security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-13 03:11:22 -05:00

Author	SHA1	Message	Date
Patrick Schleizer	c6be621968	bumped changelog version	2025-01-06 10:31:40 +00:00
Patrick Schleizer	6e0787957b	increase priority of pam wheel so it is checked even before faillock in case of attemtping to use `su` without being a member of the required group `sudo`, it's useful to abort the PAM stack as early as possible to avoid needlessly propmting for a password to later be rejected tu to lack of group membership	2025-01-06 05:29:40 -05:00
Patrick Schleizer	d4767b7520	fix: apply PAM wheal only to `su` PAM service	2025-01-06 04:24:44 -05:00
Patrick Schleizer	40b23cfad4	bumped changelog version	2024-12-31 18:42:01 +00:00
Patrick Schleizer	33114f771a	copyright	2024-12-31 13:26:21 -05:00
Patrick Schleizer	bb24bff296	bumped changelog version	2024-12-31 14:09:34 +00:00
Patrick Schleizer	0640964c35	readme	2024-12-31 06:14:29 -05:00
Patrick Schleizer	397b476a82	bumped changelog version	2024-12-26 04:12:02 +00:00
Patrick Schleizer	66f8c18c65	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint'	2024-12-25 22:43:04 -05:00
Aaron Rainbolt	6602fb102d	Adjust pam-info messaging for sysmaint mode	2024-12-24 20:52:34 -06:00
Patrick Schleizer	aa82202e70	bumped changelog version	2024-12-24 05:16:22 +00:00
Patrick Schleizer	27d015d58e	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint'	2024-12-24 00:08:58 -05:00
Aaron Rainbolt	2f3a2bce77	Add warning about using non-sysmaint accounts in sysmaint mode	2024-12-20 11:04:22 -06:00
Patrick Schleizer	3c73c0cd3a	bumped changelog version	2024-12-20 06:01:27 +00:00
Patrick Schleizer	a4c76c617a	syntax fix	2024-12-20 01:01:13 -05:00
Patrick Schleizer	b40bc0a2c9	bumped changelog version	2024-12-20 05:58:24 +00:00
Patrick Schleizer	b21c394ea5	Trigger permission hardener when new configuration files are being installed.	2024-12-20 00:56:20 -05:00
Patrick Schleizer	cd027b86e7	bumped changelog version	2024-12-20 05:48:48 +00:00
Patrick Schleizer	ad6e1f5ad4	move from `/etc/permission-hardener.d` to `/usr/lib/permission-hardener.d`	2024-12-20 00:41:06 -05:00
Patrick Schleizer	a2c1e8c218	clean up old files in `/etc/permission-hardener.d` because will be moved to `/usr/lib/permission-hardener.d`	2024-12-20 00:39:51 -05:00
Patrick Schleizer	6de5d2d076	permission hardener: also parse `/usr/lib/permission-hardener.d/*.conf` folder	2024-12-20 00:37:44 -05:00
Patrick Schleizer	721b100fb6	bumped changelog version	2024-12-19 10:58:50 +00:00
Patrick Schleizer	175b442d5b	use long option name	2024-12-19 05:56:50 -05:00
Patrick Schleizer	c99021bb0c	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint'	2024-12-19 05:56:01 -05:00
Patrick Schleizer	95b535764c	bumped changelog version	2024-12-19 09:43:26 +00:00
Patrick Schleizer	daf0a0900b	fix apt-get-update for non-English locale https://forums.kicksecure.com/t/systemcheck-reports-warning-debian-package-update-check-result-apt-get-reports-that-packages-can-be-updated-but-system-is-already-fully-upgraded/785	2024-12-19 04:39:34 -05:00
Patrick Schleizer	e9a5b14a0d	bumped changelog version	2024-12-19 06:57:42 +00:00
Patrick Schleizer	3135a03e21	Merge remote-tracking branch 'github-kicksecure/master'	2024-12-19 00:34:56 -05:00
Patrick Schleizer	c7f7196471	Merge pull request #287 from raja-grewal/patch Refactor and add two CPU mitigations	2024-12-19 00:31:25 -05:00
Patrick Schleizer	f0c611d9ed	comment	2024-12-19 00:18:25 -05:00
Patrick Schleizer	4f681be774	Merge remote-tracking branch 'github-kicksecure/master'	2024-12-19 00:17:44 -05:00
Patrick Schleizer	e5b67e044b	Merge pull request #279 from raja-grewal/arp Provide network-related hardening options via `sysctl`'s	2024-12-19 00:15:02 -05:00
Patrick Schleizer	4cf5757575	Merge pull request #282 from ArrayBolt3/arraybolt3/umask Enable umask hardening	2024-12-19 00:08:56 -05:00
Aaron Rainbolt	9d69cd1912	Add sysmaint account lock detection	2024-12-18 21:34:37 -06:00
raja-grewal	3749f8ff09	Update presentation on user namespaces	2024-12-18 03:36:09 +00:00
raja-grewal	0dff2cd28f	Minor additions	2024-12-18 03:32:35 +00:00
raja-grewal	3e96fdd9cc	Enable `kvm.mitigate_smt_rsb=1`	2024-12-17 11:44:11 +00:00
raja-grewal	45355aabdc	Enable `kvm-intel.vmentry_l1d_flush=always`	2024-12-17 11:42:52 +00:00
raja-grewal	defba1f245	Refactor CPU mitigations	2024-12-17 11:42:03 +00:00
raja-grewal	943c421889	Minor refactoring	2024-12-17 11:40:38 +00:00
raja-grewal	ca3a73ac13	Typo	2024-12-17 11:37:10 +00:00
Aaron Rainbolt	4c3ca68453	Disable unnecessary sudoers exceptions	2024-12-16 02:56:52 -05:00
Patrick Schleizer	9d06341c91	Merge pull request #285 from Kicksecure/permission-hardener-mount Permission Hardener: treat mount same as umount	2024-12-14 15:18:56 -05:00
raja-grewal	c116796854	`arp_ignore`: Add reference to 2024-12-10 Mullvad VPN audit details	2024-12-12 06:36:47 +00:00
Patrick Schleizer	a9dd592a8b	bumped changelog version	2024-12-10 19:19:10 +00:00
Patrick Schleizer	58722324ec	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/no-recovery-mode'	2024-12-10 14:18:50 -05:00
Patrick Schleizer	518224b8cf	bumped changelog version	2024-12-10 19:17:10 +00:00
Aaron Rainbolt	439fa7f3be	Harden/disable recovery mode options	2024-12-08 03:42:54 -06:00
Patrick Schleizer	7902311c57	do not create /etc/sysctl.d/30-lkrg-virtualbox.conf if LKRG is not installed	2024-12-07 04:54:47 -05:00
Patrick Schleizer	1ce37d42cd	.	2024-12-07 04:50:40 -05:00

1 2 3 4 5 ...

2513 Commits