Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
1,285 Commits 2 Branches 291 Tags 8.2 MiB
f5b0e4b5b8
Commit Graph

1285 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Patrick Schleizer
f5b0e4b5b8
debugging 2021-09-06 04:55:16 -04:00
Patrick Schleizer
a67d1754d4
bumped changelog version 2021-09-05 16:04:28 -04:00
Patrick Schleizer
6257bfa926
debugging 2021-09-05 15:54:20 -04:00
Patrick Schleizer
1b09d56718
bumped changelog version 2021-09-04 18:29:00 -04:00
Patrick Schleizer
a4e18a2ae8
dracut reproducible=yes 2021-09-04 18:28:37 -04:00
Patrick Schleizer
1a10293b04
bumped changelog version 2021-09-04 12:00:55 -04:00
Patrick Schleizer
e2810f348b
Depends: libpam-modules-bin 2021-09-04 11:50:31 -04:00
Patrick Schleizer
3c64ec8f91
bumped changelog version 2021-09-02 14:36:53 -04:00
Patrick Schleizer
be8c10496f
fix faillock implementation 
dovecot / ssh are exempted
 2021-09-01 15:55:53 -04:00
Patrick Schleizer
8b104f544a
fix, add sshd to pam_service_exclusion_list 
to avoid faillock
 2021-09-01 15:45:36 -04:00
Patrick Schleizer
224ae730c1
bumped changelog version 2021-08-22 05:32:18 -04:00
Patrick Schleizer
db43cedcfd
LANG=C str_replace 2021-08-22 05:23:24 -04:00
Patrick Schleizer
ef2b067c03
bumped changelog version 2021-08-17 15:24:12 -04:00
Patrick Schleizer
08adf4a07d
readme 2021-08-17 15:23:49 -04:00
Patrick Schleizer
7d73b3ffa0
add hardened malloc compatibility for haveged workaround 
`/lib/systemd/system/haveged.service.d/30_security-misc.conf`

`SystemCallFilter=getrandom`

Otherwise haveged will exit with a core dump.
 2021-08-17 15:21:26 -04:00
Patrick Schleizer
8676beef90
bumped changelog version 2021-08-10 18:26:32 -04:00
Patrick Schleizer
582492d6d8
port from pam_tally2 to pam_faillock 
since pam_tally2 was deprecated upstream
 2021-08-10 17:13:00 -04:00
Patrick Schleizer
2bf0e7471c
port from pam_tally2 to pam_faillock 
since pam_tally2 was deprecated upstream
 2021-08-10 15:11:01 -04:00
Patrick Schleizer
2aea74bd71
renamed: usr/libexec/security-misc/pam_tally2-info -> usr/libexec/security-misc/pam-info 
renamed:    usr/libexec/security-misc/pam_tally2_not_if_x -> usr/libexec/security-misc/pam_faillock_not_if_x
renamed:    usr/share/pam-configs/tally2-security-misc -> usr/share/pam-configs/faillock-security-misc
 2021-08-10 15:06:04 -04:00
Patrick Schleizer
6376bbff80
bumped changelog version 2021-08-05 17:03:43 -04:00
Patrick Schleizer
3756016f42
lintian --suppress-tags obsolete-command-in-modprobe.d-file 
https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/24
 2021-08-03 13:04:34 -04:00
Patrick Schleizer
50bdd097df
move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS 2021-08-03 12:56:31 -04:00
Patrick Schleizer
4fadaad8c0
lintian FHS 2021-08-03 12:52:10 -04:00
Patrick Schleizer
6607c1e4bd
move /usr/lib/helper-scripts and /usr/lib/curl-scripts to /usr/libexec/helper-scripts as per lintian FHS 2021-08-03 12:48:57 -04:00
Patrick Schleizer
0492f28aa1
enable "apt-get --error-on=any" by default 
makes apt exit non-zero for transient failures

`/etc/apt/apt.conf.d/40error-on-any`

https://forums.whonix.org/t/debian-bullseye-apt-get-error-on-any/12068
 2021-08-03 12:37:39 -04:00
Patrick Schleizer
240ec7672a
replace no longer required /usr/lib/security-misc/apt-get-wrapper with apt-get --error-on=any 2021-08-03 12:19:26 -04:00
Patrick Schleizer
8eae635668
update lintian tag name 2021-08-03 11:51:31 -04:00
Patrick Schleizer
5e3338f8d3
bullseye 2021-08-03 05:48:25 -04:00
Patrick Schleizer
bb3e65f7a8
bullseye 2021-08-03 03:25:35 -04:00
Patrick Schleizer
c94281121e
comment 2021-08-01 16:37:02 -04:00
Patrick Schleizer
3599e8e2da
readme 2021-08-01 16:24:41 -04:00
Patrick Schleizer
82f3961a71
bumped changelog version 2021-08-01 13:12:08 -04:00
Patrick Schleizer
5a65c35479
port LKRG compatibility settings automation for VirtualBox hosts from systemd to dpkg trigger 2021-08-01 13:11:18 -04:00
Patrick Schleizer
f03c7978c7
bumped changelog version 2021-07-25 11:31:45 -04:00
Patrick Schleizer
b3e34f7f43
comment 2021-07-25 11:27:07 -04:00
Patrick Schleizer
7e128636b3
improve LKRG VirtualBox host configuration 
as per https://github.com/openwall/lkrg/issues/82#issuecomment-886188999
 2021-07-25 11:26:20 -04:00
Patrick Schleizer
3ebe9e7c53
bumped changelog version 2021-07-24 18:10:06 -04:00
Patrick Schleizer
257cef24ba
add LKRG compatibility settings automation for VirtualBox hosts 
https://github.com/openwall/lkrg/issues/82
 2021-07-24 18:03:40 -04:00
Patrick Schleizer
0f86ffef04
bumped changelog version 2021-06-23 11:20:39 -04:00
Patrick Schleizer
74e39cbf69
pam-abort-on-locked-password: more descriptive error handling 
https://forums.whonix.org/t/restrict-root-access/7658/1
 2021-06-20 11:18:56 -04:00
Patrick Schleizer
0f3dbfc4a1
bumped changelog version 2021-06-20 10:16:57 -04:00
Patrick Schleizer
eff5af0318
https://forums.whonix.org/t/restrict-root-access/7658/116 2021-06-20 10:16:33 -04:00
Patrick Schleizer
419f1d89c2
bumped changelog version 2021-06-07 12:13:37 -04:00
Patrick Schleizer
30d1ce36af
Merge remote-tracking branch 'github-whonix/master' 2021-06-07 12:11:58 -04:00
Patrick Schleizer
70a1eb25a5
Merge pull request #101 from madaidan/sudo 
Restrict sudo's file permissions
 2021-06-05 15:55:41 -04:00
madaidan
97d8db3f74
Restrict sudo's file permissions 2021-06-05 19:16:42 +00:00
Patrick Schleizer
0305baf211
bumped changelog version 2021-06-01 07:36:59 -04:00
Patrick Schleizer
d87bee37f7
comment 2021-06-01 07:21:18 -04:00
Patrick Schleizer
809930c021
comment 2021-06-01 05:36:01 -04:00
Patrick Schleizer
5bd59991cb
bumped changelog version 2021-05-05 08:37:56 -04:00