Commit Graph

516 Commits

Author SHA1 Message Date
Patrick Schleizer
c9d75ef9ea
abort installation if no user is part of group sudo
https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4

Thanks to minimal for the bug report!
2019-10-17 06:46:47 -04:00
Patrick Schleizer
a5045dc26e
set -e 2019-10-17 06:18:32 -04:00
Patrick Schleizer
0b8725306f
renamed: etc/hide-hardware-info.d/30_whitelist.conf -> etc/hide-hardware-info.d/30_default.conf 2019-10-17 06:13:44 -04:00
Patrick Schleizer
4aba027566
syntax check 2019-10-17 06:12:36 -04:00
Patrick Schleizer
8b9aa8841a
fix 2019-10-17 06:11:01 -04:00
Patrick Schleizer
cfbd77040a
set "shopt -s nullglob" to avoid failing when folder /etc/hide-hardware-info.d
does not exist or is empty
2019-10-17 06:10:29 -04:00
Patrick Schleizer
b05663c5f6
shuffle
https://forums.whonix.org/t/restrict-hardware-information-to-root/7329/80
2019-10-17 06:08:55 -04:00
Patrick Schleizer
28a440091d
code simplification 2019-10-17 06:08:16 -04:00
Patrick Schleizer
3c4e261c20
remove trailing spaces 2019-10-17 06:05:23 -04:00
Patrick Schleizer
c8e0303d6d
Merge remote-tracking branch 'origin/master' 2019-10-17 06:04:34 -04:00
Patrick Schleizer
8a42c5b023
Merge pull request #34 from madaidan/whitelist
Add a whitelist for /sys and /proc/cpuinfo
2019-10-17 09:59:12 +00:00
Patrick Schleizer
994ca024c2
Merge pull request #33 from madaidan/documentation
Improve documentation
2019-10-17 06:19:46 +00:00
madaidan
61f742304d
return 0 2019-10-16 19:46:59 +00:00
madaidan
259b1f2c71
Update control 2019-10-16 19:21:24 +00:00
madaidan
ffba0e0179
Elaborate 2019-10-16 19:04:15 +00:00
madaidan
4f5b7816ec
Elaborate 2019-10-16 19:01:49 +00:00
madaidan
99a762d3dc
KASLR is different from ASLR 2019-10-16 18:53:04 +00:00
madaidan
a14a2854c6
Elaborate 2019-10-16 18:52:14 +00:00
madaidan
f08c03ab21
Restrict sysfs/cpuinfo if the whitelist is disabled 2019-10-16 15:39:23 +00:00
madaidan
af607d5eb2
Create sysfs and cpuinfo groups 2019-10-15 21:02:03 +00:00
madaidan
42c1701d5c
Whitelist user@.service 2019-10-15 21:00:03 +00:00
madaidan
a47a2fca8b
Create 30_whitelist.conf 2019-10-15 20:58:58 +00:00
madaidan
6b78dbcd07
Add way to whitelist things 2019-10-15 20:57:02 +00:00
Patrick Schleizer
4b1b3b7d66
bumped changelog version 2019-10-14 10:23:01 +00:00
Patrick Schleizer
c19964360a
readme 2019-10-14 10:10:08 +00:00
Patrick Schleizer
c22738be02
comments 2019-10-07 08:25:45 +00:00
Patrick Schleizer
75f36bc2c9
comments 2019-10-07 08:25:07 +00:00
Patrick Schleizer
e92a8a6966
comments 2019-10-07 08:24:02 +00:00
Patrick Schleizer
60c044a9d6
copyright / comments 2019-10-07 05:30:56 +00:00
Patrick Schleizer
cd2135ff82
comments 2019-10-06 10:18:24 +00:00
Patrick Schleizer
8b4f2befd4
comment out sack by default
https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/8?u=patrick
2019-10-05 13:15:34 +00:00
Patrick Schleizer
02096f8d7c
Revert "undo Disabling TCP SACK, DSACK, FACK"
This reverts commit 5fb4eb8e56.
2019-10-05 13:13:46 +00:00
Patrick Schleizer
62a0239207
bumped changelog version 2019-10-05 11:33:15 +00:00
Patrick Schleizer
54b83ae44d
readme 2019-10-05 07:20:18 -04:00
Patrick Schleizer
5fb4eb8e56
undo Disabling TCP SACK, DSACK, FACK
https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/5
2019-10-05 07:00:47 -04:00
Patrick Schleizer
c19942f72b
Merge remote-tracking branch 'origin/master' 2019-10-05 06:58:27 -04:00
Patrick Schleizer
a33851a3c9
Merge pull request #32 from madaidan/disable-dsack-fack
Disable TCP DSACK and FACK
2019-10-05 10:58:08 +00:00
Patrick Schleizer
213aef6eb9
bumped changelog version 2019-10-05 09:40:26 +00:00
Patrick Schleizer
aaebb32b66
readme 2019-10-05 09:39:05 +00:00
Patrick Schleizer
c87fc75f2a
fix, run remove-system-map.service during sysinit.target 2019-10-05 09:36:21 +00:00
Patrick Schleizer
25b6746784
fix systemd unit file proc-hidepid.service: WantedBy=sysinit.target 2019-10-05 09:14:54 +00:00
Patrick Schleizer
d2bc3a2a08
chmod +x usr/lib/security-misc/hide-hardware-info 2019-10-05 09:14:41 +00:00
Patrick Schleizer
ffe0d62c81
Merge remote-tracking branch 'origin/master' 2019-10-05 04:49:05 -04:00
Patrick Schleizer
7bcf73deaa
Merge pull request #31 from madaidan/hide-hardware-info
Restrict /proc/cpuinfo, /proc/bus, /proc/scsi and /sys to root
2019-10-05 08:46:21 +00:00
madaidan
d0c6bb1e90
Disable TCP DSACK and FACK 2019-10-04 17:35:54 +00:00
madaidan
7345287560
Use sysinit.target instead 2019-10-04 17:32:52 +00:00
madaidan
e06eeec678
Disable hide-hardware-info.service by default 2019-10-03 21:42:06 +00:00
madaidan
87917d2f03
Add licensing 2019-10-03 21:38:07 +00:00
madaidan
b06ab912c0
Add licensing 2019-10-03 21:37:29 +00:00
madaidan
ec5fcf813b
Update control 2019-10-03 20:50:48 +00:00