix remount with noexec if /etc/noexec exists
2019-12-06 11:15:13 -05:00
Patrick Schleizer
bff425fec2
bumped changelog version
2019-12-06 09:32:18 -05:00
Patrick Schleizer
b22289f2a8
readme
2019-12-06 09:30:05 -05:00
Patrick Schleizer
470cad6e91
remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
...
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
2019-12-06 05:14:02 -05:00
Patrick Schleizer
8cf5ed990a
comment
2019-12-05 15:52:24 -05:00
Patrick Schleizer
19add3299c
Merge remote-tracking branch 'origin/master'
2019-12-05 15:46:19 -05:00
Patrick Schleizer
9679292878
Merge pull request #39 from madaidan/rp_filter
...
Enable reverse path filtering
2019-12-05 20:33:47 +00:00
madaidan
af9e19c51f
Update control
2019-12-05 20:14:55 +00:00