Commit Graph

425 Commits

Author SHA1 Message Date
Patrick Schleizer
7c3da38bd5
comment 2019-12-21 07:42:25 -05:00
Patrick Schleizer
9050058bc2
fix 2019-12-21 07:42:01 -05:00
Patrick Schleizer
6b13a644df
add /usr/lib/security-misc/permission-hardening-undo 2019-12-21 07:37:41 -05:00
Patrick Schleizer
c336bc4fd2
comment 2019-12-21 06:39:13 -05:00
Patrick Schleizer
b5f88efe20
fix 2019-12-21 06:27:01 -05:00
Patrick Schleizer
2088628c8d
debugging 2019-12-21 06:24:08 -05:00
Patrick Schleizer
2dca031527
debugging 2019-12-21 06:22:46 -05:00
Patrick Schleizer
195e00cc87
output 2019-12-21 06:16:38 -05:00
Patrick Schleizer
4b21b6df41
fix 2019-12-21 06:11:44 -05:00
Patrick Schleizer
8436da2b7b
output 2019-12-21 05:58:50 -05:00
Patrick Schleizer
da15265e1c
fix 2019-12-21 05:55:23 -05:00
Patrick Schleizer
2a248fe0de
fix 2019-12-21 05:54:39 -05:00
Patrick Schleizer
4f12664362
output 2019-12-21 05:54:07 -05:00
Patrick Schleizer
e3355843c8
fix 2019-12-21 05:51:22 -05:00
Patrick Schleizer
234ec5fe93
fix 2019-12-21 05:47:35 -05:00
Patrick Schleizer
7ff900c204
fix 2019-12-21 05:37:43 -05:00
Patrick Schleizer
e1a5ee4bcf
output 2019-12-21 05:26:55 -05:00
Patrick Schleizer
66aaf3e22c
output 2019-12-21 05:25:54 -05:00
Patrick Schleizer
7aa7d0b5a0
improve error handling 2019-12-21 05:22:27 -05:00
Patrick Schleizer
8919d38de9
disable debugging 2019-12-21 05:21:46 -05:00
Patrick Schleizer
cf5dee64fd
refactoring 2019-12-21 05:18:34 -05:00
Patrick Schleizer
29cd9a0c38
fix 2019-12-21 05:17:35 -05:00
Patrick Schleizer
486027a4d7
fix 2019-12-21 05:15:38 -05:00
Patrick Schleizer
1fd26be864
fix 2019-12-21 05:14:51 -05:00
Patrick Schleizer
0fc97c37be
fix 2019-12-21 05:14:39 -05:00
Patrick Schleizer
1018d5b3b0
output 2019-12-21 05:11:51 -05:00
Patrick Schleizer
4388fc4d5a
refactoring 2019-12-21 05:11:19 -05:00
Patrick Schleizer
ed20980f4c
refactoring 2019-12-21 05:07:10 -05:00
Patrick Schleizer
315ce86b9a
refactoring 2019-12-21 04:33:03 -05:00
Patrick Schleizer
0c5848494b
do not remount if already has intended mount options 2019-12-21 04:21:26 -05:00
Patrick Schleizer
203f4ad46e
refactoring 2019-12-21 04:17:10 -05:00
Patrick Schleizer
e7fd0dadb0
output 2019-12-21 04:09:35 -05:00
Patrick Schleizer
e6ea21c775
record existing modes in separate dpkg-statoverwrite databases
to have a history of what was modified and to allow to undo changes
2019-12-21 04:08:35 -05:00
Patrick Schleizer
17e8605119
add matchwhitelist feature
add "/usr/lib/virtualbox/ matchwhitelist"
2019-12-20 12:57:24 -05:00
Patrick Schleizer
1b569ea790
comment 2019-12-20 12:32:36 -05:00
Patrick Schleizer
f88ca25889
fix terminology, sguid -> sgid
Thanks to @madaidan for the bug report!

https://forums.whonix.org/t/permission-hardening/8655/21
2019-12-20 11:58:07 -05:00
Patrick Schleizer
ff0a26fb5d
comment 2019-12-20 11:49:19 -05:00
Patrick Schleizer
71496a33ab
skip folders are these are not suid / guid 2019-12-20 11:47:53 -05:00
Patrick Schleizer
9321ecff41
no more need to add/remove / 2019-12-20 11:43:53 -05:00
Patrick Schleizer
b95225b6a6
pipefail 2019-12-20 11:37:05 -05:00
Patrick Schleizer
cad6f328f4
minor 2019-12-20 11:34:44 -05:00
Patrick Schleizer
3265f9894d
output 2019-12-20 11:27:43 -05:00
Patrick Schleizer
1615ebec58
output 2019-12-20 11:07:44 -05:00
Patrick Schleizer
1e11b775cf
output 2019-12-20 11:05:05 -05:00
Patrick Schleizer
731f802895
output 2019-12-20 11:04:12 -05:00
Patrick Schleizer
cd8efe5800
output 2019-12-20 11:03:22 -05:00
Patrick Schleizer
b31abea0af
improve error handling 2019-12-20 10:49:31 -05:00
Patrick Schleizer
79cd3b86b6
comment 2019-12-20 10:47:23 -05:00
Patrick Schleizer
b3458cc6ee
fix checking existing entries to avoid needless calls to dpkg-statoverride 2019-12-20 10:45:59 -05:00
Patrick Schleizer
370f3c5e54
comment 2019-12-20 10:35:05 -05:00
Patrick Schleizer
133d09f298
output 2019-12-20 10:33:16 -05:00
Patrick Schleizer
1ffa8e197e
speed up setuid removal by using find with '-perm /u=s,g=s'
https://forums.whonix.org/t/permission-hardening/8655/19
2019-12-20 10:31:26 -05:00
Patrick Schleizer
4cfdf2c65b
fix, re-enforce nosuid even if changed on the disk 2019-12-20 10:21:27 -05:00
Patrick Schleizer
e36868e675
output 2019-12-20 10:02:46 -05:00
Patrick Schleizer
50b8f65490
add sanity test: count if we really processed all files 2019-12-20 09:59:28 -05:00
Patrick Schleizer
55faa7b997
fix missing processing files bug
https://forums.whonix.org/t/permission-hardening/8655/16
2019-12-20 09:43:23 -05:00
Patrick Schleizer
fbe2479f48
count processed file system objects
to be able to verify if any were "forgotten"
2019-12-20 08:54:56 -05:00
Patrick Schleizer
195ea522f5
fix 2019-12-20 08:52:14 -05:00
Patrick Schleizer
6f8231be70
debugging 2019-12-20 08:51:55 -05:00
Patrick Schleizer
ed50f98010
output 2019-12-20 08:47:22 -05:00
Patrick Schleizer
6d30e3b4a2
do not remove suid from whitelisted binaries ever
https://forums.whonix.org/t/permission-hardening/8655/13
2019-12-20 08:13:23 -05:00
Patrick Schleizer
d5f1bd8dd2
fix mode sanity check
no longer use seq due to issue

https://forums.whonix.org/t/permission-hardening/8655/13
2019-12-20 08:02:30 -05:00
Patrick Schleizer
0ae3e689b5
comment 2019-12-20 06:35:02 -05:00
Patrick Schleizer
050f4d8b94
comment 2019-12-20 06:34:37 -05:00
Patrick Schleizer
36043fe5cc
comment 2019-12-20 06:33:41 -05:00
Patrick Schleizer
fb4254547b
comment 2019-12-20 06:32:04 -05:00
Patrick Schleizer
cca0908d9a
fix 2019-12-20 06:11:38 -05:00
Patrick Schleizer
e254b8b52d
fix 2019-12-20 06:09:17 -05:00
Patrick Schleizer
7f8b3c76de
output 2019-12-20 06:02:17 -05:00
Patrick Schleizer
071c64dc41
enable 'set -e' 2019-12-20 06:01:49 -05:00
Patrick Schleizer
b97c66707c
minor 2019-12-20 05:59:05 -05:00
Patrick Schleizer
17b4f12276
output 2019-12-20 05:58:42 -05:00
Patrick Schleizer
918cbb4e25
output 2019-12-20 05:51:25 -05:00
Patrick Schleizer
c8cf09a4cb
output 2019-12-20 05:50:16 -05:00
Patrick Schleizer
46466c12ad
parse drop-in config folder rather than only one config file 2019-12-20 05:49:11 -05:00
Patrick Schleizer
66fd31189d
improve output if set-user-id / set-group-id is set 2019-12-20 05:37:33 -05:00
Patrick Schleizer
af0f074987
remount /lib with nosuid,nodev
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/22
2019-12-20 05:27:11 -05:00
Patrick Schleizer
a135ae9400
use must manually enable permission-hardening.service
until development finished
2019-12-20 05:22:59 -05:00
Patrick Schleizer
fa6f1e1568
output 2019-12-20 05:19:39 -05:00
Patrick Schleizer
a26cb94bfd
globstar no longer required 2019-12-20 04:49:21 -05:00
Patrick Schleizer
c66e9abe18
comment 2019-12-20 04:48:57 -05:00
Patrick Schleizer
d1d0afff34
fix
fso: /lib/
usr/lib/security-misc/permission-hardening: line 19: /usr/bin/stat: Argument list too long

https://forums.whonix.org/t/kernel-hardening/7296/326
2019-12-20 04:48:02 -05:00
Patrick Schleizer
e74d2e4f94
output 2019-12-20 04:23:14 -05:00
Patrick Schleizer
eb86359033
refactoring 2019-12-20 04:20:05 -05:00
Patrick Schleizer
bb84fca184
refactoring 2019-12-20 04:08:46 -05:00
Patrick Schleizer
f92b414195
refactoring 2019-12-20 04:06:28 -05:00
Patrick Schleizer
4c44871e9d
comment 2019-12-20 04:02:05 -05:00
Patrick Schleizer
6876a2eaa8
comment 2019-12-20 04:01:40 -05:00
Patrick Schleizer
35c4fce61b
fix "dpkg-statoverride: warning: stripping trailing /" 2019-12-20 03:54:46 -05:00
Patrick Schleizer
9bd9012ab1
refactoring 2019-12-20 03:46:50 -05:00
Patrick Schleizer
55933f8876
refactoring 2019-12-20 03:43:36 -05:00
Patrick Schleizer
9e493a9f48
refactoring 2019-12-20 03:42:09 -05:00
Patrick Schleizer
b92a690c16
refactoring 2019-12-20 03:40:47 -05:00
Patrick Schleizer
98535e3a2b
refactoring 2019-12-20 03:39:25 -05:00
Patrick Schleizer
ecbba2fd61
refactoring 2019-12-20 03:38:39 -05:00
Patrick Schleizer
20b8a407ac
refactoring 2019-12-20 03:25:17 -05:00
Patrick Schleizer
6cd9eb44fb
refactoring 2019-12-20 03:24:07 -05:00
Patrick Schleizer
706dba104d
code simplification 2019-12-20 03:19:12 -05:00
Patrick Schleizer
01dd567f8b
fix, if fso has exactly the mode we want (not 3 instead of 4 string length), not need to reset it 2019-12-20 03:16:43 -05:00
Patrick Schleizer
4f65b0fc1e
refactoring 2019-12-20 03:13:27 -05:00
Patrick Schleizer
bfee6b60cb
comment 2019-12-20 03:11:11 -05:00
Patrick Schleizer
d64cdc1247
refactoring 2019-12-20 03:04:41 -05:00
Patrick Schleizer
7c5c65a6c1
comment 2019-12-20 03:04:13 -05:00
Patrick Schleizer
b31d8cd3fc
fix 2019-12-20 03:03:40 -05:00
Patrick Schleizer
c626290673
refactoring 2019-12-20 03:02:26 -05:00
Patrick Schleizer
d5ff1d6f28
refactoring 2019-12-20 03:00:39 -05:00
Patrick Schleizer
640ca1d24d
skip symlinks
https://forums.whonix.org/t/kernel-hardening/7296/323?
2019-12-20 02:57:57 -05:00
Patrick Schleizer
cc8f795799
comment 2019-12-20 02:47:04 -05:00
Patrick Schleizer
4e5b222a08
comment 2019-12-20 02:43:33 -05:00
Patrick Schleizer
fa895ee11e
refactoring 2019-12-20 02:40:42 -05:00
Patrick Schleizer
2c163bf439
check string length of permission variable
https://forums.whonix.org/t/kernel-hardening/7296/322
2019-12-20 02:39:53 -05:00
Patrick Schleizer
a89befd902
code simplification 2019-12-20 02:20:54 -05:00
Patrick Schleizer
72812da63f
comment 2019-12-20 02:16:32 -05:00
Patrick Schleizer
39a41cc27b
refactoring 2019-12-20 02:14:45 -05:00
Patrick Schleizer
2ed6452590
downgrade to info 2019-12-20 02:12:43 -05:00
Patrick Schleizer
a5e55dfcfc
quotes 2019-12-20 02:11:39 -05:00
Patrick Schleizer
3187cee4fb
output 2019-12-20 02:10:13 -05:00
Patrick Schleizer
5160b4c781
disable xtrace 2019-12-20 02:08:05 -05:00
Patrick Schleizer
27bfe95d25
add echo wrapper 2019-12-20 02:07:49 -05:00
Patrick Schleizer
a6988f3fb8
output 2019-12-20 02:06:31 -05:00
Patrick Schleizer
1819577b88
fix 2019-12-20 02:04:34 -05:00
Patrick Schleizer
278c60c5a0
exit non-zero if some line cannot be parsed
therefore make systemd notice this

therefore allow the sysadmin to notice this
2019-12-20 02:01:36 -05:00
Patrick Schleizer
66bcba8313
improve character whitelisting 2019-12-20 01:58:35 -05:00
Patrick Schleizer
8f14e808a9
send error messages to stderr 2019-12-20 01:32:49 -05:00
Patrick Schleizer
d8c9fac2e5
output 2019-12-20 01:32:08 -05:00
Patrick Schleizer
f19abaf627
refactoring 2019-12-20 01:31:37 -05:00
madaidan
3c2ca0257f
Support for removing SUID bits 2019-12-19 17:01:08 +00:00
Patrick Schleizer
4ca9fc5920
fix 2019-12-16 03:53:10 -05:00
Patrick Schleizer
f68efd53cf
remount /sys/kernel/security with nodev,nosuid[,noexec]
as suggested by @madaidan

http://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/238
2019-12-16 03:52:09 -05:00
Patrick Schleizer
729fa26eca
use pam_acccess only for /etc/pam.d/login
remove "Allow members of group 'ssh' to login."
remove "+:ssh:ALL EXCEPT LOCAL"
2019-12-12 09:00:08 -05:00
Patrick Schleizer
b72eb30056
quotes 2019-12-09 02:32:05 -05:00
Patrick Schleizer
c258376b7e
use read (built-in) rather than awk (external) 2019-12-09 02:31:10 -05:00
Patrick Schleizer
02165201ab
read -r; refactoring
as per https://mywiki.wooledge.org/BashFAQ/001
2019-12-09 02:23:43 -05:00
Patrick Schleizer
7467252122
quotes 2019-12-09 02:22:16 -05:00
madaidan
61e19fa5f1
Create permission-hardening 2019-12-08 16:49:28 +00:00
Patrick Schleizer
50ac03363f
output 2019-12-08 03:18:32 -05:00
Patrick Schleizer
3bd0b3f837
notify when attempting to use ssh but user is member of group ssh 2019-12-08 03:10:41 -05:00
madaidan
6846a94327
Check for more locations of System.map 2019-12-07 19:38:12 +00:00
madaidan
668b6420de
Remove hyphen 2019-12-07 14:15:02 +00:00
Patrick Schleizer
9ba84f34c6
comment 2019-12-07 06:51:59 -05:00
Patrick Schleizer
dc1dfc8c20
output 2019-12-07 06:51:16 -05:00
Patrick Schleizer
532a1525c2
comment 2019-12-07 06:26:55 -05:00
Patrick Schleizer
14aa6c5077
comment 2019-12-07 06:26:23 -05:00
Patrick Schleizer
8b3f5a555b
add console lockdown to pam info output 2019-12-07 06:25:45 -05:00
Patrick Schleizer
5a4eda0d05
also support /usr/local/etc/remount-disable and /usr/local/etc/noexec 2019-12-07 01:53:33 -05:00
Patrick Schleizer
9b14f24d5e
refactoring 2019-12-06 11:17:32 -05:00
Patrick Schleizer
a6133f5912
output 2019-12-06 11:16:43 -05:00
Patrick Schleizer
c1ea35e2ef
output 2019-12-06 11:15:54 -05:00
Patrick Schleizer
4bec41379d
fix remount with noexec if /etc/noexec exists 2019-12-06 11:15:13 -05:00
Patrick Schleizer
470cad6e91
remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
2019-12-06 05:14:02 -05:00
Patrick Schleizer
aa5451c8cd
Lock user accounts after 50 rather than 100 failed login attempts.
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19
2019-11-25 01:39:53 -05:00
Patrick Schleizer
fe1f1b73a7
load jitterentropy_rng kernel module for better entropy collection
https://www.whonix.org/wiki/Dev/Entropy

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972

https://forums.whonix.org/t/jitterentropy-rngd/7204
2019-11-23 11:20:32 +00:00
Patrick Schleizer
74293bcd2f
output 2019-11-05 01:59:25 -05:00
Patrick Schleizer
2b5b06b602
output 2019-11-05 01:59:19 -05:00
Patrick Schleizer
d6977becba
refactoring 2019-11-05 01:51:14 -05:00
Patrick Schleizer
daf0006795
comment 2019-11-05 01:50:27 -05:00
Patrick Schleizer
203d5cfa68
copyright 2019-10-31 11:19:44 -04:00
Patrick Schleizer
d4e02de43a
set SUDO_ASKPASS for pkexec wrapper when using sudo --askpass 2019-10-22 09:04:44 -04:00
Patrick Schleizer
343d9cc916
fix 2019-10-21 09:53:55 +00:00
Patrick Schleizer
40707e70db
Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040

https://forums.whonix.org/t/cannot-use-pkexec/8129

Thanks to AnonymousUser for the bug report!
2019-10-21 05:46:49 -04:00
Patrick Schleizer
a5045dc26e
set -e 2019-10-17 06:18:32 -04:00
Patrick Schleizer
4aba027566
syntax check 2019-10-17 06:12:36 -04:00
Patrick Schleizer
8b9aa8841a
fix 2019-10-17 06:11:01 -04:00
Patrick Schleizer
cfbd77040a
set "shopt -s nullglob" to avoid failing when folder /etc/hide-hardware-info.d
does not exist or is empty
2019-10-17 06:10:29 -04:00
Patrick Schleizer
b05663c5f6
shuffle
https://forums.whonix.org/t/restrict-hardware-information-to-root/7329/80
2019-10-17 06:08:55 -04:00
Patrick Schleizer
28a440091d
code simplification 2019-10-17 06:08:16 -04:00
Patrick Schleizer
3c4e261c20
remove trailing spaces 2019-10-17 06:05:23 -04:00
Patrick Schleizer
8a42c5b023
Merge pull request #34 from madaidan/whitelist
Add a whitelist for /sys and /proc/cpuinfo
2019-10-17 09:59:12 +00:00
madaidan
61f742304d
return 0 2019-10-16 19:46:59 +00:00
madaidan
ffba0e0179
Elaborate 2019-10-16 19:04:15 +00:00
madaidan
f08c03ab21
Restrict sysfs/cpuinfo if the whitelist is disabled 2019-10-16 15:39:23 +00:00
madaidan
6b78dbcd07
Add way to whitelist things 2019-10-15 20:57:02 +00:00
Patrick Schleizer
d2bc3a2a08
chmod +x usr/lib/security-misc/hide-hardware-info 2019-10-05 09:14:41 +00:00
madaidan
87917d2f03
Add licensing 2019-10-03 21:38:07 +00:00
madaidan
9449f5017a
Create hide-hardware-info 2019-10-03 20:45:14 +00:00
Patrick Schleizer
75258843e9
copyright 2019-09-16 13:03:43 +00:00
Patrick Schleizer
8e39cea876
comment 2019-09-16 13:03:25 +00:00
Patrick Schleizer
bac462f211
comment 2019-09-16 13:03:02 +00:00
Patrick Schleizer
bec680d4f3
pam_tally2-info: fix, do nothing when started as user "user"
xscreensaver runs as user "user", therefore pam_tally2 cannot function.
xscreensaver has its own failed login counter.

as user "user"
/sbin/pam_tally2 -u user
pam_tally2: Error opening /var/log/tallylog for update: Permission denied
/sbin/pam_tally2: Authentication error

https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts

https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698
2019-09-16 12:30:23 +00:00
Patrick Schleizer
0140df8668
virusforget 2019-08-19 08:43:28 +00:00
Patrick Schleizer
113ab42568
virusforget 2019-08-19 08:31:23 +00:00
Patrick Schleizer
416906d4f9
virusforget 2019-08-19 08:19:35 +00:00
Patrick Schleizer
2d867d9fee
virusforget 2019-08-19 08:10:18 +00:00
Patrick Schleizer
8e76e6b8b3
fix 2019-08-19 07:48:12 +00:00
Patrick Schleizer
3f068f77fe
keep cache folder outside of reach of user since even user can remove files
owned by root in its home folder
2019-08-19 07:47:20 +00:00
Patrick Schleizer
1fa1efa58e
credits 2019-08-19 07:22:09 +00:00
Patrick Schleizer
1e026a3ebb
initial development version of VirusForget 2019-08-18 22:50:44 +00:00
Patrick Schleizer
41b2819ec8
PAM: abort on locked password
to avoid needlessly bumping pam_tally2 counter

https://forums.whonix.org/t/restrict-root-access/7658/1
2019-08-17 10:33:47 +00:00
Patrick Schleizer
17cfcb63b6
code simplification; report locked account earlier 2019-08-16 10:50:56 -04:00
Patrick Schleizer
ff9bc1d7ea
informational output during PAM:
* Show failed and remaining password attempts.
* Document unlock procedure if Linux user account got locked.
* Point out, that there is no password feedback for `su`.
* Explain locked (root) account if locked.
* /usr/share/pam-configs/tally2-security-misc
* /usr/lib/security-misc/pam_tally2-info
2019-08-15 13:37:28 +00:00
Patrick Schleizer
547ba91d79
sanity test 2019-08-14 09:45:30 +00:00
Patrick Schleizer
799acad724
skip, if not a folder 2019-08-14 09:39:43 +00:00
Patrick Schleizer
6321ff5ad5
refactoring 2019-08-14 09:38:44 +00:00
Patrick Schleizer
f8c828b69a
output 2019-08-14 05:19:02 -04:00
Patrick Schleizer
e5da6d9699
copyright 2019-08-14 05:17:54 -04:00
Patrick Schleizer
1595789d7c
comment 2019-08-14 05:17:16 -04:00
Patrick Schleizer
21489111d1
run permission lockdown during pam
https://forums.whonix.org/t/change-default-umask/7416
2019-08-14 08:34:03 +00:00
Patrick Schleizer
dbea7d1511
add hook etc/kernel/postinst.d/30_remove-system-map to remove system.map
on kernel package upgrade;

self-document this package: during upgrade the following will be written
to stdout:

Setting up linux-image-4.19.0-5-amd64 (4.19.37-5+deb10u2) ...
/etc/kernel/postinst.d/30_remove-system-map:
removed '/boot/System.map-4.19.0-5-amd64
2019-08-14 07:22:14 +00:00
Patrick Schleizer
6af2d7facb
copyright 2019-07-13 18:12:25 +00:00
Patrick Schleizer
75f0ca565d
set -e 2019-07-13 18:12:04 +00:00
Patrick Schleizer
c389e13e1a
use pre.bsh 2019-07-13 17:59:49 +00:00
Patrick Schleizer
bea98474ba
chmod +x usr/lib/security-misc/panic-on-oops 2019-07-11 07:07:21 +00:00
madaidan
52c61011d4
Create panic-on-oops 2019-07-08 22:58:56 +00:00
Patrick Schleizer
a978fe1000
chmod +x usr/lib/security-misc/remove-system.map 2019-06-28 07:17:35 +00:00
madaidan
9392c8deb2
Update remove-system.map 2019-06-26 15:03:54 +00:00
madaidan
8ef0db17e6
Use a for loop to detect if System.map exists 2019-06-26 12:59:45 +00:00
madaidan
382e336f69
Create remove-system.map 2019-06-25 19:20:27 +00:00
Patrick Schleizer
6ba1fb70d2
port to debian buster 2019-04-05 14:06:00 -04:00
Patrick Schleizer
5b3fc2f6b9
update copyright 2018-01-29 15:22:05 +00:00
Patrick Schleizer
c3b6a44e97
update copyright 2018-01-29 15:15:17 +00:00
Patrick Schleizer
ff28f5932c
update copyright 2018-01-29 15:09:42 +00:00
Patrick Schleizer
f6bc188485
comment 2017-02-28 15:22:54 +01:00
Patrick Schleizer
18e23af784
cleanup 2017-02-27 23:59:37 +00:00
Patrick Schleizer
6195450eb2
No longer ignore duplicate apt sources in apt-get-wrapper.
No longer acceptable because these generate lots of noise in the terminal.
2017-02-27 23:57:04 +00:00
Patrick Schleizer
191918027c
adjust apt-get-wrapper for Debian stretch's apt-get 2017-02-27 23:43:02 +00:00
Patrick Schleizer
2130b4c654
use python rather than unbuffer
because unbuffer eats exit code when process is killed
2017-02-27 23:16:32 +00:00
Patrick Schleizer
cc351165dc
apt-get-wrapper:
- fix exit code handling
- code simplification
2017-02-27 19:36:38 +00:00
Patrick Schleizer
5653b7732a
fix, show progress during apt-get-wrapper
fix, propagate signals to apt-get child process
2017-02-26 23:57:17 +00:00
Patrick Schleizer
bddbba84a6
"$@" 2017-02-14 17:30:31 +00:00
Patrick Schleizer
9b0d3e34fc
add usr/lib/security-misc/apt-get-update-sanity-test
a CVE-2016-1252 sanity test script
2017-02-14 02:37:08 +00:00
Patrick Schleizer
90f175e117
double apt-get-update wrapper timeout from 120 to 240 seconds
since it takes a bit longer than 120 seconds for me on a fast connection
2017-02-08 14:26:26 +00:00
Patrick Schleizer
0cf6524f0f
apt-get-update: implement SIGINIT trap; hide 'ps' output 2016-12-25 02:33:44 +00:00
Patrick Schleizer
c4089d8d40
update path to /usr/lib/security-misc/apt-get-wrapper 2016-12-25 01:36:04 +00:00
Patrick Schleizer
7b01fb9341
remove obsolete comments 2016-12-25 01:35:17 +00:00
Patrick Schleizer
8160cfe1d7
moved apt-get-update and apt-get-wrapper from whonixcheck to security-misc 2016-12-25 01:29:31 +00:00