security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-10 09:38:32 -05:00

Author	SHA1	Message	Date
Patrick Schleizer	c17485baa1	Merge remote-tracking branch 'github-kicksecure/master'	2025-01-10 10:32:26 -05:00
Patrick Schleizer	e9ef3602dd	Merge pull request #292 from raja-grewal/cpu_table Add link to tabular comparison of CPU mitigations	2025-01-10 10:30:34 -05:00
Patrick Schleizer	1b33e83529	Merge pull request #291 from raja-grewal/drop_gratuitous_arp Drop gratuitous ARP packets	2025-01-10 10:29:30 -05:00
Patrick Schleizer	486757bfae	Merge pull request #290 from raja-grewal/arp_ignore Respond to ARP requests only if the target IP address is on-link	2025-01-10 10:29:12 -05:00
Patrick Schleizer	17ff249150	Merge pull request #289 from raja-grewal/arp_filter Enable ARP filtering	2025-01-10 10:28:48 -05:00
Patrick Schleizer	27d19ba568	Merge pull request #288 from raja-grewal/shared_media Deny sending and receiving shared media redirects	2025-01-10 10:28:05 -05:00
Patrick Schleizer	482960d056	permission-hardener: move to new state folder `/var/lib/permission-hardener-v2` without migration https://github.com/Kicksecure/security-misc/pull/294	2025-01-10 10:21:12 -05:00
raja-grewal	cf435a8fa8	README.md: Note importance of microcode updates	2025-01-10 13:22:21 +11:00
Patrick Schleizer	3a31cc99b3	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/usrmerge'	2025-01-09 09:30:58 -05:00
raja-grewal	538b312349	Add comment about microcode updates	2025-01-09 15:28:56 +11:00
raja-grewal	1f8eee4720	Add missing sentence full stop	2025-01-08 18:36:00 +11:00
raja-grewal	5e3785d76e	README.md: Remove double space	2025-01-08 18:35:52 +11:00
Aaron Rainbolt	5941195e96	Don't worry about files under /bin anymore, Bookworm uses a merged /usr directory	2025-01-07 14:10:46 -06:00
Patrick Schleizer	c4cfb8597d	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/permission-hardener-refactor'	2025-01-06 08:43:54 -05:00
Patrick Schleizer	c6be621968	bumped changelog version	2025-01-06 10:31:40 +00:00
Patrick Schleizer	6e0787957b	increase priority of pam wheel so it is checked even before faillock in case of attemtping to use `su` without being a member of the required group `sudo`, it's useful to abort the PAM stack as early as possible to avoid needlessly propmting for a password to later be rejected tu to lack of group membership	2025-01-06 05:29:40 -05:00
Patrick Schleizer	d4767b7520	fix: apply PAM wheal only to `su` PAM service	2025-01-06 04:24:44 -05:00
Aaron Rainbolt	93ebf176c5	Make the main field count check in permission-hardener a bit more elegant	2025-01-02 20:42:06 -05:00
Aaron Rainbolt	895c0f541f	Merge branch 'master' into arraybolt3/permission-hardener-refactor	2025-01-01 15:04:01 -06:00
Patrick Schleizer	40b23cfad4	bumped changelog version	2024-12-31 18:42:01 +00:00
Patrick Schleizer	33114f771a	copyright	2024-12-31 13:26:21 -05:00
Patrick Schleizer	bb24bff296	bumped changelog version	2024-12-31 14:09:34 +00:00
Patrick Schleizer	0640964c35	readme	2024-12-31 06:14:29 -05:00
Aaron Rainbolt	717e6fcfbe	Post-review improvements to permission-hardener	2024-12-30 21:34:23 -06:00
Aaron Rainbolt	dbcb612517	Polish permission-hardener refactor	2024-12-26 00:43:26 -06:00
Patrick Schleizer	397b476a82	bumped changelog version	2024-12-26 04:12:02 +00:00
Patrick Schleizer	66f8c18c65	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint'	2024-12-25 22:43:04 -05:00
Aaron Rainbolt	83d3867959	Refactor permission-hardener to be more idempotent	2024-12-25 16:53:55 -06:00
Aaron Rainbolt	6602fb102d	Adjust pam-info messaging for sysmaint mode	2024-12-24 20:52:34 -06:00
Patrick Schleizer	aa82202e70	bumped changelog version	2024-12-24 05:16:22 +00:00
Patrick Schleizer	27d015d58e	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint'	2024-12-24 00:08:58 -05:00
Aaron Rainbolt	2f3a2bce77	Add warning about using non-sysmaint accounts in sysmaint mode	2024-12-20 11:04:22 -06:00
Patrick Schleizer	3c73c0cd3a	bumped changelog version	2024-12-20 06:01:27 +00:00
Patrick Schleizer	a4c76c617a	syntax fix	2024-12-20 01:01:13 -05:00
Patrick Schleizer	b40bc0a2c9	bumped changelog version	2024-12-20 05:58:24 +00:00
Patrick Schleizer	b21c394ea5	Trigger permission hardener when new configuration files are being installed.	2024-12-20 00:56:20 -05:00
Patrick Schleizer	cd027b86e7	bumped changelog version	2024-12-20 05:48:48 +00:00
Patrick Schleizer	ad6e1f5ad4	move from `/etc/permission-hardener.d` to `/usr/lib/permission-hardener.d`	2024-12-20 00:41:06 -05:00
Patrick Schleizer	a2c1e8c218	clean up old files in `/etc/permission-hardener.d` because will be moved to `/usr/lib/permission-hardener.d`	2024-12-20 00:39:51 -05:00
Patrick Schleizer	6de5d2d076	permission hardener: also parse `/usr/lib/permission-hardener.d/*.conf` folder	2024-12-20 00:37:44 -05:00
Patrick Schleizer	721b100fb6	bumped changelog version	2024-12-19 10:58:50 +00:00
raja-grewal	642b4eeedc	Add link to tabular comparison of CPU mitigations	2024-12-19 21:57:25 +11:00
Patrick Schleizer	175b442d5b	use long option name	2024-12-19 05:56:50 -05:00
Patrick Schleizer	c99021bb0c	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint'	2024-12-19 05:56:01 -05:00
raja-grewal	2e6e1701a0	Set `net.ipv4.conf.*.drop_gratuitous_arp=1`	2024-12-19 10:35:08 +00:00
raja-grewal	c37f4efadf	Set `net.ipv4.conf.*.arp_ignore=2`	2024-12-19 10:33:49 +00:00
raja-grewal	af1d06973b	Set `net.ipv4.conf.*.arp_filter=1`	2024-12-19 10:31:43 +00:00
raja-grewal	750367a906	Set `net.ipv4.conf.*.shared_media=0`	2024-12-19 10:29:56 +00:00
Patrick Schleizer	95b535764c	bumped changelog version	2024-12-19 09:43:26 +00:00
Patrick Schleizer	daf0a0900b	fix apt-get-update for non-English locale https://forums.kicksecure.com/t/systemcheck-reports-warning-debian-package-update-check-result-apt-get-reports-that-packages-can-be-updated-but-system-is-already-fully-upgraded/785	2024-12-19 04:39:34 -05:00

1 2 3 4 5 ...

2537 Commits