security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-26 07:06:26 -05:00

Author	SHA1	Message	Date
Patrick Schleizer	aae472d9cf	Revert "Move apparmor-info, apparmor-watch to security-misc, enable systemd-journald audit transport" This reverts commit `d1e148eba7`.	2025-10-31 10:24:31 -04:00
Aaron Rainbolt	d1e148eba7	Move apparmor-info, apparmor-watch to security-misc, enable systemd-journald audit transport	2025-10-30 23:05:19 -05:00
Patrick Schleizer	cb70f19837	more robust, standardized kernel_cmdline variable detection	2025-10-26 08:06:26 -04:00
Patrick Schleizer	1f093f8175	do not start usbguard-notifier if /sys/bus/usb does not exist	2025-10-22 00:37:36 -04:00
Aaron Rainbolt	29639fe69e	Merge remote-tracking branch 'raja/bad_ipv6_ra' into arraybolt3/trixie	2025-10-15 19:01:08 -05:00
Aaron Rainbolt	026d55ac41	Typo fixes	2025-10-15 18:30:52 -05:00
Aaron Rainbolt	35fce26476	Merge remote-tracking branch 'raja/stop_ptrace' into arraybolt3/trixie	2025-10-15 18:18:33 -05:00
raja-grewal	2304174171	Insert empty new line	2025-10-12 02:32:45 +00:00
raja-grewal	7161430a60	Seperate `ptrace()` disabling into own file	2025-10-12 02:27:48 +00:00
Patrick Schleizer	968de33c65	Force immediate kernel panic on OOM. This is to avoid security features such as the screen locker, kloak, emerg-shutdown from being arbitrarily terminated when the system starts running out of memory. https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14 https://github.com/Kicksecure/security-misc/issues/324 `vm.panic_on_oom=2` implements https://github.com/Kicksecure/security-misc/issues/324	2025-10-10 08:03:03 -04:00
Aaron Rainbolt	718772ea78	Remove unsafe sanitizer compiler flags from emerg-shutdown	2025-10-06 15:03:31 -05:00
raja-grewal	0c8f2f1b44	Add docs about the risks associated with IPv6 RAs	2025-10-02 07:05:00 +00:00
Aaron Rainbolt	60f8153f64	Fix emerg-shutdown gcc build, remove AddressSanitizer from hardening options since it is incompatible with static builds	2025-09-28 15:05:21 -05:00
raja-grewal	194b8fce4e	Disable the usage of `ptrace()` by all processes	2025-09-28 03:20:24 +00:00
Aaron Rainbolt	58cc6731f2	Additional hardening on emerg-shutdown	2025-09-26 00:13:59 -05:00
Aaron Rainbolt	2a39d5997c	security-misc split string changes	2025-09-21 16:06:11 -05:00
Patrick Schleizer	ca90feb8d5	security-misc-server placeholder https://github.com/Kicksecure/security-misc/issues/187	2025-09-19 11:54:04 -04:00
Patrick Schleizer	1b194f9fd6	adjust lintian overrides file https://github.com/Kicksecure/security-misc/issues/187	2025-09-19 10:59:23 -04:00
Patrick Schleizer	f70550d015	Split the `security-misc` into `security-misc-shared`, `security-misc-desktop` and `security-misc-server`: rename files https://github.com/Kicksecure/security-misc/issues/187	2025-09-17 14:49:28 -04:00
Aaron Rainbolt	cd44a7e136	Disable memlockd service by default, fix systemd path	2025-08-22 16:00:25 -05:00
Aaron Rainbolt	28f44d2e1d	Disable emerg-shutdown and ensure-shutdown on Qubes OS	2025-08-22 15:50:28 -05:00
Aaron Rainbolt	53e930b4cc	Merge branch 'master' into arraybolt3/trixie	2025-08-21 20:09:48 -05:00
Aaron Rainbolt	df8a323d03	Fix XDG handling, replace Xfce with LXQt where appropriate, make USBGuard configuration work	2025-08-21 18:39:28 -05:00
Patrick Schleizer	5898a6457a	typo	2025-08-21 06:45:04 -04:00
raja-grewal	e48897cc44	Merge branch 'master' into panic_limits	2025-08-21 10:27:44 +10:00
raja-grewal	add054933b	Update docs on instant reboot when kernel panic	2025-08-21 00:24:28 +00:00
Patrick Schleizer	31fd316e72	comments	2025-08-20 09:48:20 -04:00
Patrick Schleizer	5d67277c9f	comments	2025-08-20 09:46:43 -04:00
raja-grewal	a471069378	Remove link	2025-08-19 11:03:05 +10:00
Aaron Rainbolt	b5a36e02f1	Merge remote-tracking branch 'raja/panic_limits' into arraybolt3/trixie	2025-08-17 13:52:01 -05:00
raja-grewal	6df3e3cde8	Update kernel panic service description	2025-08-17 06:32:11 +00:00
raja-grewal	247015bcc6	Set `sysctl kernel.panic=-1`	2025-08-17 06:27:44 +00:00
raja-grewal	f1de0da69b	Clarify description on panics on oopses and warns	2025-08-16 04:01:12 +00:00
raja-grewal	c33f7d04e2	Remove duplicate comment	2025-08-16 03:32:48 +00:00
Aaron Rainbolt	a2a9e8440b	Merge branch 'trixie_docs' into arraybolt3/trixie	2025-08-15 16:06:35 -05:00
raja-grewal	fce86dccb6	Typo	2025-08-13 10:44:40 +10:00
Aaron Rainbolt	c33ea7be6d	Move security-misc/apt-get-update* to helper-scripts	2025-08-10 15:23:48 -05:00
Aaron Rainbolt	7aa38245de	Merge branch 'arraybolt3/emerg-shutdown' into arraybolt3/trixie	2025-08-09 23:31:55 -05:00
Aaron Rainbolt	c59a3b233b	Fix unexpected shutdowns when booting Kicksecure from optical media	2025-08-09 23:29:42 -05:00
Aaron Rainbolt	4930703b8c	Merge branch 'master' into arraybolt3/trixie	2025-08-09 21:30:45 -05:00
Patrick Schleizer	046c932898	`disable emerg-shutdown.service`: Disabled due to bug: breaks ISO Live Mode Calamares installer	2025-08-09 05:40:11 -04:00
Aaron Rainbolt	5f2425ba6f	Merge branch 'arraybolt3/emerg-shutdown' into arraybolt3/trixie	2025-08-06 20:21:01 -05:00
Aaron Rainbolt	3a77abe5c9	Port hardening options from kloak to emerg-shutdown, fix new compiler warnings	2025-08-06 20:11:02 -05:00
Aaron Rainbolt	0c1af00aae	Implement paranoid mode in emerg-shutdown	2025-08-06 19:33:38 -05:00
Aaron Rainbolt	29480df770	Improve emerg-shutdown usage documentation	2025-08-06 19:25:19 -05:00
Aaron Rainbolt	44e7d3059a	Integrate emerg-shutdown into the initramfs	2025-08-06 19:10:14 -05:00
Aaron Rainbolt	86f44063eb	Port to Trixie.	2025-08-05 22:58:06 -05:00
raja-grewal	498551536c	Update docs	2025-08-06 03:12:06 +00:00
raja-grewal	45d20dd972	Upgrade sysctls and docs on kernel panics	2025-08-06 02:35:15 +00:00
Aaron Rainbolt	5a17e67c0a	Fix local-fs.target dependency in emerg-shutdown.service	2025-08-05 20:14:07 -05:00

1 2 3 4 5 ...

1075 commits