security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00

Author	SHA1	Message	Date
Patrick Schleizer	cb668459e8	port umask from /etc/pam.d to /usr/share/pam-configs implementation https://forums.whonix.org/t/change-default-umask/7416	2019-07-13 10:35:10 -04:00
Patrick Schleizer	ac25733de8	remove etc/pam.d/common-password.security-misc rounds=65536 due to unclean implementation, see: https://forums.whonix.org/t/restrict-root-access/7658/37	2019-07-13 14:01:53 +00:00
Patrick Schleizer	69b97981f3	convert etc/pam.d/su.security-misc to usr/share/pam-configs/wheel https://forums.whonix.org/t/restrict-root-access/7658/32	2019-07-13 12:33:51 +00:00
Patrick Schleizer	4079632d1a	remove modifying to /etc/pam.d directly (unrelased) config-package-dev displace /etc/securetty remove trailing spaces https://forums.whonix.org/t/restrict-root-access/7658/31	2019-07-13 11:41:37 +00:00
madaidan	b63d4ccb41	Update uncommon-network-protocols.conf	2019-07-11 15:28:56 +00:00
madaidan	4058e283a5	Blacklist more uncommon network protocols	2019-07-10 14:27:19 +00:00
madaidan	d70440aaed	Remove duplicate	2019-07-09 21:57:37 +00:00
madaidan	2d27bdd808	Blacklist more uncommon network protocols	2019-07-09 21:55:37 +00:00
Patrick Schleizer	3df6a44e98	also allow members of group sudo to run /usr/lib/security-misc/panic-on-oops	2019-07-09 06:56:23 -04:00
Patrick Schleizer	0f15303eb4	Merge branch 'master' into patch-16	2019-07-09 10:54:24 +00:00
madaidan	24d9eadcb2	Use 65536 hashing rounds	2019-07-08 23:19:59 +00:00
madaidan	86117d9577	Create common-password.security-misc	2019-07-08 23:19:19 +00:00
madaidan	8ad9a54b09	Don't allow root login from a terminal	2019-07-08 23:17:17 +00:00
madaidan	890298a3c8	Restrict su to users in the root group	2019-07-08 23:15:56 +00:00
madaidan	38099a2a5d	Create su.security-misc	2019-07-08 23:11:17 +00:00
madaidan	2a17427055	Create security-misc	2019-07-08 23:01:30 +00:00
madaidan	4ac700ded0	Create 50panic_on_oops	2019-07-08 22:59:39 +00:00
Patrick Schleizer	e543c4bf82	apparmor fixes (this broke whonixcheck apparmor profile)	2019-07-07 16:37:46 -04:00
Patrick Schleizer	3558a9949f	Enable APT seccomp sandboxing. Thanks to @torjunkie for the suggestion! https://forums.whonix.org/t/apt-seccomp-bpf-sandboxing/7702	2019-07-07 09:37:25 +00:00
madaidan	46409be8b6	Use install instead of blacklist	2019-07-04 14:25:28 +00:00
madaidan	eb7eaffba1	Blacklist n-hdlc	2019-07-04 14:24:44 +00:00
Patrick Schleizer	93c0821054	config-package-dev displace files for change umask https://forums.whonix.org/t/change-default-umask/7416	2019-07-01 13:35:45 +00:00
Patrick Schleizer	a73f0566e9	change default umask to 006 session optional pam_umask.so usergroups https://forums.whonix.org/t/change-default-umask/7416/17	2019-07-01 13:25:23 +00:00
Patrick Schleizer	41b61e3277	revert to Debian buster original	2019-07-01 13:24:29 +00:00
madaidan	eedeaa0e7f	Update common-session-noninteractive	2019-06-30 13:12:59 +00:00
madaidan	a9af85f585	Update common-session	2019-06-30 13:12:16 +00:00
madaidan	1e1d29cfde	Create common-session-noninteractive	2019-06-30 13:11:31 +00:00
madaidan	501901f7c0	Change default umask to 006	2019-06-30 13:10:54 +00:00
madaidan	09a5c27f47	Create common-session	2019-06-30 13:10:29 +00:00
madaidan	a319333493	Create login.defs	2019-06-30 13:09:51 +00:00
madaidan	230ef34db4	Create disable-coredumps.conf	2019-06-30 00:19:04 +00:00
madaidan	1bf802f846	Create coredumps.conf	2019-06-30 00:16:50 +00:00
madaidan	f040081a59	Prevent setuid processes from creating coredumps.	2019-06-30 00:13:52 +00:00
Patrick Schleizer	ab312235ba	Merge pull request #14 from madaidan/patch-10 Add some hardening for other distributions	2019-06-28 06:59:16 +00:00
Patrick Schleizer	5e02100e34	Merge pull request #13 from madaidan/patch-9 Remove System.map and restrict the SysRq key.	2019-06-28 06:58:32 +00:00
Patrick Schleizer	7e12e16dc0	Merge pull request #11 from madaidan/patch-7 Protect against DMA attacks	2019-06-28 06:57:42 +00:00
madaidan	3801a53a9e	Update tcp_hardening.conf	2019-06-27 18:17:58 +00:00
madaidan	c54125270b	Create dmesg_restrict.conf	2019-06-27 18:15:57 +00:00
madaidan	01c839c815	Restrict what the SysRq key can do	2019-06-25 19:16:43 +00:00
Patrick Schleizer	2a6289980e	syntax fix GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt" https://forums.whonix.org/t/kernel-hardening/7296/70	2019-06-23 18:46:52 +00:00
Patrick Schleizer	aec6da28e9	Merge pull request #10 from madaidan/patch-6 Enable more kernel hardening parameters	2019-06-23 18:45:24 +00:00
madaidan	641407c8e9	Enable IOMMU	2019-06-23 18:38:50 +00:00
madaidan	07c6362f1a	Blacklist thunderbolt and firewire	2019-06-23 18:34:45 +00:00
madaidan	2178fb37a8	Add more kernel hardening parameters	2019-06-23 17:54:34 +00:00
madaidan	807ac7d659	Create tcp_sack.conf	2019-06-22 16:08:30 +00:00
Patrick Schleizer	49873e8e02	solve package file conflict https://github.com/QubesOS/qubes-issues/issues/1885#issuecomment-500200375	2019-06-09 10:06:58 +00:00
madaidan	7177c6041a	Create uncommon-network-protocols.conf	2019-05-16 20:30:49 +00:00
Patrick Schleizer	7d7b899dd1	Merge pull request #6 from madaidan/patch-2 Even more kernel hardening	2019-05-16 19:52:52 +00:00
madaidan	b814f338b8	Update tcp_hardening.conf	2019-05-16 16:33:03 +00:00
madaidan	e6794721bd	Update ptrace_scope.conf	2019-05-16 16:29:20 +00:00

1 2

76 Commits