Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-08 23:18:30 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,569 Commits 2 Branches 291 Tags
Commit Graph

2569 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Patrick Schleizer
95dd8f419f
bumped changelog version 2025-01-14 14:07:50 +00:00
Patrick Schleizer
0a2f06b456
use pre.bsh 2025-01-14 09:07:32 -05:00
Patrick Schleizer
6a4f9c1bd8
bumped changelog version 2025-01-14 14:06:50 +00:00
Patrick Schleizer
e60183ec07
output 2025-01-14 09:06:41 -05:00
Patrick Schleizer
a812961bea
verbose 2025-01-14 09:06:12 -05:00
Patrick Schleizer
0e4dfc59dd
bumped changelog version 2025-01-14 13:53:49 +00:00
Patrick Schleizer
cdf179f127
fix 2025-01-14 08:53:38 -05:00
Patrick Schleizer
41cd09933a
bumped changelog version 2025-01-14 09:26:05 +00:00
Patrick Schleizer
eec2e2c8ee
comment 2025-01-14 04:13:39 -05:00
Patrick Schleizer
6d282226ef
comment 2025-01-14 04:12:12 -05:00
Patrick Schleizer
466308e4f9
permission hardener: disable SUID for chrome-sandbox 2025-01-14 04:09:57 -05:00
Patrick Schleizer
7a5f8b87af
permission hardener: disable SUID for ssh-agent, ssh-keysign, /lib/openssh/* 
This might break SSH host-based authentication.
 2025-01-14 04:06:44 -05:00
Patrick Schleizer
d89ffcde30
comment 2025-01-14 04:04:09 -05:00
Patrick Schleizer
9f1759ba0e
comment 2025-01-14 03:56:55 -05:00
Patrick Schleizer
0ac85ea9f5
comment 2025-01-14 03:54:35 -05:00
Patrick Schleizer
fce6a5f830
comment 2025-01-14 03:51:43 -05:00
Patrick Schleizer
1e99404813
comment 2025-01-14 03:50:16 -05:00
Patrick Schleizer
b198591537
comment 2025-01-14 03:49:42 -05:00
Patrick Schleizer
7d44db2cb2
usrmerge 2025-01-14 03:49:15 -05:00
Patrick Schleizer
7e7632a553
bumped changelog version 2025-01-14 08:24:05 +00:00
Patrick Schleizer
420cb3f86f
refactoring 2025-01-14 03:19:21 -05:00
Patrick Schleizer
b7e7b2767e
refactoring 2025-01-14 03:18:17 -05:00
Patrick Schleizer
b2a1a0ec9f
refactoring 2025-01-14 03:17:00 -05:00
Patrick Schleizer
69ae2d9ea0
Merge remote-tracking branch 'ArrayBolt3/arraybolt3/permission-hardener-migrate' 2025-01-14 03:15:45 -05:00
Aaron Rainbolt
de9ebabd46
Fix minor migration bugs, don't run the migration code on new image builds 2025-01-13 22:16:02 -06:00
Aaron Rainbolt
a9e87e9d30
Prevent installation failures when installing non-interactively 2025-01-12 21:13:43 -06:00
Aaron Rainbolt
5570d3e5b9
Add a forgotten set -e 2025-01-12 20:40:41 -06:00
Aaron Rainbolt
07786de039
Enable smooth migration from permission-hardener-v1 to permission-hardener-v2 2025-01-12 19:34:41 -06:00
Patrick Schleizer
de1f31e3df
bumped changelog version 2025-01-12 11:47:18 +00:00
Patrick Schleizer
b0baa8baa5
add link 2025-01-12 05:38:35 -05:00
Patrick Schleizer
d6a7cd3e0d
formatting. 
use chapter to make allow for deep linking
 2025-01-12 05:36:16 -05:00
Patrick Schleizer
485d9abd1d
bumped changelog version 2025-01-10 15:34:21 +00:00
Patrick Schleizer
c17485baa1
Merge remote-tracking branch 'github-kicksecure/master' 2025-01-10 10:32:26 -05:00
Patrick Schleizer
e9ef3602dd
Merge pull request #292 from raja-grewal/cpu_table 
Add link to tabular comparison of CPU mitigations
 2025-01-10 10:30:34 -05:00
Patrick Schleizer
1b33e83529
Merge pull request #291 from raja-grewal/drop_gratuitous_arp 
Drop gratuitous ARP packets
 2025-01-10 10:29:30 -05:00
Patrick Schleizer
486757bfae
Merge pull request #290 from raja-grewal/arp_ignore 
Respond to ARP requests only if the target IP address is on-link
 2025-01-10 10:29:12 -05:00
Patrick Schleizer
17ff249150
Merge pull request #289 from raja-grewal/arp_filter 
Enable ARP filtering
 2025-01-10 10:28:48 -05:00
Patrick Schleizer
27d19ba568
Merge pull request #288 from raja-grewal/shared_media 
Deny sending and receiving shared media redirects
 2025-01-10 10:28:05 -05:00
Patrick Schleizer
482960d056
permission-hardener: move to new state folder /var/lib/permission-hardener-v2 without migration 
https://github.com/Kicksecure/security-misc/pull/294
 2025-01-10 10:21:12 -05:00
raja-grewal
cf435a8fa8
README.md: Note importance of microcode updates 2025-01-10 13:22:21 +11:00
Patrick Schleizer
3a31cc99b3
Merge remote-tracking branch 'ArrayBolt3/arraybolt3/usrmerge' 2025-01-09 09:30:58 -05:00
raja-grewal
538b312349
Add comment about microcode updates 2025-01-09 15:28:56 +11:00
raja-grewal
1f8eee4720
Add missing sentence full stop 2025-01-08 18:36:00 +11:00
raja-grewal
5e3785d76e
README.md: Remove double space 2025-01-08 18:35:52 +11:00
Aaron Rainbolt
5941195e96
Don't worry about files under /bin anymore, Bookworm uses a merged /usr directory 2025-01-07 14:10:46 -06:00
Patrick Schleizer
c4cfb8597d
Merge remote-tracking branch 'ArrayBolt3/arraybolt3/permission-hardener-refactor' 2025-01-06 08:43:54 -05:00
Patrick Schleizer
c6be621968
bumped changelog version 2025-01-06 10:31:40 +00:00
Patrick Schleizer
6e0787957b
increase priority of pam wheel so it is checked even before faillock 
in case of attemtping to use `su` without being a member of the required group `sudo`, it's useful to abort the PAM stack as early as possible to avoid needlessly propmting for a password to later
be rejected tu to lack of group membership
 2025-01-06 05:29:40 -05:00
Patrick Schleizer
d4767b7520
fix: apply PAM wheal only to su PAM service 2025-01-06 04:24:44 -05:00
Aaron Rainbolt
93ebf176c5
Make the main field count check in permission-hardener a bit more elegant 2025-01-02 20:42:06 -05:00