Patrick Schleizer
ce06fdf911
formatting
2019-08-14 05:15:53 -04:00
Patrick Schleizer
21489111d1
run permission lockdown during pam
...
https://forums.whonix.org/t/change-default-umask/7416
2019-08-14 08:34:03 +00:00
Patrick Schleizer
42f2d5f666
description
2019-08-14 07:39:28 +00:00
Patrick Schleizer
52df8dc014
optional pam_umask.so usergroups umask=006
2019-08-14 07:37:21 +00:00
Patrick Schleizer
f210294f40
description
2019-08-14 07:24:24 +00:00
Patrick Schleizer
dbea7d1511
add hook etc/kernel/postinst.d/30_remove-system-map to remove system.map
...
on kernel package upgrade;
self-document this package: during upgrade the following will be written
to stdout:
Setting up linux-image-4.19.0-5-amd64 (4.19.37-5+deb10u2) ...
/etc/kernel/postinst.d/30_remove-system-map:
removed '/boot/System.map-4.19.0-5-amd64
2019-08-14 07:22:14 +00:00
Patrick Schleizer
f1d8cbc9fb
bumped changelog version
2019-08-14 07:02:09 +00:00
Patrick Schleizer
41f4441d9d
readme
2019-08-14 07:01:47 +00:00
Patrick Schleizer
a82448d46a
description
2019-08-14 07:01:25 +00:00
Patrick Schleizer
ff8c097943
Merge remote-tracking branch 'origin/master'
2019-08-14 06:59:50 +00:00
Patrick Schleizer
a8ea379526
Merge pull request #28 from madaidan/patch-22
...
Require all loaded kernel modules to be signed with a valid key.
2019-08-14 06:59:34 +00:00
madaidan
9a49b8ecbb
Create 40_only_allow_signed_modules.cfg
...
Require all loaded kernel modules to be signed with a valid key.
2019-08-13 13:33:07 +00:00
Patrick Schleizer
6f8acf06d7
bumped changelog version
2019-08-11 12:07:07 +00:00
Patrick Schleizer
52cee91283
readme
2019-08-11 11:39:32 +00:00
Patrick Schleizer
aacd9c7679
description
2019-08-11 10:34:38 +00:00
Patrick Schleizer
c0b5c70de4
description
2019-08-11 10:33:22 +00:00
Patrick Schleizer
2f37a66fd0
description
2019-08-11 10:31:29 +00:00
Patrick Schleizer
e83ec79a25
enable usr/share/pam-configs/mkhomedir-security-misc by default
2019-08-11 10:30:51 +00:00
Patrick Schleizer
1eb806a03e
pam_mkhomedir.so umask=006
2019-08-11 10:29:49 +00:00
Patrick Schleizer
c50eb3c9b0
add usr/share/pam-configs/mkhomedir-security-misc based on
...
/usr/share/pam-configs/mkhomedir
2019-08-11 10:28:55 +00:00
Patrick Schleizer
75769151cd
bumped changelog version
2019-08-10 11:37:02 +00:00
Patrick Schleizer
a2fa18c381
pam_tally2.so deny=100
...
during testing, due to issues
d17e25272b
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/12
2019-08-10 07:07:28 -04:00
Patrick Schleizer
d17e25272b
effectively (not directly) add "required pam_tally2.so debug" to /etc/pam.d/common-account
...
This is required because otherwise something like "sudo bash" would count as a
failed login for pam_tally2 even though it was successful.
https://bugzilla.redhat.com/show_bug.cgi?id=707660
https://forums.whonix.org/t/restrict-root-access/7658
2019-08-10 06:06:39 -04:00
Patrick Schleizer
0f896a9d8d
add onerr=fail audit to pam_tally2
2019-08-10 06:05:37 -04:00
Patrick Schleizer
a703865dcf
bumped changelog version
2019-08-01 12:02:41 +00:00
Patrick Schleizer
1fe3036a49
readme
2019-08-01 11:13:43 +00:00
Patrick Schleizer
e076470f68
renamed: usr/share/pam-configs/usergroups -> usr/share/pam-configs/usergroups-security-misc
2019-08-01 11:04:58 +00:00
Patrick Schleizer
830111e99a
split usr/share/pam-configs/security-misc
...
into
usr/share/pam-configs/tally2-security-misc
usr/share/pam-configs/wheel-security-misc
2019-08-01 11:04:22 +00:00
Patrick Schleizer
5d0aec1321
bumped changelog version
2019-07-31 19:12:27 +00:00
Patrick Schleizer
89d32402b2
fix, do not use "," inside /usr/share/pam-configs files
2019-07-31 14:52:29 -04:00
Patrick Schleizer
864de10659
bumped changelog version
2019-07-31 15:17:51 +00:00
Patrick Schleizer
47368ae4fc
readme
2019-07-31 15:15:30 +00:00
Patrick Schleizer
c09fb208d1
bumped changelog version
2019-07-31 07:44:50 +00:00
Patrick Schleizer
ac1220e14b
depend on sudo so group sudo exists during postinst
2019-07-31 07:32:59 +00:00
Patrick Schleizer
09f75fb1ff
description
2019-07-31 07:32:36 +00:00
Patrick Schleizer
2ad087dcd9
description
2019-07-31 07:30:40 +00:00
Patrick Schleizer
404f597c0a
description
2019-07-31 07:29:42 +00:00
Patrick Schleizer
c921872016
description
2019-07-31 07:27:13 +00:00
Patrick Schleizer
39e1b1c5f0
update file path
2019-07-31 07:26:25 +00:00
Patrick Schleizer
cf90668756
lock user accounts after 5 failed authentication attempts using pam_tally2
2019-07-31 03:25:02 -04:00
Patrick Schleizer
3e29761560
debug at the end
2019-07-31 03:17:06 -04:00
Patrick Schleizer
5cdb3edb32
usr/share/pam-configs/wheel -> usr/share/pam-configs/security-misc
2019-07-31 03:16:41 -04:00
Patrick Schleizer
031a1c8751
bumped changelog version
2019-07-22 01:16:18 +00:00
Patrick Schleizer
f38f307b37
Merge remote-tracking branch 'origin/master'
2019-07-21 09:12:33 -04:00
Patrick Schleizer
b2582fbd4c
Merge pull request #26 from fepitre/fix-files
...
Fix files
2019-07-21 12:40:37 +00:00
Frédéric Pierret (fepitre)
077899c23d
Add .gitignore
2019-07-21 11:23:35 +02:00
Frédéric Pierret (fepitre)
5fbe753761
spec: update %files section
...
QubesOS/qubes-issues#1885
2019-07-21 11:23:26 +02:00
Patrick Schleizer
8c538ba318
bumped changelog version
2019-07-17 21:38:26 +00:00
Patrick Schleizer
1c7441ddf1
alias /etc/securetty -> /etc/securetty.security-misc,
2019-07-17 21:16:14 +00:00
Patrick Schleizer
940054d53f
bumped changelog version
2019-07-17 21:08:23 +00:00