Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-04-15 02:43:02 -04:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 69ae2d9ea0
         Merge remote-tracking branch 'ArrayBolt3/arraybolt3/permission-hardener-migrate' Patrick Schleizer 2025-01-14 03:15:45 -05:00
  • de9ebabd46
         Fix minor migration bugs, don't run the migration code on new image builds Aaron Rainbolt 2025-01-13 21:57:10 -06:00
  • a9e87e9d30
         Prevent installation failures when installing non-interactively Aaron Rainbolt 2025-01-12 21:13:43 -06:00
  • 5570d3e5b9
         Add a forgotten set -e Aaron Rainbolt 2025-01-12 20:40:41 -06:00
  • 07786de039
         Enable smooth migration from permission-hardener-v1 to permission-hardener-v2 Aaron Rainbolt 2025-01-12 19:34:41 -06:00
  • de1f31e3df
         bumped changelog version 42.4-1 Patrick Schleizer 2025-01-12 11:47:18 +00:00
  • b0baa8baa5
         add link Patrick Schleizer 2025-01-12 05:38:35 -05:00
  • d6a7cd3e0d
         formatting. Patrick Schleizer 2025-01-12 05:36:16 -05:00
  • 485d9abd1d
         bumped changelog version 42.3-1 Patrick Schleizer 2025-01-10 15:34:21 +00:00
  • c17485baa1
         Merge remote-tracking branch 'github-kicksecure/master' Patrick Schleizer 2025-01-10 10:32:26 -05:00
  • e9ef3602dd
         Merge pull request #292 from raja-grewal/cpu_table Patrick Schleizer 2025-01-10 10:30:34 -05:00
  • 1b33e83529
         Merge pull request #291 from raja-grewal/drop_gratuitous_arp Patrick Schleizer 2025-01-10 10:29:30 -05:00
  • 486757bfae
         Merge pull request #290 from raja-grewal/arp_ignore Patrick Schleizer 2025-01-10 10:29:12 -05:00
  • 17ff249150
         Merge pull request #289 from raja-grewal/arp_filter Patrick Schleizer 2025-01-10 10:28:48 -05:00
  • 27d19ba568
         Merge pull request #288 from raja-grewal/shared_media Patrick Schleizer 2025-01-10 10:28:05 -05:00
  • 482960d056
         permission-hardener: move to new state folder /var/lib/permission-hardener-v2 without migration Patrick Schleizer 2025-01-10 10:21:12 -05:00
  • cf435a8fa8
         README.md: Note importance of microcode updates raja-grewal 2025-01-10 13:22:21 +11:00
  • 3a31cc99b3
         Merge remote-tracking branch 'ArrayBolt3/arraybolt3/usrmerge' Patrick Schleizer 2025-01-09 09:30:58 -05:00
  • 538b312349
         Add comment about microcode updates raja-grewal 2025-01-09 15:28:56 +11:00
  • 1f8eee4720
         Add missing sentence full stop raja-grewal 2025-01-08 18:36:00 +11:00
  • 5e3785d76e
         README.md: Remove double space raja-grewal 2025-01-08 18:35:52 +11:00
  • 5941195e96
         Don't worry about files under /bin anymore, Bookworm uses a merged /usr directory Aaron Rainbolt 2025-01-07 14:10:46 -06:00
  • c4cfb8597d
         Merge remote-tracking branch 'ArrayBolt3/arraybolt3/permission-hardener-refactor' Patrick Schleizer 2025-01-06 08:43:54 -05:00
  • c6be621968
         bumped changelog version 42.2-1 Patrick Schleizer 2025-01-06 10:31:40 +00:00
  • 6e0787957b
         increase priority of pam wheel so it is checked even before faillock Patrick Schleizer 2025-01-06 05:29:40 -05:00
  • d4767b7520
         fix: apply PAM wheal only to su PAM service Patrick Schleizer 2025-01-06 04:24:44 -05:00
  • 93ebf176c5
         Make the main field count check in permission-hardener a bit more elegant Aaron Rainbolt 2025-01-02 20:41:40 -05:00
  • 895c0f541f
         Merge branch 'master' into arraybolt3/permission-hardener-refactor Aaron Rainbolt 2025-01-01 15:04:01 -06:00
  • 40b23cfad4
         bumped changelog version 42.1-1 Patrick Schleizer 2024-12-31 18:42:01 +00:00
  • 33114f771a
         copyright Patrick Schleizer 2024-12-31 13:26:21 -05:00
  • bb24bff296
         bumped changelog version 42.0-1 Patrick Schleizer 2024-12-31 14:09:34 +00:00
  • 0640964c35
         readme Patrick Schleizer 2024-12-31 06:14:29 -05:00
  • 717e6fcfbe
         Post-review improvements to permission-hardener Aaron Rainbolt 2024-12-30 19:23:20 -06:00
  • dbcb612517
         Polish permission-hardener refactor Aaron Rainbolt 2024-12-25 19:48:28 -06:00
  • 397b476a82
         bumped changelog version 41.9-1 Patrick Schleizer 2024-12-26 04:12:02 +00:00
  • 66f8c18c65
         Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint' Patrick Schleizer 2024-12-25 22:43:04 -05:00
  • 83d3867959
         Refactor permission-hardener to be more idempotent Aaron Rainbolt 2024-12-24 20:14:57 -06:00
  • 6602fb102d
         Adjust pam-info messaging for sysmaint mode Aaron Rainbolt 2024-12-24 20:52:34 -06:00
  • aa82202e70
         bumped changelog version 41.8-1 Patrick Schleizer 2024-12-24 05:16:22 +00:00
  • 27d015d58e
         Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint' Patrick Schleizer 2024-12-24 00:08:58 -05:00
  • 2f3a2bce77
         Add warning about using non-sysmaint accounts in sysmaint mode Aaron Rainbolt 2024-12-20 11:04:22 -06:00
  • 3c73c0cd3a
         bumped changelog version 41.7-1 Patrick Schleizer 2024-12-20 06:01:27 +00:00
  • a4c76c617a
         syntax fix Patrick Schleizer 2024-12-20 01:01:13 -05:00
  • b40bc0a2c9
         bumped changelog version 41.6-1 Patrick Schleizer 2024-12-20 05:58:24 +00:00
  • b21c394ea5
         Trigger permission hardener when new configuration files are being installed. Patrick Schleizer 2024-12-20 00:56:20 -05:00
  • cd027b86e7
         bumped changelog version 41.5-1 Patrick Schleizer 2024-12-20 05:48:48 +00:00
  • ad6e1f5ad4
         move from /etc/permission-hardener.d to /usr/lib/permission-hardener.d Patrick Schleizer 2024-12-20 00:41:06 -05:00
  • a2c1e8c218
         clean up old files in /etc/permission-hardener.d because will be moved to /usr/lib/permission-hardener.d Patrick Schleizer 2024-12-20 00:39:51 -05:00
  • 6de5d2d076
         permission hardener: also parse /usr/lib/permission-hardener.d/*.conf folder Patrick Schleizer 2024-12-20 00:37:44 -05:00
  • 721b100fb6
         bumped changelog version 41.4-1 Patrick Schleizer 2024-12-19 10:58:50 +00:00
  • 642b4eeedc
         Add link to tabular comparison of CPU mitigations raja-grewal 2024-12-19 21:57:25 +11:00
  • 175b442d5b
         use long option name Patrick Schleizer 2024-12-19 05:56:50 -05:00
  • c99021bb0c
         Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint' Patrick Schleizer 2024-12-19 05:56:01 -05:00
  • 2e6e1701a0
         Set net.ipv4.conf.*.drop_gratuitous_arp=1 raja-grewal 2024-12-19 10:35:08 +00:00
  • c37f4efadf
         Set net.ipv4.conf.*.arp_ignore=2 raja-grewal 2024-12-19 10:33:49 +00:00
  • af1d06973b
         Set net.ipv4.conf.*.arp_filter=1 raja-grewal 2024-12-19 10:31:43 +00:00
  • 750367a906
         Set net.ipv4.conf.*.shared_media=0 raja-grewal 2024-12-19 10:29:56 +00:00
  • 95b535764c
         bumped changelog version 41.3-1 Patrick Schleizer 2024-12-19 09:43:26 +00:00
  • daf0a0900b
         fix apt-get-update for non-English locale Patrick Schleizer 2024-12-19 04:39:34 -05:00
  • e9a5b14a0d
         bumped changelog version 41.2-1 Patrick Schleizer 2024-12-19 06:57:42 +00:00
  • 3135a03e21
         Merge remote-tracking branch 'github-kicksecure/master' Patrick Schleizer 2024-12-19 00:34:56 -05:00
  • c7f7196471
         Merge pull request #287 from raja-grewal/patch Patrick Schleizer 2024-12-19 00:31:25 -05:00
  • f0c611d9ed
         comment Patrick Schleizer 2024-12-19 00:18:25 -05:00
  • 4f681be774
         Merge remote-tracking branch 'github-kicksecure/master' Patrick Schleizer 2024-12-19 00:17:44 -05:00
  • e5b67e044b
         Merge pull request #279 from raja-grewal/arp Patrick Schleizer 2024-12-19 00:15:02 -05:00
  • 4cf5757575
         Merge pull request #282 from ArrayBolt3/arraybolt3/umask Patrick Schleizer 2024-12-19 00:08:56 -05:00
  • 9d69cd1912
         Add sysmaint account lock detection Aaron Rainbolt 2024-12-18 21:34:16 -06:00
  • 3749f8ff09
         Update presentation on user namespaces raja-grewal 2024-12-18 03:36:09 +00:00
  • 0dff2cd28f
         Minor additions raja-grewal 2024-12-18 03:32:35 +00:00
  • 3e96fdd9cc
         Enable kvm.mitigate_smt_rsb=1 raja-grewal 2024-12-17 11:44:11 +00:00
  • 45355aabdc
         Enable kvm-intel.vmentry_l1d_flush=always raja-grewal 2024-12-17 11:42:52 +00:00
  • defba1f245
         Refactor CPU mitigations raja-grewal 2024-12-17 11:42:03 +00:00
  • 943c421889
         Minor refactoring raja-grewal 2024-12-17 11:40:38 +00:00
  • ca3a73ac13
         Typo raja-grewal 2024-12-17 11:37:10 +00:00
  • 3e59f92b31
         Reset file attributes if no configuration matches Ben Grande 2024-12-17 03:55:21 +01:00
  • 4c3ca68453
         Disable unnecessary sudoers exceptions Aaron Rainbolt 2024-12-09 12:37:11 -06:00
  • 9d06341c91
         Merge pull request #285 from Kicksecure/permission-hardener-mount Patrick Schleizer 2024-12-14 15:18:56 -05:00
  • c116796854
         arp_ignore: Add reference to 2024-12-10 Mullvad VPN audit details raja-grewal 2024-12-12 06:36:47 +00:00
  • a9dd592a8b
         bumped changelog version 41.1-1 Patrick Schleizer 2024-12-10 19:19:10 +00:00
  • 58722324ec
         Merge remote-tracking branch 'ArrayBolt3/arraybolt3/no-recovery-mode' Patrick Schleizer 2024-12-10 14:18:50 -05:00
  • 518224b8cf
         bumped changelog version 41.0-1 Patrick Schleizer 2024-12-10 19:17:10 +00:00
  • 439fa7f3be
         Harden/disable recovery mode options Aaron Rainbolt 2024-12-08 03:21:27 -06:00
  • 7902311c57
         do not create /etc/sysctl.d/30-lkrg-virtualbox.conf if LKRG is not installed Patrick Schleizer 2024-12-07 04:54:47 -05:00
  • 1ce37d42cd
         . Patrick Schleizer 2024-12-07 04:50:40 -05:00
  • 5b88e92e5c
         permission hardner: treat mount the same way we treat umount permission-hardener-mount Patrick Schleizer 2024-12-06 09:48:58 -05:00
  • 93b51819d4
         permission hardener mount chmod change from 745 to 755 Patrick Schleizer 2024-12-06 09:47:08 -05:00
  • 1708a03e1e
         Enable umask hardening Aaron Rainbolt 2024-11-28 15:20:57 -06:00
  • 59299a6639
         bumped changelog version 40.9-1 Patrick Schleizer 2024-11-25 21:07:42 +00:00
  • 98d7c245ee
         "|| exit 1" no longer required thanks to errexit Patrick Schleizer 2024-11-25 15:57:30 -05:00
  • f9b5d7d3f4
         use strict shell options Patrick Schleizer 2024-11-25 15:48:01 -05:00
  • d32cb8c95b
         use TMP, sponge, refactoring Patrick Schleizer 2024-11-25 15:44:00 -05:00
  • 62a551cfe3
         Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sudoers' Patrick Schleizer 2024-11-25 15:38:01 -05:00
  • d7475e252a
         Make apt-get-update able to be terminated securely Aaron Rainbolt 2024-11-21 20:03:42 -06:00
  • af43472d0c
         bumped changelog version 40.8-1 Patrick Schleizer 2024-11-14 22:24:50 +00:00
  • c7e9460b2a
         output Patrick Schleizer 2024-11-14 16:31:12 -05:00
  • 31804e30ec
         bumped changelog version 40.7-1 Patrick Schleizer 2024-11-14 20:46:26 +00:00
  • ef95b3f9a5
         Revert "fix panic-on-oops.service" Patrick Schleizer 2024-11-14 14:41:14 -05:00
  • 412b371e85
         Merge branch 'Kicksecure:master' into arp raja-grewal 2024-11-13 16:47:57 +11:00
  • 141b84c40d
         Provide option to deny sending and receiving shared media redirects raja-grewal 2024-11-13 05:42:56 +00:00
  • 18aec201bf
         Provide option to harden response to ARP requests raja-grewal 2024-11-13 05:41:25 +00:00