Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-29 14:16:42 -05:00
Code Issues Projects Releases Packages Wiki Activity
2809 commits 2 branches 291 tags 8.2 MiB
Commit graph

275 commits

Author SHA1 Message Date
raja-grewal
e48897cc44
Merge branch 'master' into panic_limits 2025-08-21 10:27:44 +10:00
raja-grewal
add054933b
Update docs on instant reboot when kernel panic 2025-08-21 00:24:28 +00:00
Patrick Schleizer
2b876c74a3
readme 2025-08-20 10:09:10 -04:00
Patrick Schleizer
0e4664daa0
cleanup 2025-08-20 10:07:58 -04:00
Aaron Rainbolt
37c0bc0c5d
Merge remote-tracking branch 'raja/block_32bit' into arraybolt3/trixie 2025-08-17 14:02:01 -05:00
Aaron Rainbolt
b5a36e02f1
Merge remote-tracking branch 'raja/panic_limits' into arraybolt3/trixie 2025-08-17 13:52:01 -05:00
Aaron Rainbolt
210aa97650
Merge remote-tracking branch 'raja/trixie_docs' into arraybolt3/trixie 2025-08-17 13:50:25 -05:00
raja-grewal
f175d1961e
Enable ia32_emulation=0 2025-08-17 07:08:08 +00:00
raja-grewal
3de9cd5646
Remove whitespace 2025-08-17 07:06:55 +00:00
raja-grewal
e06b78a522
Temporarily revert IA32 doc updates 2025-08-17 07:05:32 +00:00
raja-grewal
247015bcc6
Set sysctl kernel.panic=-1 2025-08-17 06:27:44 +00:00
Aaron Rainbolt
7a8dfa528c
Merge remote-tracking branch 'raja/trixie_docs' into arraybolt3/trixie 2025-08-16 21:10:19 -05:00
raja-grewal
1f75426f07
Clarify docs for disabling 32-bit x86 support 2025-08-16 02:20:00 +00:00
Aaron Rainbolt
65afc31ba7
Merge branch 'kcfi' into arraybolt3/trixie 2025-08-15 16:31:50 -05:00
raja-grewal
00c660d40d
Typo 2025-08-15 11:29:27 +10:00
raja-grewal
498551536c
Update docs 2025-08-06 03:12:06 +00:00
raja-grewal
45d20dd972
Upgrade sysctls and docs on kernel panics 2025-08-06 02:35:15 +00:00
raja-grewal
1f7525722e
Enable cfi=kcfi 2025-08-06 01:48:47 +00:00
Aaron Rainbolt
1a60da71ed
emerg-shutdown: Add shutdown timeout for preventing stuck shutdowns, briefly document feature set and usage 2025-07-29 21:16:51 -05:00
raja-grewal
6f9763f525
Enable indirect_target_selection=force 2025-07-19 05:19:27 +00:00
raja-grewal
72613203b9
Add reference 2025-06-06 13:07:52 +00:00
raja-grewal
a1bde21ccb
Set erst_disable 2025-05-17 04:41:06 +00:00
raja-grewal
aa0ffff427
README.md: Revert error 2025-04-10 11:49:45 +10:00
raja-grewal
f0d17c7e41
README: Fix a few links 2025-03-16 03:31:24 +00:00
raja-grewal
df2fc2cf6b
Set efi_pstore.pstore_disable=1 2025-03-16 03:30:04 +00:00
raja-grewal
f643ebc2f9
Disable pstore processing by systemd-pstore service 2025-03-16 03:28:39 +00:00
raja-grewal
4b1e530674
README.md: List CPU mitigations 2025-01-21 12:39:06 +00:00
raja-grewal
15d13a8571
Add info on DBX updates via the UEFI Revocation List 2025-01-21 12:36:04 +00:00
Patrick Schleizer
b0baa8baa5
add link 2025-01-12 05:38:35 -05:00
Patrick Schleizer
d6a7cd3e0d
formatting. 
use chapter to make allow for deep linking
 2025-01-12 05:36:16 -05:00
Patrick Schleizer
e9ef3602dd
Merge pull request #292 from raja-grewal/cpu_table 
Add link to tabular comparison of CPU mitigations
 2025-01-10 10:30:34 -05:00
Patrick Schleizer
1b33e83529
Merge pull request #291 from raja-grewal/drop_gratuitous_arp 
Drop gratuitous ARP packets
 2025-01-10 10:29:30 -05:00
Patrick Schleizer
486757bfae
Merge pull request #290 from raja-grewal/arp_ignore 
Respond to ARP requests only if the target IP address is on-link
 2025-01-10 10:29:12 -05:00
Patrick Schleizer
17ff249150
Merge pull request #289 from raja-grewal/arp_filter 
Enable ARP filtering
 2025-01-10 10:28:48 -05:00
Patrick Schleizer
27d19ba568
Merge pull request #288 from raja-grewal/shared_media 
Deny sending and receiving shared media redirects
 2025-01-10 10:28:05 -05:00
raja-grewal
cf435a8fa8
README.md: Note importance of microcode updates 2025-01-10 13:22:21 +11:00
raja-grewal
5e3785d76e
README.md: Remove double space 2025-01-08 18:35:52 +11:00
Patrick Schleizer
0640964c35
readme 2024-12-31 06:14:29 -05:00
raja-grewal
2e6e1701a0
Set net.ipv4.conf.*.drop_gratuitous_arp=1 2024-12-19 10:35:08 +00:00
raja-grewal
c37f4efadf
Set net.ipv4.conf.*.arp_ignore=2 2024-12-19 10:33:49 +00:00
raja-grewal
af1d06973b
Set net.ipv4.conf.*.arp_filter=1 2024-12-19 10:31:43 +00:00
raja-grewal
750367a906
Set net.ipv4.conf.*.shared_media=0 2024-12-19 10:29:56 +00:00
Patrick Schleizer
c7f7196471
Merge pull request #287 from raja-grewal/patch 
Refactor and add two CPU mitigations
 2024-12-19 00:31:25 -05:00
Patrick Schleizer
e5b67e044b
Merge pull request #279 from raja-grewal/arp 
Provide network-related hardening options via `sysctl`'s
 2024-12-19 00:15:02 -05:00
raja-grewal
3749f8ff09
Update presentation on user namespaces 2024-12-18 03:36:09 +00:00
Aaron Rainbolt
1708a03e1e
Enable umask hardening 2024-11-28 15:39:59 -06:00
raja-grewal
141b84c40d
Provide option to deny sending and receiving shared media redirects 2024-11-13 05:42:56 +00:00
raja-grewal
18aec201bf
Provide option to harden response to ARP requests 2024-11-13 05:41:25 +00:00
raja-grewal
a25d4f8df8
Provide option to enable ARP filtering 2024-11-13 05:40:21 +00:00
raja-grewal
c2aae73ce1
Add reference and move text 2024-11-13 05:38:03 +00:00