Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-10 07:19:25 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,302 Commits 2 Branches 291 Tags 8.2 MiB
e5a38fc856
Commit Graph

69 Commits

Author SHA1 Message Date
Raja Grewal
e5a38fc856
Typo 2024-08-09 13:30:15 +10:00
Patrick Schleizer
a25aaf900a
Merge pull request #260 from raja-grewal/vdso32 
Enable `vdso32=0`
 2024-08-06 09:55:20 -04:00
Patrick Schleizer
6bc039a430
Merge pull request #259 from raja-grewal/kfence 
Enable `kfence.sample_interval=100`
 2024-08-06 09:52:56 -04:00
Raja Grewal
8559079312
Enable vdso32=0 2024-08-05 15:10:02 +10:00
Raja Grewal
d102ec1997
Enable kfence.sample_interval=100 2024-08-05 15:07:56 +10:00
Raja Grewal
aa34d86598
Enable slab_debug=FZ 2024-08-05 14:27:17 +10:00
Patrick Schleizer
6d97408a6d
Merge pull request #255 from raja-grewal/SLUB 
Restore option to enable `slub_debug=FZ`
 2024-08-04 16:11:46 -04:00
Raja Grewal
6f14d68cdc
Update legacy name slub_debug -> slab_debug 2024-08-03 15:12:15 +10:00
Raja Grewal
22b6cee80c
Add details about slub_debug 2024-08-03 15:11:14 +10:00
Raja Grewal
b77d1a2b98
Revert "Remove the optional slub_debug parameter since it is no longer recommended" 
This reverts commit 48e1ac4163.
 2024-08-03 14:49:48 +10:00
Raja Grewal
52aeacb4da
Provide option to disable 32 bit vDSO mappings 2024-08-03 00:13:38 +10:00
Raja Grewal
9099ecce8a
Provide option to enable the kernel Electric-Fence 2024-08-03 00:12:50 +10:00
Raja Grewal
f6a16258a1
Add references to KSPP 2024-08-03 00:11:06 +10:00
Raja Grewal
e53d24fc48
Add missing GRUB command lines for disabled boot parameters 2024-08-03 00:09:42 +10:00
Raja Grewal
4397de0138
Update description of cfi=kcfi kerenel parameter 2024-07-26 11:30:46 +10:00
Raja Grewal
1135d34ab3
Reword description of cfi=kcfi kerenel parameter 2024-07-24 23:33:36 +10:00
Raja Grewal
fb494c2ba5
Update docs relating to the cfi=kcfi kernel parameter 2024-07-23 13:12:13 +10:00
Raja Grewal
d6fc71dba7
Add option to switch (back) to using kCFI in the future 2024-07-22 17:26:00 +10:00
Raja Grewal
06894d1c98
Typo 2024-07-19 18:30:42 +10:00
Raja Grewal
faa9181a6c
Typos 2024-07-18 12:19:27 +10:00
Patrick Schleizer
d454f36c63
spelling 2024-07-17 11:52:29 -04:00
Patrick Schleizer
d29a616142
minor 2024-07-17 08:39:20 -04:00
Raja Grewal
73f6d4b26f
Fix transcription error 2024-07-16 01:03:41 +10:00
Raja Grewal
d229e8b04d
Fix link 2024-07-15 14:50:29 +10:00
Raja Grewal
f4d652fa7b
Update presentation of quiet loglevel=0 2024-07-15 14:39:12 +10:00
Raja Grewal
48e1ac4163
Remove the optional slub_debug parameter since it is no longer recommended 2024-07-15 02:04:25 +10:00
Raja Grewal
99038c7a06
Add option to disable support for x86 processes and syscalls in the future 2024-07-15 02:02:01 +10:00
Raja Grewal
f550fbe07c
Add option to disable the entire IPv6 stack functionality 2024-07-15 01:59:04 +10:00
Raja Grewal
a33d4cd099
Refactor existing kernel parameters for clarity 2024-07-15 01:56:25 +10:00
Raja Grewal
1bb843ec38
Update Copyright (C) to 2024 2024-05-11 13:18:36 +10:00
Patrick Schleizer
af6c6971a7
comment 2024-03-04 06:33:51 -05:00
Patrick Schleizer
d543825d85
comments 2023-10-21 12:24:59 -04:00
Raja Grewal
7a4212dd76
Update copyright 2023-03-30 17:08:47 +11:00
Raja Grewal
92669dba18
Comment out machine check exception 2022-08-21 23:02:44 +10:00
Patrick Schleizer
0c5b1e9f57
undo "force kernel to panic on "oopses" 
because implemented differently already

https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713
 2022-07-23 07:49:56 -04:00
Raja Grewal
ca764d8de0
force kernel to panic on "oopses" 2022-07-20 04:06:35 +10:00
Raja Grewal
74858d257b
enable randomize_kstack_offset 2022-07-13 04:34:35 +10:00
Raja Grewal
f572332108
disable slub_debug 2022-07-13 04:32:03 +10:00
Patrick Schleizer
2d37e3a1af
copyright 2022-05-20 14:46:38 -04:00
Patrick Schleizer
c72567dbd2
fix 2021-09-14 14:18:44 -04:00
Patrick Schleizer
bd31b4085c
remove Debian buster support in /etc/default/grub.d 2021-09-09 12:16:18 -04:00
Patrick Schleizer
49902b8c56
move grub quiet to separate config file /etc/default/grub.d/41_quiet.cfg 2021-09-06 08:19:41 -04:00
Patrick Schleizer
db43cedcfd
LANG=C str_replace 2021-08-22 05:23:24 -04:00
Patrick Schleizer
a67007f4b7
copyright 2021-03-17 09:45:21 -04:00
madaidan
06ffd5d220
Restrict access to debugfs 2020-09-28 19:21:20 +00:00
Patrick Schleizer
6485df8126
Prevent kernel info leaks in console during boot. 
add kernel parameter `quiet loglevel=0`

https://phabricator.whonix.org/T950
 2020-04-23 12:26:31 -04:00
Patrick Schleizer
72228946dc
fix etc/default/grub.d/40_kernel_hardening.cfg 
in Qubes if no kernel package is installed
 2020-04-08 16:46:11 +00:00
Patrick Schleizer
2ceea8d1fe
update copyright year 2020-04-01 08:49:59 -04:00
madaidan
f6b6ab374e
Gather more entropy during boot 2020-02-16 19:51:32 +00:00
madaidan
ba0043b8a7
Update 40_kernel_hardening.cfg 2020-02-12 18:36:05 +00:00