Raja Grewal
|
4e93b4d37e
|
Revert "enforce defualt net.ipv4.ip_forward"
This reverts commit 57b5b2145c .
|
2022-07-13 21:10:39 +10:00 |
|
Raja Grewal
|
a47922ad28
|
enforce of IOMMU TLB invalidation
|
2022-07-13 04:47:07 +10:00 |
|
Raja Grewal
|
33df16af80
|
disables random.trust_bootloader
|
2022-07-13 04:37:03 +10:00 |
|
Raja Grewal
|
d0779a96fc
|
add reference
|
2022-07-13 04:36:34 +10:00 |
|
Raja Grewal
|
74858d257b
|
enable randomize_kstack_offset
|
2022-07-13 04:34:35 +10:00 |
|
Raja Grewal
|
f572332108
|
disable slub_debug
|
2022-07-13 04:32:03 +10:00 |
|
Raja Grewal
|
57b5b2145c
|
enforce defualt net.ipv4.ip_forward
|
2022-07-13 04:30:43 +10:00 |
|
Raja Grewal
|
79156262c9
|
enforce default net.ipv4.icmp_ignore_bogus_error_responses
|
2022-07-13 04:29:42 +10:00 |
|
Raja Grewal
|
dabcaf22e1
|
enforce default kernel.randomize_va_space
|
2022-07-13 04:28:03 +10:00 |
|
Raja Grewal
|
fe0cc10890
|
Updated README.md
|
2022-07-12 17:18:47 +10:00 |
|
Raja Grewal
|
48089e5ba4
|
More verbose kernel module blocking error logs
|
2022-07-12 17:02:12 +10:00 |
|
Raja Grewal
|
40ec791774
|
Updated comments
|
2022-07-12 16:58:16 +10:00 |
|
Raja Grewal
|
ef1ef9917d
|
Blacklist automatic loading of CD-ROM modules
|
2022-07-10 04:53:25 +10:00 |
|
Raja Grewal
|
61ef9bd59f
|
Incorporated Ubuntu’s kernel module blacklists
|
2022-07-10 04:52:00 +10:00 |
|
Patrick Schleizer
|
6aa9a9472f
|
bumped changelog version
|
2022-07-09 11:42:24 -04:00 |
|
Patrick Schleizer
|
3b844eaab2
|
output
|
2022-07-09 11:42:11 -04:00 |
|
Patrick Schleizer
|
73d2c9d921
|
output
|
2022-07-09 11:40:15 -04:00 |
|
Patrick Schleizer
|
adfdac6dea
|
output
|
2022-07-09 11:40:01 -04:00 |
|
Patrick Schleizer
|
1df2cfd1ad
|
comment
|
2022-07-09 11:38:37 -04:00 |
|
Patrick Schleizer
|
fede41e6e0
|
fix
|
2022-07-09 11:38:04 -04:00 |
|
Patrick Schleizer
|
52c46e4706
|
Merge remote-tracking branch 'github-kicksecure/master'
|
2022-07-09 11:37:41 -04:00 |
|
Patrick Schleizer
|
dc41a58102
|
Merge pull request #108 from Krish-sysadmin/master
Continue for loop if unable to change one directory's permission
|
2022-07-09 11:37:57 -04:00 |
|
Patrick Schleizer
|
1b8500cc22
|
bumped changelog version
|
2022-07-07 17:41:13 -04:00 |
|
Patrick Schleizer
|
277749f27b
|
genmkfile debinstfile
|
2022-07-07 15:49:08 -04:00 |
|
Patrick Schleizer
|
eb8535fe87
|
renamed: usr/bin/disabled-by-security-misc -> bin/disabled-by-security-misc
|
2022-07-07 15:48:39 -04:00 |
|
Patrick Schleizer
|
26b2c9727f
|
not blacklist CD-ROM / DVD yet
https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
|
2022-07-07 15:39:40 -04:00 |
|
Patrick Schleizer
|
d5c1650341
|
shuffle
|
2022-07-07 15:28:09 -04:00 |
|
Patrick Schleizer
|
ca19d78d48
|
shuffle
|
2022-07-07 15:27:15 -04:00 |
|
Patrick Schleizer
|
d018bdaf73
|
Merge remote-tracking branch 'raja-gerwal/master'
|
2022-07-07 15:26:08 -04:00 |
|
Raja Grewal
|
780dc8eec9
|
replace /bin/false -> /bin/disabled-by-security-misc
|
2022-07-08 04:11:25 +10:00 |
|
Raja Grewal
|
fa2e30f512
|
Updated descriptions of disabled modules
|
2022-07-08 03:04:37 +10:00 |
|
Raja Grewal
|
da389d6682
|
Revert "replace /bin/false -> /bin/true"
This reverts commit f0511635a9 .
|
2022-07-08 02:12:04 +10:00 |
|
raja-grewal
|
28381e81d4
|
Update README.md
|
2022-07-07 09:28:30 +00:00 |
|
raja-grewal
|
f0511635a9
|
replace /bin/false -> /bin/true
|
2022-07-07 09:27:53 +00:00 |
|
raja-grewal
|
18d67dbc53
|
Blacklist more modules
|
2022-07-07 09:26:55 +00:00 |
|
Patrick Schleizer
|
1b287a6430
|
bumped changelog version
|
2022-07-05 11:16:33 -04:00 |
|
Patrick Schleizer
|
92ff868ece
|
readme
|
2022-07-05 11:05:36 -04:00 |
|
Patrick Schleizer
|
b8ba608535
|
readme
|
2022-07-05 10:57:28 -04:00 |
|
Patrick Schleizer
|
949edf3e17
|
readme
|
2022-07-05 10:48:58 -04:00 |
|
Patrick Schleizer
|
1c0e071948
|
comments
|
2022-07-05 10:45:55 -04:00 |
|
Patrick Schleizer
|
5d47f5f74c
|
comments
|
2022-07-05 10:45:09 -04:00 |
|
Patrick Schleizer
|
435c689cf9
|
comments
|
2022-07-05 10:44:28 -04:00 |
|
Patrick Schleizer
|
c20d588d78
|
comments
|
2022-07-05 10:42:37 -04:00 |
|
Patrick Schleizer
|
8f03ce049a
|
readme
|
2022-07-05 10:41:55 -04:00 |
|
Patrick Schleizer
|
b342ce930e
|
add /etc/default/grub.d/40_cold_boot_attack_defense.cfg
|
2022-07-05 10:28:22 -04:00 |
|
Krish-sysadmin
|
e5f8004a94
|
Update hide-hardware-info
|
2022-07-05 03:37:40 +02:00 |
|
Patrick Schleizer
|
69af8be7b8
|
drop_caches before and after sdmem
|
2022-07-02 19:10:55 -04:00 |
|
Patrick Schleizer
|
67bdd58bf2
|
sync
|
2022-07-02 19:07:06 -04:00 |
|
Patrick Schleizer
|
01b82bf0f0
|
bumped changelog version
|
2022-07-02 18:30:06 -04:00 |
|
Patrick Schleizer
|
973f117aa6
|
wipe RAM at shutdown: Ensure any remaining disk cache is erased by Linux' memory poisoning
by running:
`echo 3 > /proc/sys/vm/drop_caches`
Inspired by Tails:
https://gitlab.tails.boum.org/tails/tails/-/blob/master/config/chroot_local-includes/usr/local/lib/initramfs-pre-shutdown-hook
|
2022-07-02 18:12:36 -04:00 |
|