security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00

Author	SHA1	Message	Date
Patrick Schleizer	ac96708b24	improve usr/bin/hardening-enable	2019-12-08 04:01:11 -05:00
Patrick Schleizer	50ac03363f	output	2019-12-08 03:18:32 -05:00
Patrick Schleizer	c7c65fe4e7	higher priority usr/share/pam-configs/tally2-security-misc so it can give info before pam stack gets aborted by other pam modules	2019-12-08 03:15:53 -05:00
Patrick Schleizer	3bd0b3f837	notify when attempting to use ssh but user is member of group ssh	2019-12-08 03:10:41 -05:00
Patrick Schleizer	1dbca1ea2d	add usr/bin/hardening-enable	2019-12-08 02:27:09 -05:00
Patrick Schleizer	19cc6d7555	pam description	2019-12-08 02:10:43 -05:00
Patrick Schleizer	b871421a54	usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc	2019-12-08 01:57:43 -05:00
madaidan	6846a94327	Check for more locations of System.map	2019-12-07 19:38:12 +00:00
madaidan	668b6420de	Remove hyphen	2019-12-07 14:15:02 +00:00
Patrick Schleizer	9ba84f34c6	comment	2019-12-07 06:51:59 -05:00
Patrick Schleizer	dc1dfc8c20	output	2019-12-07 06:51:16 -05:00
Patrick Schleizer	532a1525c2	comment	2019-12-07 06:26:55 -05:00
Patrick Schleizer	14aa6c5077	comment	2019-12-07 06:26:23 -05:00
Patrick Schleizer	8b3f5a555b	add console lockdown to pam info output	2019-12-07 06:25:45 -05:00
Patrick Schleizer	6479c883bf	Console Lockdown. Allow members of group 'console' to use tty1 to tty7. Everyone else except members of group 'console-unrestricted' are restricted from using console using ancient, unpopular login methods such as using /bin/login over networks, which might be exploitable. (CVE-2001-0797) Not enabled by default in this package since this package does not know which users shall be added to group 'console'. In new Whonix builds, user 'user" will be added to group 'console' and pam console-lockdown enabled by package anon-base-files. /usr/share/pam-configs/console-lockdown /etc/security/access-security-misc.conf https://forums.whonix.org/t/etc-security-hardening/8592	2019-12-07 05:40:20 -05:00
Patrick Schleizer	5a4eda0d05	also support /usr/local/etc/remount-disable and /usr/local/etc/noexec	2019-12-07 01:53:33 -05:00
Patrick Schleizer	9b14f24d5e	refactoring	2019-12-06 11:17:32 -05:00
Patrick Schleizer	a6133f5912	output	2019-12-06 11:16:43 -05:00
Patrick Schleizer	c1ea35e2ef	output	2019-12-06 11:15:54 -05:00
Patrick Schleizer	4bec41379d	fix remount with noexec if /etc/noexec exists	2019-12-06 11:15:13 -05:00
Patrick Schleizer	470cad6e91	remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in) https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707	2019-12-06 05:14:02 -05:00
Patrick Schleizer	aa5451c8cd	Lock user accounts after 50 rather than 100 failed login attempts. https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19	2019-11-25 01:39:53 -05:00
Patrick Schleizer	fe1f1b73a7	load jitterentropy_rng kernel module for better entropy collection https://www.whonix.org/wiki/Dev/Entropy https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972 https://forums.whonix.org/t/jitterentropy-rngd/7204	2019-11-23 11:20:32 +00:00
Patrick Schleizer	03e8023847	output	2019-11-22 14:11:30 -05:00
Patrick Schleizer	2e73c053b5	fix lintian warning	2019-11-09 12:55:00 +00:00
Patrick Schleizer	74293bcd2f	output	2019-11-05 01:59:25 -05:00
Patrick Schleizer	2b5b06b602	output	2019-11-05 01:59:19 -05:00
Patrick Schleizer	d6977becba	refactoring	2019-11-05 01:51:14 -05:00
Patrick Schleizer	daf0006795	comment	2019-11-05 01:50:27 -05:00
Patrick Schleizer	203d5cfa68	copyright	2019-10-31 11:19:44 -04:00
Patrick Schleizer	bce5274a15	quotes fix	2019-10-22 09:22:29 -04:00
Patrick Schleizer	e20b9e2133	better solution when using pkexec with --user: wrap sudo --user with lxqt-sudo	2019-10-22 09:08:18 -04:00
Patrick Schleizer	d4e02de43a	set SUDO_ASKPASS for pkexec wrapper when using sudo --askpass	2019-10-22 09:04:44 -04:00
Patrick Schleizer	1a65a91039	long rather than short option	2019-10-22 08:56:05 -04:00
Patrick Schleizer	b55913637b	silence output by mount/grep	2019-10-22 08:54:48 -04:00
Patrick Schleizer	a1154170c9	Call original pkexec in case there are no arguments.	2019-10-22 08:54:17 -04:00
Patrick Schleizer	1e4d0ea1d0	fix lintian warning	2019-10-21 09:55:05 +00:00
Patrick Schleizer	343d9cc916	fix	2019-10-21 09:53:55 +00:00
Patrick Schleizer	40707e70db	Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040 https://forums.whonix.org/t/cannot-use-pkexec/8129 Thanks to AnonymousUser for the bug report!	2019-10-21 05:46:49 -04:00
Patrick Schleizer	a5045dc26e	set -e	2019-10-17 06:18:32 -04:00
Patrick Schleizer	4aba027566	syntax check	2019-10-17 06:12:36 -04:00
Patrick Schleizer	8b9aa8841a	fix	2019-10-17 06:11:01 -04:00
Patrick Schleizer	cfbd77040a	set "shopt -s nullglob" to avoid failing when folder /etc/hide-hardware-info.d does not exist or is empty	2019-10-17 06:10:29 -04:00
Patrick Schleizer	b05663c5f6	shuffle https://forums.whonix.org/t/restrict-hardware-information-to-root/7329/80	2019-10-17 06:08:55 -04:00
Patrick Schleizer	28a440091d	code simplification	2019-10-17 06:08:16 -04:00
Patrick Schleizer	3c4e261c20	remove trailing spaces	2019-10-17 06:05:23 -04:00
Patrick Schleizer	8a42c5b023	Merge pull request #34 from madaidan/whitelist Add a whitelist for /sys and /proc/cpuinfo	2019-10-17 09:59:12 +00:00
madaidan	61f742304d	return 0	2019-10-16 19:46:59 +00:00
madaidan	ffba0e0179	Elaborate	2019-10-16 19:04:15 +00:00
madaidan	f08c03ab21	Restrict sysfs/cpuinfo if the whitelist is disabled	2019-10-16 15:39:23 +00:00

1 2 3

140 Commits