Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
1,327 Commits 2 Branches 291 Tags 8.2 MiB
cfae7de6a8
Commit Graph

1327 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Patrick Schleizer
a1819e8cab
comment 2021-03-01 09:15:44 -05:00
Patrick Schleizer
3382192b89
Merge remote-tracking branch 'github/master' 2021-03-01 09:12:18 -05:00
Patrick Schleizer
2e8e3c07c4
Merge pull request #100 from 0xC0ncord/bugfix/selinuxfs_restrictions 
hide-hardware-info: allow unrestricting selinuxfs
 2021-03-01 14:11:28 +00:00
Patrick Schleizer
7f30d70295
bumped changelog version 2021-02-06 06:31:45 -05:00
Patrick Schleizer
83c0be5177
readme 2021-02-06 06:27:54 -05:00
Kenton Groombridge
4db7d6be64
hide-hardware-info: allow unrestricting selinuxfs 
On SELinux systems, the /sys/fs/selinux directory must be visible to
userspace utilities in order to function properly.
 2021-02-06 03:02:08 -05:00
Patrick Schleizer
3120ff3ec9
bumped changelog version 2021-01-29 23:37:03 -05:00
Patrick Schleizer
af3244741d
comment 2021-01-29 23:15:52 -05:00
Patrick Schleizer
d9aaf59105
bumped changelog version 2021-01-28 02:15:46 -05:00
Patrick Schleizer
b0b7f569ee
comment 2021-01-28 02:11:54 -05:00
Patrick Schleizer
f2595cc254
bumped changelog version 2021-01-27 05:50:16 -05:00
Patrick Schleizer
9622f28e25
skip counting failed login attempts from dovecot 
Failed dovecot logins should not result in account getting locked.

revert "use pam_tally2 only for login"
 2021-01-27 05:49:34 -05:00
Patrick Schleizer
480f74cab6
bumped changelog version 2021-01-24 05:10:36 -05:00
Patrick Schleizer
6757104aa4
use pam_tally2 only for login 
to skip counting failed login attempts over ssh and mail login
 2021-01-24 05:04:48 -05:00
Patrick Schleizer
126c31c37d
bumped changelog version 2021-01-19 19:41:43 -05:00
Patrick Schleizer
14d13fb03e
readme 2021-01-19 19:41:42 -05:00
Patrick Schleizer
611fbe2c61
description 2021-01-18 05:39:34 -05:00
Patrick Schleizer
0e8ea5eb72
bumped changelog version 2021-01-14 02:36:49 -05:00
Patrick Schleizer
ddd62c1eef
readme 2021-01-12 03:24:11 -05:00
Patrick Schleizer
468d8b600d
readme 2021-01-12 03:20:58 -05:00
Patrick Schleizer
b5cee63999
new file: README_generic.md 2021-01-12 03:19:31 -05:00
Patrick Schleizer
94627f0875
Merge remote-tracking branch 'github/master' 2021-01-12 03:18:41 -05:00
Patrick Schleizer
79876f7b12
Merge pull request #99 from madaidan/docs 
Overhaul documentation
 2021-01-12 08:17:04 +00:00
madaidan
3066b5ad97
Overhaul documentation 2021-01-12 02:17:13 +00:00
Patrick Schleizer
353e74fb5f
bumped changelog version 2021-01-05 08:30:37 -05:00
Patrick Schleizer
a258f35f38
comment 2021-01-05 02:11:08 -05:00
Patrick Schleizer
a4d7e46141
bumped changelog version 2020-12-10 05:20:57 -05:00
Patrick Schleizer
c5097ed599
comment 2020-12-06 04:23:09 -05:00
Patrick Schleizer
b2b614ed2a
cover more folders in /usr/local 2020-12-06 04:15:52 -05:00
Patrick Schleizer
5bd267d774
refactoring 2020-12-06 04:10:50 -05:00
Patrick Schleizer
11cdce02a0
refactoring 2020-12-06 04:10:10 -05:00
Patrick Schleizer
f73c55f16c
/opt 
https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706/68
 2020-12-06 04:08:58 -05:00
Patrick Schleizer
261ef85c14
bumped changelog version 2020-12-01 05:53:06 -05:00
Patrick Schleizer
c031f22995
SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists 
`whitelists_disable_all=true`
 2020-12-01 05:14:48 -05:00
Patrick Schleizer
b09cc0de6a
Revert "SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists" 
This reverts commit 36a471ebce.
 2020-12-01 05:10:26 -05:00
Patrick Schleizer
704f0500ba
fix, rename 40_default_whitelist_[...].conf to 25_default_whitelist_[...].conf 
since whitelist needs to be defined before SUID removal commands
 2020-12-01 05:03:16 -05:00
Patrick Schleizer
36a471ebce
SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists 
`whitelists_disable_all=true`
 2020-12-01 05:02:34 -05:00
Patrick Schleizer
318ab570aa
simplify disabling of SUID Disabler and Permission Hardener whitelist 
split `/etc/permission-hardening.d/30_default.conf` into multiple files

`/etc/permission-hardening.d/40_default_whitelist_[...].conf`

therefore make it easier to delete any whitelisted SUID binaries
 2020-12-01 04:28:15 -05:00
Patrick Schleizer
cf07e977bd
add /bin/pkexec exactwhitelist for consistency 
since there is already `/usr/bin/pkexec exactwhitelist`
 2020-11-29 09:09:42 -05:00
Patrick Schleizer
fe27483886
bumped changelog version 2020-11-28 06:08:10 -05:00
Patrick Schleizer
28a326a8a1
add feature /usr/lib/security-misc/permission-hardening-undo /path/to/filename 
to allow removing 1 SUID

fix, show INFO message if file does not exist during removal rather than ERROR
 2020-11-28 05:31:12 -05:00
Patrick Schleizer
0ef35f8770
bumped changelog version 2020-11-06 10:18:09 -05:00
Patrick Schleizer
abae787186
usability: pam abort when attempting to login to root when root password is locked 2020-11-05 06:47:16 -05:00
Patrick Schleizer
581e31af81
comment 2020-11-05 06:46:57 -05:00
Patrick Schleizer
dfe9b0f6c7
fix, no longer unconditionally abort pam for user accounts with locked passwords 
as locked user accounts might have valid sudoers exceptions

Thanks to @mimp for the bug report!

https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521
 2020-11-05 06:42:47 -05:00
Patrick Schleizer
211769dc65
comment 2020-11-05 06:41:51 -05:00
Patrick Schleizer
7952139731
comment 2020-11-05 06:39:32 -05:00
Patrick Schleizer
bb72c1278d
copyright 2020-11-05 06:36:39 -05:00
Patrick Schleizer
f4843b1deb
bumped changelog version 2020-10-31 06:29:25 -04:00
Patrick Schleizer
c1e0bb8310
shebang 2020-10-31 06:11:49 -04:00