Commit Graph

1143 Commits

Author SHA1 Message Date
Patrick Schleizer
731d486fa0
refactoring 2019-12-08 01:58:58 -05:00
Patrick Schleizer
221a2df2a2
refactoring 2019-12-08 01:58:37 -05:00
Patrick Schleizer
b871421a54
usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc 2019-12-08 01:57:43 -05:00
Patrick Schleizer
d36669596f
comment 2019-12-08 01:56:30 -05:00
Patrick Schleizer
1a0f353708
comment 2019-12-08 01:47:40 -05:00
Patrick Schleizer
eed1f0a462
comment 2019-12-08 01:46:32 -05:00
Patrick Schleizer
2491b62393
refactoring, add all groups first before adding any users to any groups 2019-12-08 01:43:45 -05:00
Patrick Schleizer
1464f01d19
description 2019-12-08 01:30:42 -05:00
Patrick Schleizer
491dd4d93d
Merge remote-tracking branch 'origin/master' 2019-12-08 01:22:16 -05:00
Patrick Schleizer
a78a7e5571
Merge pull request #41 from madaidan/system.map
Check for more locations of System.map
2019-12-08 06:21:44 +00:00
madaidan
6846a94327
Check for more locations of System.map 2019-12-07 19:38:12 +00:00
Patrick Schleizer
9432d16378
/usr/bin/cat mrix, 2019-12-07 12:13:42 -05:00
Patrick Schleizer
373e8733d3
Merge remote-tracking branch 'origin/master' 2019-12-07 11:34:42 -05:00
Patrick Schleizer
447eb14432
Merge pull request #40 from madaidan/system.map
Remove hyphen from remove-system.map
2019-12-07 16:34:21 +00:00
Patrick Schleizer
c1800b13fe
separate group "ssh" for incoming ssh console permission
Thanks to @madaidan

https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16
2019-12-07 11:26:39 -05:00
madaidan
668b6420de
Remove hyphen 2019-12-07 14:15:02 +00:00
Patrick Schleizer
55225aa30e
description 2019-12-07 07:16:07 -05:00
Patrick Schleizer
34a2bc16c8
description 2019-12-07 07:15:58 -05:00
Patrick Schleizer
d823f06c78
description 2019-12-07 07:13:42 -05:00
Patrick Schleizer
9ba84f34c6
comment 2019-12-07 06:51:59 -05:00
Patrick Schleizer
dc1dfc8c20
output 2019-12-07 06:51:16 -05:00
Patrick Schleizer
8636d2f629
add securetty 2019-12-07 06:51:10 -05:00
Patrick Schleizer
532a1525c2
comment 2019-12-07 06:26:55 -05:00
Patrick Schleizer
14aa6c5077
comment 2019-12-07 06:26:23 -05:00
Patrick Schleizer
8b3f5a555b
add console lockdown to pam info output 2019-12-07 06:25:45 -05:00
Patrick Schleizer
021b06dac9
add hvc0 to hvc9 2019-12-07 06:04:45 -05:00
Patrick Schleizer
8a59662a44
comment 2019-12-07 06:02:45 -05:00
Patrick Schleizer
090ddbe96a
description 2019-12-07 06:00:41 -05:00
Patrick Schleizer
cda6724755
add pts/0 to pts/9 2019-12-07 05:56:57 -05:00
Patrick Schleizer
218cbddba9
comment 2019-12-07 05:52:06 -05:00
Patrick Schleizer
6479c883bf
Console Lockdown.
Allow members of group 'console' to use tty1 to tty7. Everyone else except
members of group 'console-unrestricted' are restricted from using console
using ancient, unpopular login methods such as using /bin/login over networks,
which might be exploitable. (CVE-2001-0797)

Not enabled by default in this package since this package does not know which
users shall be added to group 'console'.

In new Whonix builds, user 'user" will be added to group 'console' and
pam console-lockdown enabled by package anon-base-files.

/usr/share/pam-configs/console-lockdown

/etc/security/access-security-misc.conf

https://forums.whonix.org/t/etc-security-hardening/8592
2019-12-07 05:40:20 -05:00
Patrick Schleizer
52934c9288
bumped changelog version 2019-12-07 02:02:32 -05:00
Patrick Schleizer
6faa977cd7
readme 2019-12-07 02:02:06 -05:00
Patrick Schleizer
6d92d03b31
description 2019-12-07 01:54:50 -05:00
Patrick Schleizer
5a4eda0d05
also support /usr/local/etc/remount-disable and /usr/local/etc/noexec 2019-12-07 01:53:33 -05:00
Patrick Schleizer
0afcc5e798
bumped changelog version 2019-12-06 12:43:21 -05:00
Patrick Schleizer
2954dcbccf
minor 2019-12-06 12:24:55 -05:00
Patrick Schleizer
f3647e7478
RemainAfterExit=yes 2019-12-06 12:18:18 -05:00
Patrick Schleizer
af0cf058e7
bumped changelog version 2019-12-06 11:18:20 -05:00
Patrick Schleizer
9b14f24d5e
refactoring 2019-12-06 11:17:32 -05:00
Patrick Schleizer
a6133f5912
output 2019-12-06 11:16:43 -05:00
Patrick Schleizer
c1ea35e2ef
output 2019-12-06 11:15:54 -05:00
Patrick Schleizer
4bec41379d
fix remount with noexec if /etc/noexec exists 2019-12-06 11:15:13 -05:00
Patrick Schleizer
bff425fec2
bumped changelog version 2019-12-06 09:32:18 -05:00
Patrick Schleizer
b22289f2a8
readme 2019-12-06 09:30:05 -05:00
Patrick Schleizer
470cad6e91
remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
2019-12-06 05:14:02 -05:00
Patrick Schleizer
8cf5ed990a
comment 2019-12-05 15:52:24 -05:00
Patrick Schleizer
19add3299c
Merge remote-tracking branch 'origin/master' 2019-12-05 15:46:19 -05:00
Patrick Schleizer
9679292878
Merge pull request #39 from madaidan/rp_filter
Enable reverse path filtering
2019-12-05 20:33:47 +00:00
madaidan
af9e19c51f
Update control 2019-12-05 20:14:55 +00:00