security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2026-01-03 18:05:29 -05:00

Author	SHA1	Message	Date
Aaron Rainbolt	e7e6d6d373	Merge remote-tracking branch 'raja/incomplete_cpu_mitigations' into arraybolt3/trixie-raja-merge	2025-12-14 14:01:54 -06:00
Aaron Rainbolt	8e56772c2f	README.md typo fix	2025-12-13 19:22:50 -06:00
raja-grewal	fe1cfcd1a0	Update docs on CPU MSRs	2025-12-12 02:03:23 +00:00
raja-grewal	53c4fdbeea	Merge branch 'Kicksecure:master' into modprobe_refresh	2025-12-11 12:52:14 +11:00
Aaron Rainbolt	b3eb739fe2	Link fix, change some wording	2025-11-30 00:20:21 -06:00
Aaron Rainbolt	5f34b4146e	Merge remote-tracking branch 'raja/docs' into arraybolt3/trixie	2025-11-30 00:12:18 -06:00
Aaron Rainbolt	2c253b1312	Merge remote-tracking branch 'raja/vsyscall32' into arraybolt3/trixie	2025-11-29 21:01:51 -06:00
Aaron Rainbolt	2b2d30afce	Merge remote-tracking branch 'raja/limit_full_force' into arraybolt3/trixie	2025-11-29 20:23:09 -06:00
Aaron Rainbolt	f0d069c796	Minor README.md corrections	2025-11-29 20:15:03 -06:00
Aaron Rainbolt	b73a830b0f	Merge remote-tracking branch 'raja/kpti' into arraybolt3/trixie	2025-11-29 19:59:35 -06:00
Aaron Rainbolt	e54cb007f9	Merge remote-tracking branch 'raja/limit_bdev_writes' into arraybolt3/trixie	2025-11-29 19:54:10 -06:00
Aaron Rainbolt	84e193c44e	Merge remote-tracking branch 'raja/stop_tw_reuse' into arraybolt3/trixie	2025-11-28 14:21:59 -06:00
Aaron Rainbolt	65c45fc3d7	Minor fixes to NMI panic docs	2025-11-28 00:13:45 -06:00
Aaron Rainbolt	37b1d055f1	Merge remote-tracking branch 'raja/panic_nmi' into arraybolt3/trixie	2025-11-28 00:09:43 -06:00
raja-grewal	79be87ec5f	Move (optional) CPU MSR module disable list	2025-11-21 13:05:13 +00:00
raja-grewal	1865cafe44	Move joydev from blacklist to disable	2025-11-21 12:42:10 +00:00
raja-grewal	59869979bb	Update docs on Vivid disabling	2025-11-21 12:35:51 +00:00
raja-grewal	4597fd16a9	Sort RDNIS disabling and add docs	2025-11-21 12:35:03 +00:00
raja-grewal	29176d2ed2	Remove the option to reduce the MCE tolerance level	2025-11-15 06:30:11 +00:00
raja-grewal	9f897c5ccd	Update docs on reducing the MCE tolerance level	2025-11-15 05:48:33 +00:00
raja-grewal	b6fe1a5a6e	Make panic related settings consistent Ensures the `sysctl` and boot parameters are equivalent in settings and in description. This should prevent future questions regarding having omitted boot parameters that were actually redundant.	2025-11-15 04:51:01 +00:00
raja-grewal	99e993b885	Provide options to enable AMD SME and SEV	2025-11-15 03:16:07 +00:00
raja-grewal	d891313d57	Provide options to panic upon receiving NMIs	2025-11-11 11:39:21 +00:00
raja-grewal	5ac02d2d52	Set `net.ipv4.tcp_tw_reuse=0`	2025-11-10 06:13:35 +00:00
raja-grewal	a3830db09e	Update docs relating to panic on OOM	2025-11-09 13:42:31 +00:00
raja-grewal	0aa0b67df6	Merge branch 'master' into docs	2025-11-10 00:20:48 +11:00
Patrick Schleizer	0391411885	revert Force immediate kernel panic on OOM. https://github.com/Kicksecure/security-misc/issues/324#issuecomment-3507949741	2025-11-09 05:47:00 -05:00
Patrick Schleizer	1ef974300a	readme	2025-11-08 04:00:47 -05:00
raja-grewal	635c216d4e	Update docs on CPU mitigations	2025-11-05 01:44:36 +00:00
raja-grewal	a46f678c7f	Update docs on latent entropy	2025-11-05 00:05:17 +00:00
raja-grewal	37b493826e	Spit distrusting entropy settings for clarity	2025-11-05 00:03:54 +00:00
raja-grewal	019a0cf72c	Update docs on entropy	2025-11-05 00:03:19 +00:00
raja-grewal	4c88b91141	Merge branch 'Kicksecure:master' into docs	2025-11-05 10:10:10 +11:00
raja-grewal	e43d4d7f71	Set `bdev_allow_write_mounted=0`	2025-11-03 05:46:07 +00:00
raja-grewal	322584db33	Update docs on `pti=on`	2025-11-03 04:31:59 +00:00
raja-grewal	5e87c9bea4	Set `kpti=1`	2025-11-03 04:30:58 +00:00
raja-grewal	3fdfebc464	Set `proc_mem.force_override=ptrace`	2025-11-03 00:48:49 +00:00
raja-grewal	c5f91eb33a	Add another method to disable 32-bit legacy vsyscalls	2025-11-02 06:15:06 +00:00
Aaron Rainbolt	7beb19b64a	Update README.md with info about flatpak auth hardening	2025-11-01 22:06:44 -05:00
raja-grewal	8f78269949	Add docs on slab_debug	2025-10-20 05:36:54 +00:00
raja-grewal	9f7480e20a	Make terminology consistent	2025-10-19 01:41:58 +00:00
raja-grewal	f2c3eba4f0	Merge branch 'Kicksecure:master' into docs	2025-10-19 12:23:13 +11:00
Aaron Rainbolt	3d5e659b78	Remove trailing spaces	2025-10-15 19:02:48 -05:00
Aaron Rainbolt	29639fe69e	Merge remote-tracking branch 'raja/bad_ipv6_ra' into arraybolt3/trixie	2025-10-15 19:01:08 -05:00
Aaron Rainbolt	026d55ac41	Typo fixes	2025-10-15 18:30:52 -05:00
Aaron Rainbolt	35fce26476	Merge remote-tracking branch 'raja/stop_ptrace' into arraybolt3/trixie	2025-10-15 18:18:33 -05:00
raja-grewal	f690b58870	Add docs relating to panic on OOM	2025-10-13 02:08:44 +00:00
raja-grewal	9db63d9777	README: Update KSSP compliance status	2025-10-13 01:01:14 +00:00
Patrick Schleizer	4d9c3dc357	minor	2025-10-10 08:08:10 -04:00
Patrick Schleizer	968de33c65	Force immediate kernel panic on OOM. This is to avoid security features such as the screen locker, kloak, emerg-shutdown from being arbitrarily terminated when the system starts running out of memory. https://forums.whonix.org/t/screen-locker-in-security-can-we-disable-these-at-least-4-backdoors/8128/14 https://github.com/Kicksecure/security-misc/issues/324 `vm.panic_on_oom=2` implements https://github.com/Kicksecure/security-misc/issues/324	2025-10-10 08:03:03 -04:00

1 2 3 4 5 ...

335 commits