commit 130434186811930d40407115af99116d4982da49 Author: Patrick Schleizer Date: Fri Jan 17 03:10:56 2020 -0500 readme commit 6f8d89c6c5609ed83d9dcd174375cb1ccfca91d8 Author: Patrick Schleizer Date: Wed Jan 15 15:54:06 2020 -0500 error handling commit 7211f6e0199d2ccb50437c7a5b0842050590b5dc Merge: e110ea0 f6cc76a Author: Patrick Schleizer Date: Wed Jan 15 15:53:36 2020 -0500 Merge remote-tracking branch 'origin/master' commit f6cc76acd729428f83d3497a2e83bfc4b14f1ff8 Merge: e110ea0 1df48a2 Author: Patrick Schleizer Date: Wed Jan 15 20:52:33 2020 +0000 Merge pull request #55 from madaidan/sysctl.conf Process sysctl.conf in initramfs commit 1df48a226d83b98dadc8bfb8dbc479dd656e2313 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Jan 15 20:30:17 2020 +0000 Update control commit f7fde60b67a7ef44658cde3b835565407aafd133 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Jan 15 20:28:32 2020 +0000 Process sysctl.conf too commit e110ea0b84329dfbe0175298b21e7732f7105436 Author: Patrick Schleizer Date: Wed Jan 15 11:37:52 2020 -0500 bumped changelog version commit 0f17596aacb86afb7abcdd4781a9995dde23d3bb Author: Patrick Schleizer Date: Wed Jan 15 11:35:41 2020 -0500 readme commit 0618b5346493723865cc6f2a632822c8b6fa690a Author: Patrick Schleizer Date: Wed Jan 15 11:35:07 2020 -0500 fix lintian warning commit 47ce3bec75f9aeb808993a70579ba93d2527a371 Author: Patrick Schleizer Date: Wed Jan 15 11:05:54 2020 -0500 bumped changelog version commit 73e830d0ac1ece338b0e80ca1a020d84a15d1774 Author: Patrick Schleizer Date: Wed Jan 15 10:08:57 2020 -0500 readme commit 8ab4623f8e81ad1b67858b458f2ae4085e7c8e65 Merge: 8015954 087465a Author: Patrick Schleizer Date: Wed Jan 15 06:06:39 2020 -0500 Merge remote-tracking branch 'origin/master' commit 087465a0cdecc4765f7b659256cdd5e8cdef73ab Merge: 8015954 528c5fc Author: Patrick Schleizer Date: Wed Jan 15 11:02:30 2020 +0000 Merge pull request #53 from madaidan/sysctl-initramfs Set sysctl values in initramfs commit 528c5fc4c41026396a63ac91af7c156dd0d4f191 Merge: 9dc43ea 8015954 Author: Patrick Schleizer Date: Wed Jan 15 11:02:03 2020 +0000 Merge branch 'master' into sysctl-initramfs commit 80159545a580830565ec01a507915add9c44838a Author: Patrick Schleizer Date: Wed Jan 15 02:42:10 2020 -0500 fix xfce4-power-manager xfpm-power-backlight-helper pkexec lxsudo popup https://forums.whonix.org/t/xfce4-power-manager-xfpm-power-backlight-helper-pkexec-lxsudo-popup/8764 do show lxqt-sudo password prompt if there is a sudoers exceptoin improved pkexec wrapper logging commit d90ca4b1ad18289d6bcfcef51cfb032a0b4423eb Author: Patrick Schleizer Date: Tue Jan 14 15:12:13 2020 -0500 refactoring commit 082f04f2d4101828455a4a9b2852376a72ced6ce Author: Patrick Schleizer Date: Tue Jan 14 15:04:58 2020 -0500 add logging to pkexec wrapper commit 1059ccf2254d0aac40d2c14680fea2a4012a2d66 Author: Patrick Schleizer Date: Tue Jan 14 09:28:28 2020 -0500 bumped changelog version commit 660837dc380440f6b00d3baf9395222376163b3b Author: Patrick Schleizer Date: Tue Jan 14 09:25:32 2020 -0500 fix case when user "user" does not exists commit 18c726c3eebc93f69062f1e4c1d3c7ab394985c3 Author: Patrick Schleizer Date: Tue Jan 14 09:23:02 2020 -0500 comment commit b8652681e741236af2e20876d7103b2dfb0ae9bf Author: Patrick Schleizer Date: Tue Jan 14 09:21:47 2020 -0500 fix legacy commit cc21f912a372faef8322801e9a48882f29159c2d Author: Patrick Schleizer Date: Tue Jan 14 09:20:36 2020 -0500 bumped changelog version commit 2078cd237f2aaad8d68c1c5eab3f9942460ecd3c Author: Patrick Schleizer Date: Tue Jan 14 09:18:30 2020 -0500 readme commit c377c5ff83437a5447ecc9c873150421f4f1e691 Merge: 8341242 539f24b Author: Patrick Schleizer Date: Tue Jan 14 09:01:38 2020 -0500 Merge remote-tracking branch 'origin/master' commit 539f24b65ee7739487d8038fcb1fdfb1ed62ab22 Merge: 8341242 0953bbe Author: Patrick Schleizer Date: Tue Jan 14 14:01:17 2020 +0000 Merge pull request #54 from madaidan/panic_on_oops Document panic_on_oops commit 0953bbe1d7f3e789aef2218a65c14c586dab4bcb Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Jan 13 21:05:35 2020 +0000 Update control commit 9dc43eae38b55951cae2a9bf93114bcf742f8c8b Author: madaidan <> Date: Sun Jan 12 21:42:07 2020 +0000 Description commit 8c4e0ff1c4d6191dbb40b28cfc23a8185cc0cbdb Author: madaidan Date: Sun Jan 12 21:37:37 2020 +0000 Set sysctl values in initramfs commit 8341242abc342d9cbd82afe12f512daf73a9e59a Author: Patrick Schleizer Date: Sat Jan 11 15:19:29 2020 -0500 bumped changelog version commit 130a4cf6d433f4d862e10e31abbc2b1f3b1614d2 Author: Patrick Schleizer Date: Sat Jan 11 15:17:06 2020 -0500 readme commit 61a2d390a7d6195d556898db8afa57822a9bc76a Author: Patrick Schleizer Date: Sat Jan 11 15:15:12 2020 -0500 lintian commit 3fae8e771ffbdd3023921b296e46cf982034d2ac Merge: 13a1e13 e9f4dbd Author: Patrick Schleizer Date: Sat Jan 11 15:14:43 2020 -0500 Merge remote-tracking branch 'origin/master' commit e9f4dbdda579db83f330054253100bc7c5d1e2be Merge: 13a1e13 6088444 Author: Patrick Schleizer Date: Sat Jan 11 20:14:10 2020 +0000 Merge pull request #52 from madaidan/vivid Blacklist the vivid kernel module commit 6088444c371f021ca23daa3a0ab1ee431d429a61 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sat Jan 11 18:38:17 2020 +0000 Update control commit a662a76a52970530a4a3c3d6a284ce9400dc74c6 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sat Jan 11 18:37:00 2020 +0000 Blacklist vivid commit 13a1e1321e05965ad9449fafa4406c4d3b781dcf Author: Patrick Schleizer Date: Wed Jan 1 05:59:59 2020 -0500 bumped changelog version commit 5031e7cc4b8bfc4037ba6ea029e20637090ccacb Author: Patrick Schleizer Date: Tue Dec 31 08:18:38 2019 -0500 better output if trying to login with non-existing user commit b2bdeb90957da4ebe38e7f12fba0330b89e0983d Author: Patrick Schleizer Date: Tue Dec 31 06:08:32 2019 -0500 bumped changelog version commit 2a3aae62b1cf97313b925fac94261e28af7ea3d1 Author: Patrick Schleizer Date: Tue Dec 31 06:06:52 2019 -0500 fix commit 427deec3f50664f2fbb244b6cf060bb5b9e821b6 Author: Patrick Schleizer Date: Tue Dec 31 06:03:48 2019 -0500 bumped changelog version commit e89552c9846f85b4bbf73595080d71dcd873fe29 Author: Patrick Schleizer Date: Tue Dec 31 05:55:44 2019 -0500 add user "user" to group "console" in Whonix and Kicksecure enable Console Lockdown in Whonix and Kicksecure commit b5a2d1dc581b53974aaa148f6d8f3054c9d1c5fe Author: Patrick Schleizer Date: Tue Dec 31 02:54:58 2019 -0500 bumped changelog version commit 20697db3ee5d227176c4d31e6c96454a64f47797 Author: Patrick Schleizer Date: Tue Dec 31 02:53:02 2019 -0500 improve console lockdown info output commit 788914de95ee9299d685e8b65466feee1085cf18 Author: Patrick Schleizer Date: Tue Dec 31 02:46:32 2019 -0500 group ssh check was removed https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/27 commit 06ed728d791abe0ad3c93091fd8ebc088f73c4ef Author: Patrick Schleizer Date: Mon Dec 30 06:42:14 2019 -0500 bumped changelog version commit f3ff32ddbb8a7cf7555b9f1b2154e83154532a3d Author: Patrick Schleizer Date: Mon Dec 30 06:39:24 2019 -0500 Protect /bin/mount from 'chmod -x'. /bin/mount exactwhitelist /usr/bin/mount exactwhitelist Remove SUID from 'mount' but keep executable. /bin/mount 745 root root /usr/bin/mount 745 root root https://forums.whonix.org/t/disable-suid-binaries/7706/61 commit e4e9c4e3b09138af25e94a6db81b0f759ddb4d1b Author: Patrick Schleizer Date: Mon Dec 30 05:59:43 2019 -0500 bumped changelog version commit 9c0d6b605707dbcb7db9cd227257a5dcd612f784 Author: Patrick Schleizer Date: Sun Dec 29 05:09:07 2019 -0500 copyright commit edc08988f26532daf90bc4a4f007aef53e62eeaf Author: Patrick Schleizer Date: Sun Dec 29 05:08:53 2019 -0500 copyright commit 9156d3584cd7ba9064d5af54afd95b6d8e73907b Author: Patrick Schleizer Date: Sun Dec 29 04:59:05 2019 -0500 Description commit 3ea946b365d8b05cabce63f4d26b3153559aa465 Author: Patrick Schleizer Date: Sun Dec 29 04:56:51 2019 -0500 RemainAfterExit=yes commit 2787ae976580d20ea4da5213c7f624f984510934 Author: Patrick Schleizer Date: Sun Dec 29 04:56:35 2019 -0500 copyright commit 6d56eb9ef0e2cfbba46df2294deb9c8e6b9aa2b7 Author: Patrick Schleizer Date: Sun Dec 29 04:56:18 2019 -0500 minor commit 0e14706f32728123f1d345b73266934fe454a989 Author: Patrick Schleizer Date: Sun Dec 29 04:45:26 2019 -0500 copyright commit 1a0f7a77335940a11e33ca519d8f64429b8ee966 Author: Patrick Schleizer Date: Sun Dec 29 04:43:32 2019 -0500 debugging commit 5271892cb1e4646b79388d064227d4662b682583 Author: Patrick Schleizer Date: Sun Dec 29 04:42:54 2019 -0500 debugging commit 683028049c46516ba105b1b73364960b3b87efd6 Author: Patrick Schleizer Date: Sun Dec 29 04:41:23 2019 -0500 debugging commit e3e1ff2a310c46fab67309edd88e73096843edcb Author: Patrick Schleizer Date: Sun Dec 29 04:35:46 2019 -0500 exit with error if a config line cannot be processed rather than skipping https://forums.whonix.org/t/disable-suid-binaries/7706/59 commit d5c99f3a60372a00ded4b1b4340775aab1421d31 Author: Patrick Schleizer Date: Sun Dec 29 04:27:21 2019 -0500 output commit e5623fcd2b32b58e72c2ef80955072f013672e0d Author: Patrick Schleizer Date: Sun Dec 29 04:21:52 2019 -0500 comment commit d7f58db52c926c11157671c4555ca97f02929a76 Author: Patrick Schleizer Date: Fri Dec 27 05:30:12 2019 -0500 bumped changelog version commit 674840e6f9fb362dc713da3edde07132b5ae17d4 Author: Patrick Schleizer Date: Thu Dec 26 05:44:35 2019 -0500 /fusermount matchwhitelist unbreak AppImages such as electrum Bitcoin wallet https://forums.whonix.org/t/disable-suid-binaries/7706/57 commit 507a30d6e39f17fcb09b92033fe1d831e7d4baf4 Author: Patrick Schleizer Date: Tue Dec 24 18:35:49 2019 -0500 bumped changelog version commit 04f438f75d4566822026373e78988e9d4e42b8b5 Author: Patrick Schleizer Date: Tue Dec 24 18:09:37 2019 -0500 comment commit 9da0e428ed4635fb5ca98b2d72b56b553404a742 Author: Patrick Schleizer Date: Tue Dec 24 17:54:31 2019 -0500 debugging commit e18ec533c3ebb382f974d30db3cd1f5eace648c2 Author: Patrick Schleizer Date: Tue Dec 24 17:54:02 2019 -0500 comment commit 0326cd5ee9371213420d2afdcbfb0a05d9a808e6 Author: Patrick Schleizer Date: Tue Dec 24 08:07:55 2019 -0500 bumped changelog version commit ede536913daa0c7ddfe55e20c93d7b752daa5de3 Author: Patrick Schleizer Date: Tue Dec 24 06:00:41 2019 -0500 no longer hardcode amd64 commit d03a3d9ac03bc29ba349107855936dd194e12271 Merge: 9d77d88 27a42a9 Author: Patrick Schleizer Date: Tue Dec 24 05:57:24 2019 -0500 Merge remote-tracking branch 'origin/master' commit 27a42a9da82bc1f22135ffa509925f63177f25d9 Merge: ac49c55 79241c5 Author: Patrick Schleizer Date: Tue Dec 24 10:55:11 2019 +0000 Merge pull request #50 from madaidan/modules Make /lib/modules unreadable commit ac49c55d1fafff5f36bd7c595f50db295ff616a2 Merge: 0c3d4ad 98e88d1 Author: Patrick Schleizer Date: Tue Dec 24 10:55:03 2019 +0000 Merge pull request #49 from madaidan/kver Detect kernel upgrades commit 0c3d4ad255de75b57a2e316bf8a7fd77a2fc0d4d Merge: 9d77d88 d1a0650 Author: Patrick Schleizer Date: Tue Dec 24 10:54:23 2019 +0000 Merge pull request #48 from madaidan/kernel-hardening Use only one slub_debug parameter commit 79241c5d09c4a7123cf90b45289b53d893135efb Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Dec 23 20:28:29 2019 +0000 Make /lib/modules unreadable commit 98e88d1456ca0e8fa23809115c51c380a4bb2d3b Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Dec 23 19:57:43 2019 +0000 Detect kernel upgrades commit d1a0650fd944973ab614c1da06f8e555b31b73ae Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Dec 23 19:44:52 2019 +0000 Use only one slub_debug parameter commit 9d77d88a4dfd0f42a2a671bbec49f4ebd90af882 Author: Patrick Schleizer Date: Mon Dec 23 09:39:50 2019 -0500 comments commit 7a80837b4f0a7201f3e092ad9b99b4cddb6043b3 Author: Patrick Schleizer Date: Mon Dec 23 08:48:04 2019 -0500 bumped changelog version commit 617c0a0e15f1c113b6e7fd748bb75978e4f23fcd Author: Patrick Schleizer Date: Mon Dec 23 07:21:26 2019 -0500 disable remount-secure.service - Disable for now until development finished / tested. commit 3e131174d5919303462295cb0852a9254885ae7c Author: Patrick Schleizer Date: Mon Dec 23 05:00:35 2019 -0500 comments commit bef41a38c26548d50101f7ea636316e1e2107a55 Author: Patrick Schleizer Date: Mon Dec 23 03:58:00 2019 -0500 bumped changelog version commit 046ceeae4df3b45916f35b0789af341c4f3d911a Author: Patrick Schleizer Date: Mon Dec 23 03:57:36 2019 -0500 readme commit 9f072ce4f99467f82986be348c9cedc2eb7f017d Author: Patrick Schleizer Date: Mon Dec 23 03:46:02 2019 -0500 comment commit 26fe9394fff2eb5be2f19272ea76ed187a8237e5 Author: Patrick Schleizer Date: Mon Dec 23 03:41:54 2019 -0500 disable lockdown for now due to module loading commit 9ec5b0ee82263e1afb38c44348e69437ddc5c9c2 Author: Patrick Schleizer Date: Mon Dec 23 03:38:49 2019 -0500 description: lockdown not enabled yet commit b05669accfe6fac8070003bbd57939ca2c621445 Merge: 11b4192 1ff51ee Author: Patrick Schleizer Date: Mon Dec 23 03:38:04 2019 -0500 Merge branch 'madaidan-kernel-hardening' commit 1ff51ee061dcdb1a898ebb68c0267ce926e0fca0 Author: Patrick Schleizer Date: Mon Dec 23 03:37:28 2019 -0500 merge commit 535c258b834028e5638fd2b37b1a6f352e2b4558 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Dec 18 20:43:01 2019 +0000 More kernel hardening commit 11b4192fbdbc02af97e7dc32677bdb3a549b0000 Author: Patrick Schleizer Date: Mon Dec 23 03:28:42 2019 -0500 comments commit 42ff53e9ad26190dcbff154f6cfd039e3f6bdf83 Author: Patrick Schleizer Date: Mon Dec 23 02:42:07 2019 -0500 bumped changelog version commit 2152fa2d61fa72935b70e60b98ccbe2e1b31db43 Author: Patrick Schleizer Date: Mon Dec 23 02:38:53 2019 -0500 comment commit f8f2e6c7041d98572452be2e53094d0c539b1616 Author: Patrick Schleizer Date: Mon Dec 23 02:35:13 2019 -0500 fix disablewhitelist feature commit 47ddcad0c0af27093f61cf77008224bf66572532 Author: Patrick Schleizer Date: Mon Dec 23 02:29:47 2019 -0500 rename keyword whitelist to exactwhitelist add new keyword disablewhitelist refactoring commit 175d1c284552a08881286e8c3ca5d8eb9b97a144 Author: Patrick Schleizer Date: Mon Dec 23 02:13:13 2019 -0500 bumped changelog version commit 0409aac3aeb7acc273e19b16e78409994c731f2a Author: Patrick Schleizer Date: Mon Dec 23 02:09:04 2019 -0500 readme commit 1ff56625a170c392f6099b41f371c56032362ea0 Author: Patrick Schleizer Date: Mon Dec 23 01:42:03 2019 -0500 polkit-agent-helper-1 matchwhitelist to match both - /usr/lib/policykit-1/polkit-agent-helper-1 matchwhitelist - /lib/policykit-1/polkit-agent-helper-1 commit d484b299ea1a93a401d00a212d675b5837b8aaa9 Author: Patrick Schleizer Date: Mon Dec 23 01:38:31 2019 -0500 matchwhitelist /qubes/qfile-unpacker to match both - /usr/lib/qubes/qfile-unpacker whitelist - /lib/qubes/qfile-unpacker commit 34bf2457136db227cc27a5d0fe9282f09780a310 Author: Patrick Schleizer Date: Mon Dec 23 01:35:45 2019 -0500 output commit ba30e45d15ec53b2d0a67ce96f5132d3f59bf870 Author: Patrick Schleizer Date: Mon Dec 23 01:32:42 2019 -0500 output commit ee9c5742da99673785068b0393e3587a77c99a31 Author: Patrick Schleizer Date: Mon Dec 23 01:29:48 2019 -0500 output commit 6d05359abcf460cbec266401530a9ab1aaaaf47f Author: Patrick Schleizer Date: Mon Dec 23 01:21:52 2019 -0500 output commit a1e78e8515a87ebc8fc2211b3e1e91824fd3865a Author: Patrick Schleizer Date: Mon Dec 23 01:20:56 2019 -0500 fix needlessly re-adding entries commit 906b3d32e769bbd30ed5698268899a7d2ec71d95 Author: Patrick Schleizer Date: Mon Dec 23 01:09:57 2019 -0500 output commit 4f76867da6ce5710cf486175cd84adcd72640049 Author: Patrick Schleizer Date: Mon Dec 23 01:08:02 2019 -0500 lower debugging commit dc6e5d8508a09bd7f2b9bfed02bc502797c11361 Author: Patrick Schleizer Date: Mon Dec 23 01:06:38 2019 -0500 fix commit 87b999f92aab4f4176f366308c27c4fe5471580c Author: Patrick Schleizer Date: Mon Dec 23 00:59:43 2019 -0500 refactoring commit 065ff4bd058ab26df3d3af1022da9d6a7405ab61 Author: Patrick Schleizer Date: Mon Dec 23 00:59:24 2019 -0500 sanity_tests commit fef1469fe62bf923ba89077934c8b0e5d8cd0258 Author: Patrick Schleizer Date: Mon Dec 23 00:51:14 2019 -0500 exit non-zero if capability removal failed commit 3670fcf48baecffe098c96eb67cbd601bc3e0069 Author: Patrick Schleizer Date: Mon Dec 23 00:49:33 2019 -0500 depend on libcap2-bin for setcap / getcap / capsh commit 17a8c294702acb30c397abc984d69c356cec2cd7 Author: Patrick Schleizer Date: Mon Dec 23 00:47:49 2019 -0500 fix capability removal error handling https://forums.whonix.org/t/disable-suid-binaries/7706/45 commit b631e2ecd8ae0e08850edd81bf64b02666fb6234 Author: Patrick Schleizer Date: Mon Dec 23 00:36:41 2019 -0500 refactoring commit 7aea304549cea2c885c2d813c7a15f617f4ebf2a Author: Patrick Schleizer Date: Mon Dec 23 00:26:15 2019 -0500 comment commit f4b1df02ee66309d12724cf7124b14180c855f14 Author: Patrick Schleizer Date: Sun Dec 22 19:42:40 2019 -0500 Remove suid / gid and execute permission for 'group' and 'others'. Similar to: chmod og-ugx /path/to/filename Removing execution permission is useful to make binaries such as 'su' fail closed rather than fail open if suid was removed from these. Do not remove read access since no security benefit and easier to manually undo for users. chmod 744 commit 58a4e0bc7d1b87d4d169f31dc5935c75e929c0b4 Author: Patrick Schleizer Date: Sun Dec 22 19:12:10 2019 -0500 dbus-daemon-launch-helper matchwhitelist commit 15e3a2832da603f5caa9aadc6d68aaf503f013c9 Author: Patrick Schleizer Date: Sun Dec 22 18:57:23 2019 -0500 comment commit 6eb8fd257aecd84686b4d7a9824a98bace9a705e Author: Patrick Schleizer Date: Sun Dec 22 18:56:36 2019 -0500 suid utempter/utempter matchwhitelist to cover both: /usr/lib/x86_64-linux-gnu/utempter/utempter /lib/x86_64-linux-gnu/utempter/utempter commit 9409209b48fb8f803b88d72c0e7febaa74f5bd2c Merge: 008ce48 bce02ff Author: Patrick Schleizer Date: Sun Dec 22 10:29:08 2019 -0500 Merge remote-tracking branch 'origin/master' commit bce02ffdc01c22c8d5528eb5eaa7729a6b3137dd Merge: 008ce48 8f11a52 Author: Patrick Schleizer Date: Sun Dec 22 15:26:07 2019 +0000 Merge pull request #47 from madaidan/msr Blacklist CPU MSRs commit 8f11a520f4c406fa3187ad530f945a564b78a28c Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Dec 22 13:54:16 2019 +0000 Update control commit dd93b11321e171c56affcd660c0830d6a91ad87e Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Dec 22 13:52:43 2019 +0000 Blacklist CPU MSRs commit 008ce4817c6ad2218af05d14626b0f2c70a6e90d Author: Patrick Schleizer Date: Sat Dec 21 14:55:03 2019 -0500 bumped changelog version commit d300db3cde0f7ee8e3884a1225ec1d196a318728 Author: Patrick Schleizer Date: Sat Dec 21 14:45:11 2019 -0500 output commit 3921846df6e21a80d87f451e89f96f5b3092dd53 Author: Patrick Schleizer Date: Sat Dec 21 14:36:42 2019 -0500 comment commit 1213415ce649e7305af0b6c6ef2f8435caab5cd8 Author: Patrick Schleizer Date: Sat Dec 21 14:23:35 2019 -0500 bumped changelog version commit 2ddf7b5db5d335d4f64d0df2c0caab0c80a2a046 Author: Patrick Schleizer Date: Sat Dec 21 14:06:51 2019 -0500 /lib/ nosuid commit 1e8457ea476a693dd1e455e4c455bf2e763cec23 Author: Patrick Schleizer Date: Sat Dec 21 14:06:10 2019 -0500 no longer remount /lib https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/25 commit 10c19d6a8fc6b6bc03067dc3be88f486aa78d438 Merge: b2260f4 fffdf50 Author: Patrick Schleizer Date: Sat Dec 21 13:00:41 2019 -0500 Merge remote-tracking branch 'origin/master' commit fffdf5090c707c698de4adacfd5837809b33aa99 Merge: 1c99b56 f5a52ae Author: Patrick Schleizer Date: Sat Dec 21 17:59:56 2019 +0000 Merge pull request #46 from madaidan/remount-secure Don't remount /sys/kernel/security commit f5a52aeddc4742b4dbd8a0075d759b2ceaaae691 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sat Dec 21 14:55:28 2019 +0000 Don't remount /sys/kernel/security commit b2260f48f4ab978b531d8ca9df2dc1a787b6666f Author: Patrick Schleizer Date: Sat Dec 21 08:03:33 2019 -0500 add support for /etc/exec / /usr/local/etc/exec to allow enabling exec on a per VM basis commit 1c99b56c9b99cceab6fe38580d06197dd4bcfb77 Author: Patrick Schleizer Date: Sat Dec 21 07:49:55 2019 -0500 bumped changelog version commit 161b6f6b885586cd65b8ac13b0bd113691465522 Author: Patrick Schleizer Date: Sat Dec 21 07:49:29 2019 -0500 readme commit b74e5ca97244209e041f55483027365eacdf44c9 Author: Patrick Schleizer Date: Sat Dec 21 07:47:00 2019 -0500 comment commit 8fb17624bc3471a3676e76b3695179cde1ec21da Author: Patrick Schleizer Date: Sat Dec 21 07:44:51 2019 -0500 comment commit aef796a524f9156b584a7d8d203decc446c5d3b9 Author: Patrick Schleizer Date: Sat Dec 21 07:44:23 2019 -0500 disable debugging commit 1fe83d683f97af6730948aecce3216a51979c695 Author: Patrick Schleizer Date: Sat Dec 21 07:43:55 2019 -0500 comment commit 7c3da38bd53427501bcb0ac0d56bd626ce9e6adb Author: Patrick Schleizer Date: Sat Dec 21 07:42:25 2019 -0500 comment commit 9050058bc2427a701095901a5bd275767437391b Author: Patrick Schleizer Date: Sat Dec 21 07:42:01 2019 -0500 fix commit 0c4db8c2b054a10554f163c31e3e626a80981c52 Author: Patrick Schleizer Date: Sat Dec 21 07:38:25 2019 -0500 bumped changelog version commit 6b13a644df279ec3ccf3814e86233baafc0cf437 Author: Patrick Schleizer Date: Sat Dec 21 07:37:41 2019 -0500 add /usr/lib/security-misc/permission-hardening-undo commit af8b04b73d6d64792fc1ffb7f6b04b273c0ca7ec Author: Patrick Schleizer Date: Sat Dec 21 06:58:01 2019 -0500 rm_conffile /etc/apparmor.d/usr.lib.security-misc.pam_tally2-info rm_conffile /etc/apparmor.d/usr.lib.security-misc.permission-lockdown https://github.com/Whonix/security-misc/pull/45 commit 2350e0f5d06d9625835ba1547aab0054b795c0c5 Merge: 3ea5871 efd65a3 Author: Patrick Schleizer Date: Sat Dec 21 06:57:10 2019 -0500 Merge remote-tracking branch 'origin/master' commit efd65a3f15fc9380e2019c9d7ad0bf82adcc230d Merge: c336bc4 c28ddf5 Author: Patrick Schleizer Date: Sat Dec 21 11:56:31 2019 +0000 Merge pull request #45 from madaidan/apparmor Delete apparmor profiles commit 3ea587187e9d0a927799a66d15d163ee56a41978 Author: Patrick Schleizer Date: Sat Dec 21 06:53:07 2019 -0500 no need to exclude xorg nosuid on Debian http://forums.whonix.org/t/permission-hardening/8655/25 commit c336bc4fd229d9a6370df5520aaa4e872465de5a Author: Patrick Schleizer Date: Sat Dec 21 06:39:13 2019 -0500 comment commit fac17a963d3dec1b399fd9b41ebebcedb7e90f43 Author: Patrick Schleizer Date: Sat Dec 21 06:28:19 2019 -0500 bumped changelog version commit b5f88efe2072eca99c245fc60442c82a270fab8e Author: Patrick Schleizer Date: Sat Dec 21 06:27:01 2019 -0500 fix commit 2088628c8d44306e51c8a1407caee99e5eb4ce5b Author: Patrick Schleizer Date: Sat Dec 21 06:24:08 2019 -0500 debugging commit 2dca031527fa38a932619ed2336a5aa472a85205 Author: Patrick Schleizer Date: Sat Dec 21 06:22:46 2019 -0500 debugging commit 195e00cc8796d532a68f90b7c1f8f30d17f24246 Author: Patrick Schleizer Date: Sat Dec 21 06:16:38 2019 -0500 output commit 78d33d8b57fdef3b16e8ab5b4f6b0487d51b9657 Author: Patrick Schleizer Date: Sat Dec 21 06:12:20 2019 -0500 bumped changelog version commit 4b21b6df4167a2a95392a39182c636bdc097bc7e Author: Patrick Schleizer Date: Sat Dec 21 06:11:44 2019 -0500 fix commit ff48b672a8537e65c3d0b3ccfb65fb29c2d3766c Author: Patrick Schleizer Date: Sat Dec 21 06:00:17 2019 -0500 bumped changelog version commit 8436da2b7b0b9d309b57ed6ab36f2042fd82f4ae Author: Patrick Schleizer Date: Sat Dec 21 05:58:50 2019 -0500 output commit da15265e1c311be16c1dd0a8681e630548fac0e9 Author: Patrick Schleizer Date: Sat Dec 21 05:55:23 2019 -0500 fix commit 2a248fe0de1b86b416c705ecce81dcb549581d9b Author: Patrick Schleizer Date: Sat Dec 21 05:54:39 2019 -0500 fix commit 4f12664362fb4304ed43185ed5805f686bdeb0af Author: Patrick Schleizer Date: Sat Dec 21 05:54:07 2019 -0500 output commit e3355843c835c650d4701a2b94b93cc0040ca419 Author: Patrick Schleizer Date: Sat Dec 21 05:51:22 2019 -0500 fix commit 234ec5fe93c9b03c02e076621ac919f12062c4e5 Author: Patrick Schleizer Date: Sat Dec 21 05:47:35 2019 -0500 fix commit 65b5adb2d731f52533bda24eb6868d9e2968e2ed Author: Patrick Schleizer Date: Sat Dec 21 05:38:39 2019 -0500 bumped changelog version commit 7ff900c20457ee42d415c4eddf3b08f1ac5e4461 Author: Patrick Schleizer Date: Sat Dec 21 05:37:43 2019 -0500 fix commit 2b5a49a61b221161f3b42d3a692d2e22df2afec2 Author: Patrick Schleizer Date: Sat Dec 21 05:31:55 2019 -0500 bumped changelog version commit e1a5ee4bcf5ecb447ae7da0b137f81d520673cde Author: Patrick Schleizer Date: Sat Dec 21 05:26:55 2019 -0500 output commit 66aaf3e22cda9bb58ab72e750a5711556cf1de25 Author: Patrick Schleizer Date: Sat Dec 21 05:25:54 2019 -0500 output commit 7aa7d0b5a0e3b602b527131581f350b9b32fb0d6 Author: Patrick Schleizer Date: Sat Dec 21 05:22:27 2019 -0500 improve error handling commit 8919d38de9206b4802b471c2f40787a2f9d70269 Author: Patrick Schleizer Date: Sat Dec 21 05:21:46 2019 -0500 disable debugging commit cf5dee64fd4e1c44a8726db49b8328841ee6327f Author: Patrick Schleizer Date: Sat Dec 21 05:18:34 2019 -0500 refactoring commit 29cd9a0c38924fc2eb7520db886efc19541476cb Author: Patrick Schleizer Date: Sat Dec 21 05:17:35 2019 -0500 fix commit 486027a4d75917fe2741370aa1e707b8ca14f693 Author: Patrick Schleizer Date: Sat Dec 21 05:15:38 2019 -0500 fix commit 1fd26be864ebd0dab8419e0b2b321522166d6271 Author: Patrick Schleizer Date: Sat Dec 21 05:14:51 2019 -0500 fix commit 0fc97c37beae5d48fed9ec714f19007f402952c9 Author: Patrick Schleizer Date: Sat Dec 21 05:14:39 2019 -0500 fix commit 1018d5b3b0b58a641aaca0419a06c246091932d5 Author: Patrick Schleizer Date: Sat Dec 21 05:11:51 2019 -0500 output commit 4388fc4d5ace9046c9eacb8354d9960599735ee4 Author: Patrick Schleizer Date: Sat Dec 21 05:11:19 2019 -0500 refactoring commit ed20980f4c6c3fb304d8436399f5e14ead7b3ae3 Author: Patrick Schleizer Date: Sat Dec 21 05:07:10 2019 -0500 refactoring commit 315ce86b9a66d15aea2d50f5271c228ee8bd3909 Author: Patrick Schleizer Date: Sat Dec 21 04:33:03 2019 -0500 refactoring commit 0c5848494b147b067afa2b70451fc7e5087823f2 Author: Patrick Schleizer Date: Sat Dec 21 04:21:26 2019 -0500 do not remount if already has intended mount options commit 203f4ad46e6a6950edd4b2a83f47ac71428928e5 Author: Patrick Schleizer Date: Sat Dec 21 04:17:10 2019 -0500 refactoring commit e7fd0dadb03e7f90adfa9ebdaf07530f02a846e7 Author: Patrick Schleizer Date: Sat Dec 21 04:09:35 2019 -0500 output commit e6ea21c7757ad732bd9bcce2c6a7a364780e1b14 Author: Patrick Schleizer Date: Sat Dec 21 04:08:35 2019 -0500 record existing modes in separate dpkg-statoverwrite databases to have a history of what was modified and to allow to undo changes commit 89be5f2ecb998c46ff4864996cd86b97fa56d176 Author: Patrick Schleizer Date: Sat Dec 21 02:05:39 2019 -0500 bumped changelog version commit c28ddf5c4dbfd92aba9a59874f529a4afe69c497 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Fri Dec 20 22:44:31 2019 +0000 Delete usr.lib.security-misc.pam_tally2-info commit cfe69dd66900f7aad5311c02d2b4ee7b400fb90b Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Fri Dec 20 22:44:27 2019 +0000 Delete usr.lib.security-misc.permission-lockdown commit d220bb3bc4aaf923dcb2e2a48ac05dd5f1326442 Author: Patrick Schleizer Date: Fri Dec 20 13:07:01 2019 -0500 suid /usr/lib/chromium/chrome-sandbox whitelist commit 77b3dd5d6b5de0070da7e71154ecbe2e099e3b7f Author: Patrick Schleizer Date: Fri Dec 20 13:02:33 2019 -0500 comments commit d7bd477e7379cd5d74d81e81080d375041cc3b29 Author: Patrick Schleizer Date: Fri Dec 20 12:59:27 2019 -0500 add "/usr/lib/xorg/Xorg.wrap whitelist" until this is researched https://manpages.debian.org/buster/xserver-xorg-legacy/Xorg.wrap.1.en.html https://lwn.net/Articles/590315/ commit 17e8605119fc671c4cbe4343851cf3c46b830508 Author: Patrick Schleizer Date: Fri Dec 20 12:57:24 2019 -0500 add matchwhitelist feature add "/usr/lib/virtualbox/ matchwhitelist" commit 3fab3876693f20303c95f03c45af9adb9ae680e2 Author: Patrick Schleizer Date: Fri Dec 20 12:50:35 2019 -0500 suid /usr/bin/firejail whitelist There is a controversy about firejail but those who choose to install it should be able to use it. https://www.whonix.org/wiki/Dev/Firejail#Security commit d3f16a5bf46a7d10316259788f3d97364fe2e545 Author: Patrick Schleizer Date: Fri Dec 20 12:47:10 2019 -0500 sgid /usr/lib/qubes/qfile-unpacker whitelist commit 508ec0c6fa44d9185aa22f5fa81ae9dbbefdb19c Author: Patrick Schleizer Date: Fri Dec 20 12:34:07 2019 -0500 comment commit 1b569ea7908dcba409c94dacd477d2fbfeafe522 Author: Patrick Schleizer Date: Fri Dec 20 12:32:36 2019 -0500 comment commit f88ca2588920ac16a6b41e8c48021bf85801c2a9 Author: Patrick Schleizer Date: Fri Dec 20 11:58:07 2019 -0500 fix terminology, sguid -> sgid Thanks to @madaidan for the bug report! https://forums.whonix.org/t/permission-hardening/8655/21 commit 1cd5fb6a0020504c7897acf169772d39b67f4bd4 Author: Patrick Schleizer Date: Fri Dec 20 11:50:25 2019 -0500 bumped changelog version commit ff0a26fb5d65450c0a2b5fb86758d3d823a717e9 Author: Patrick Schleizer Date: Fri Dec 20 11:49:19 2019 -0500 comment commit 71496a33ab27455d2856284d21f261dd20780dc2 Author: Patrick Schleizer Date: Fri Dec 20 11:47:53 2019 -0500 skip folders are these are not suid / guid commit 9321ecff4139f0776f93a9bd8c9606bcaf94f568 Author: Patrick Schleizer Date: Fri Dec 20 11:43:53 2019 -0500 no more need to add/remove / commit b95225b6a6b45b84778ba2427ae4628f102e6d05 Author: Patrick Schleizer Date: Fri Dec 20 11:37:05 2019 -0500 pipefail commit cad6f328f40bb8b3c414e2bd6c7cb86e625f6d64 Author: Patrick Schleizer Date: Fri Dec 20 11:34:44 2019 -0500 minor commit 3265f9894d1c677419718de52570d304a4e69279 Author: Patrick Schleizer Date: Fri Dec 20 11:27:43 2019 -0500 output commit 28d12c3966e3ddfadbf7d44e7c7bcdc37e1a7d25 Author: Patrick Schleizer Date: Fri Dec 20 11:09:22 2019 -0500 bumped changelog version commit 1615ebec58b563224c7c02cd2b1f83b0954c48ca Author: Patrick Schleizer Date: Fri Dec 20 11:07:44 2019 -0500 output commit 1e11b775cf1d2994f2e0da8d0191ef38eebe21a8 Author: Patrick Schleizer Date: Fri Dec 20 11:05:05 2019 -0500 output commit 731f80289566e118ba6c121c406775abc4c03bd4 Author: Patrick Schleizer Date: Fri Dec 20 11:04:12 2019 -0500 output commit cd8efe58008c7b0e90ac88ac098b3fd08e75d716 Author: Patrick Schleizer Date: Fri Dec 20 11:03:22 2019 -0500 output commit c0ddb76d7463753e3250fc7da466fa763ef08dd5 Author: Patrick Schleizer Date: Fri Dec 20 10:50:51 2019 -0500 bumped changelog version commit b31abea0af60874d4a48fd0da56978b0081eaef8 Author: Patrick Schleizer Date: Fri Dec 20 10:49:31 2019 -0500 improve error handling commit 79cd3b86b6e5e186da66fd329b04fb3b42c0276e Author: Patrick Schleizer Date: Fri Dec 20 10:47:23 2019 -0500 comment commit b3458cc6ee368968de1510e9d05ddd3791fe5f6d Author: Patrick Schleizer Date: Fri Dec 20 10:45:59 2019 -0500 fix checking existing entries to avoid needless calls to dpkg-statoverride commit 370f3c5e541612021fa181e39507aa4ba8131731 Author: Patrick Schleizer Date: Fri Dec 20 10:35:05 2019 -0500 comment commit 133d09f2984506e0b0fd2e17a893b8d3e37b8431 Author: Patrick Schleizer Date: Fri Dec 20 10:33:16 2019 -0500 output commit 1ffa8e197e9ba9722d5fb2695de343df9d9db597 Author: Patrick Schleizer Date: Fri Dec 20 10:31:26 2019 -0500 speed up setuid removal by using find with '-perm /u=s,g=s' https://forums.whonix.org/t/permission-hardening/8655/19 commit 4cfdf2c65b57f410163653304871ee3eb1d3f6ea Author: Patrick Schleizer Date: Fri Dec 20 10:21:27 2019 -0500 fix, re-enforce nosuid even if changed on the disk commit e36868e675cbd80a36053956dbef71992cceca24 Author: Patrick Schleizer Date: Fri Dec 20 10:02:46 2019 -0500 output commit 50b8f65490555d9d12fd28991040c00a358b3b84 Author: Patrick Schleizer Date: Fri Dec 20 09:59:28 2019 -0500 add sanity test: count if we really processed all files commit e28da89253f646969cdc2b0b46617bd603f917a5 Author: Patrick Schleizer Date: Fri Dec 20 09:48:06 2019 -0500 /bin/sudo whitelist / /bin/bwrap whitelist commit 55faa7b9978df52bcb98a562554473f80db1f171 Author: Patrick Schleizer Date: Fri Dec 20 09:43:23 2019 -0500 fix missing processing files bug https://forums.whonix.org/t/permission-hardening/8655/16 commit fbe2479f486add30cd29f5c4063a140c42c502fe Author: Patrick Schleizer Date: Fri Dec 20 08:54:56 2019 -0500 count processed file system objects to be able to verify if any were "forgotten" commit 195ea522f5a8582851792b53047185717a6f679e Author: Patrick Schleizer Date: Fri Dec 20 08:52:14 2019 -0500 fix commit 6f8231be70940e2afb0ec8e4a0d60bb4f166f5b9 Author: Patrick Schleizer Date: Fri Dec 20 08:51:55 2019 -0500 debugging commit ed50f98010c8b7878d518273703e00fa561e980b Author: Patrick Schleizer Date: Fri Dec 20 08:47:22 2019 -0500 output commit 089c40135f2a7f0da128808a27b696e36aff6821 Author: Patrick Schleizer Date: Fri Dec 20 08:15:00 2019 -0500 bumped changelog version commit 6d30e3b4a2c0e5cf53d88b4a033511aa49b8f227 Author: Patrick Schleizer Date: Fri Dec 20 08:13:23 2019 -0500 do not remove suid from whitelisted binaries ever https://forums.whonix.org/t/permission-hardening/8655/13 commit d5f1bd8dd29a4f9e1ccb6fed82a255f7b7abfe6f Author: Patrick Schleizer Date: Fri Dec 20 08:02:30 2019 -0500 fix mode sanity check no longer use seq due to issue https://forums.whonix.org/t/permission-hardening/8655/13 commit ddc0eec63d744e4600f3b1b8cdf60fef6d647cbe Author: Patrick Schleizer Date: Fri Dec 20 07:12:36 2019 -0500 bumped changelog version commit 65248a94efa4646127d8e11447e49a37f3ff986e Author: Patrick Schleizer Date: Fri Dec 20 07:06:50 2019 -0500 readme commit 8e112c34232b8ef88fb0c0fb19f2983de4e5a0a1 Author: Patrick Schleizer Date: Fri Dec 20 06:53:24 2019 -0500 description commit 24ea70384bb6c34f283ff1e71e4f7ed34133db5f Author: Patrick Schleizer Date: Fri Dec 20 06:53:03 2019 -0500 description commit 0ae3e689b5f12101156b4be84631679c622f2e98 Author: Patrick Schleizer Date: Fri Dec 20 06:35:02 2019 -0500 comment commit 050f4d8b9482e1513ceccfb39394606b173fd8a5 Author: Patrick Schleizer Date: Fri Dec 20 06:34:37 2019 -0500 comment commit 36043fe5ccdbd798483096a104a40b9cc013a487 Author: Patrick Schleizer Date: Fri Dec 20 06:33:41 2019 -0500 comment commit fb4254547b39160c410b1f83ed56aa7653291df1 Author: Patrick Schleizer Date: Fri Dec 20 06:32:04 2019 -0500 comment commit cca0908d9a73430fb97577fb6ae42b7416e72e6a Author: Patrick Schleizer Date: Fri Dec 20 06:11:38 2019 -0500 fix commit e254b8b52d61432084273a3ec91bb5f4b377163f Author: Patrick Schleizer Date: Fri Dec 20 06:09:17 2019 -0500 fix commit 7f8b3c76de6e140b676d960004e779f9846c8cb8 Author: Patrick Schleizer Date: Fri Dec 20 06:02:17 2019 -0500 output commit 071c64dc413c8a868866ddf699f653b371ac3b19 Author: Patrick Schleizer Date: Fri Dec 20 06:01:49 2019 -0500 enable 'set -e' commit b97c66707c3d3e8bb9164a35fe83974642f9652c Author: Patrick Schleizer Date: Fri Dec 20 05:59:05 2019 -0500 minor commit 17b4f12276349f28d9fc37944ece87fb6f7827a9 Author: Patrick Schleizer Date: Fri Dec 20 05:58:42 2019 -0500 output commit 48fe7312bf6b87a94678ed8a2eb0a01f2a88e371 Author: Patrick Schleizer Date: Fri Dec 20 05:57:41 2019 -0500 update config commit 87d820d84cd44e427c8990cf295da7ab6890040e Author: Patrick Schleizer Date: Fri Dec 20 05:54:16 2019 -0500 comment commit 918cbb4e257bab0ee4bb6eb303df5e65e34b9963 Author: Patrick Schleizer Date: Fri Dec 20 05:51:25 2019 -0500 output commit c8cf09a4cbe7721e3d97c62785a5d25fe3f61115 Author: Patrick Schleizer Date: Fri Dec 20 05:50:16 2019 -0500 output commit 46466c12ad9dcc62d52dd3e887665ced6bdedf3a Author: Patrick Schleizer Date: Fri Dec 20 05:49:11 2019 -0500 parse drop-in config folder rather than only one config file commit 66fd31189dd1c2ccc5e6fb51278b0646c5188320 Author: Patrick Schleizer Date: Fri Dec 20 05:37:33 2019 -0500 improve output if set-user-id / set-group-id is set commit 6dd6530fa539a55feecc28cecdc812b787b555a6 Author: Patrick Schleizer Date: Fri Dec 20 05:32:26 2019 -0500 remove hardening-enable please invent package security-paranoid instead https://forums.whonix.org/t/security-hardening-tool-usr-bin-hardening-enable-by-security-misc/8609 commit 6c8127e3cd32c04a6eb4641ad856c7bf2c777fee Author: Patrick Schleizer Date: Fri Dec 20 05:29:37 2019 -0500 remove "/lib/ nosuid" from permission hardening Takes 1 minute to parse. No SUID binaries there by default. remount-secure mounts it with nosuid anyhow. Therefore no processing it here. commit af0f074987b21ba4ad3f331ddaa622082d76fceb Author: Patrick Schleizer Date: Fri Dec 20 05:27:11 2019 -0500 remount /lib with nosuid,nodev https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/22 commit 7f201604779e442660c4c13798b2b48d706576ac Author: Patrick Schleizer Date: Fri Dec 20 05:24:00 2019 -0500 comment commit a135ae94009c4f6492ed8c779ceaefcfaf19e123 Author: Patrick Schleizer Date: Fri Dec 20 05:22:59 2019 -0500 use must manually enable permission-hardening.service until development finished commit fa6f1e156898572513cacb1d65b042482896011a Author: Patrick Schleizer Date: Fri Dec 20 05:19:39 2019 -0500 output commit a26cb94bfd252f939f02ee50c76efb67dcb0235c Author: Patrick Schleizer Date: Fri Dec 20 04:49:21 2019 -0500 globstar no longer required commit c66e9abe18f0809df4f6b84772774431afcadd6f Author: Patrick Schleizer Date: Fri Dec 20 04:48:57 2019 -0500 comment commit d1d0afff34a562d29726fbb3382ebe932e04a267 Author: Patrick Schleizer Date: Fri Dec 20 04:48:02 2019 -0500 fix fso: /lib/ usr/lib/security-misc/permission-hardening: line 19: /usr/bin/stat: Argument list too long https://forums.whonix.org/t/kernel-hardening/7296/326 commit e74d2e4f94f4cdb2f3a83f27e17e19e9e4078961 Author: Patrick Schleizer Date: Fri Dec 20 04:23:14 2019 -0500 output commit eb8635903379d1245c2c1c35eaf33c1a45ef514a Author: Patrick Schleizer Date: Fri Dec 20 04:20:05 2019 -0500 refactoring commit bb84fca184ee32f227fb5b210f9eea7afbdf75c0 Author: Patrick Schleizer Date: Fri Dec 20 04:08:46 2019 -0500 refactoring commit f92b41419558f01e7ec0ec3edba3af6a550c5911 Author: Patrick Schleizer Date: Fri Dec 20 04:06:28 2019 -0500 refactoring commit 4c44871e9d3070d73f298eca051ee303b01ea56c Author: Patrick Schleizer Date: Fri Dec 20 04:02:05 2019 -0500 comment commit 6876a2eaa87e3eead822e5f4f7d1fc53d0853ebd Author: Patrick Schleizer Date: Fri Dec 20 04:01:40 2019 -0500 comment commit 35c4fce61b784a4093339b64e5564d93c1f91870 Author: Patrick Schleizer Date: Fri Dec 20 03:54:46 2019 -0500 fix "dpkg-statoverride: warning: stripping trailing /" commit 9bd9012ab17f2c3422cdab20f57e3852ae1f14de Author: Patrick Schleizer Date: Fri Dec 20 03:46:50 2019 -0500 refactoring commit 788a2c1ba3d35eb26440386e2c3269fb8cf4992d Author: Patrick Schleizer Date: Fri Dec 20 03:45:01 2019 -0500 comment commit 55933f88766f9b2fa2f284c5d0ff098e1e11b657 Author: Patrick Schleizer Date: Fri Dec 20 03:43:36 2019 -0500 refactoring commit 9e493a9f481e03d8bd41794eee4e4efd0e39a593 Author: Patrick Schleizer Date: Fri Dec 20 03:42:09 2019 -0500 refactoring commit b92a690c166cf3bc97d34ae977cc0c6d2342cb86 Author: Patrick Schleizer Date: Fri Dec 20 03:40:47 2019 -0500 refactoring commit 98535e3a2bc5d0d54694a1ea71f3afef3f468943 Author: Patrick Schleizer Date: Fri Dec 20 03:39:25 2019 -0500 refactoring commit ecbba2fd61f6d182dcd51f42b579ecb50ffdbedd Author: Patrick Schleizer Date: Fri Dec 20 03:38:39 2019 -0500 refactoring commit 20b8a407ac5984ba621ebb0150b47067c32ddc76 Author: Patrick Schleizer Date: Fri Dec 20 03:25:17 2019 -0500 refactoring commit 6cd9eb44fbc451a08908a9899ca114843c32edf3 Author: Patrick Schleizer Date: Fri Dec 20 03:24:07 2019 -0500 refactoring commit 706dba104d201de4eed6886bf9570bf6851c2c3f Author: Patrick Schleizer Date: Fri Dec 20 03:19:12 2019 -0500 code simplification commit 01dd567f8b3764ae241a4df39d54617089532b9d Author: Patrick Schleizer Date: Fri Dec 20 03:16:43 2019 -0500 fix, if fso has exactly the mode we want (not 3 instead of 4 string length), not need to reset it commit 4f65b0fc1e33037e86289627e1c9bcf040af86c8 Author: Patrick Schleizer Date: Fri Dec 20 03:13:27 2019 -0500 refactoring commit bfee6b60cbd799e31b75e20bc5820f65f9993899 Author: Patrick Schleizer Date: Fri Dec 20 03:11:11 2019 -0500 comment commit d64cdc124793bda57916b2c4d73465b17ae44af6 Author: Patrick Schleizer Date: Fri Dec 20 03:04:41 2019 -0500 refactoring commit 7c5c65a6c13ddf23d7324283815d653974802fd9 Author: Patrick Schleizer Date: Fri Dec 20 03:04:13 2019 -0500 comment commit b31d8cd3fc905b61707f77e08cff72e74f18c46b Author: Patrick Schleizer Date: Fri Dec 20 03:03:40 2019 -0500 fix commit c626290673d44b2a6485aeb24888f35c3782c151 Author: Patrick Schleizer Date: Fri Dec 20 03:02:26 2019 -0500 refactoring commit d5ff1d6f28a62f858fd0a9edf905d6727413a3c2 Author: Patrick Schleizer Date: Fri Dec 20 03:00:39 2019 -0500 refactoring commit 640ca1d24dad657f0590c98a353dc21ed18b4395 Author: Patrick Schleizer Date: Fri Dec 20 02:57:57 2019 -0500 skip symlinks https://forums.whonix.org/t/kernel-hardening/7296/323? commit cc8f795799e76d61b60f31e718effb88478b0fea Author: Patrick Schleizer Date: Fri Dec 20 02:47:04 2019 -0500 comment commit 4e5b222a081a5e8463ebe6832e7fbe68a1fb7978 Author: Patrick Schleizer Date: Fri Dec 20 02:43:33 2019 -0500 comment commit fa895ee11ec5897eb73ce066dfe5bde337cb297c Author: Patrick Schleizer Date: Fri Dec 20 02:40:42 2019 -0500 refactoring commit 2c163bf4398d67730efb23d70e2f9fc41ebb0459 Author: Patrick Schleizer Date: Fri Dec 20 02:39:53 2019 -0500 check string length of permission variable https://forums.whonix.org/t/kernel-hardening/7296/322 commit a89befd902f6976ebef303b22ee9f9cbc3a1cc23 Author: Patrick Schleizer Date: Fri Dec 20 02:20:54 2019 -0500 code simplification commit 72812da63f60bd1955e52ac52ce583c9d9a18c95 Author: Patrick Schleizer Date: Fri Dec 20 02:16:32 2019 -0500 comment commit 39a41cc27ba93ede21e69270b3b113a037f77064 Author: Patrick Schleizer Date: Fri Dec 20 02:14:45 2019 -0500 refactoring commit 2ed6452590c443d88862f12ef25dcd5acbe98de9 Author: Patrick Schleizer Date: Fri Dec 20 02:12:43 2019 -0500 downgrade to info commit a5e55dfcfca5b15bbbdc22788e6615d080c44819 Author: Patrick Schleizer Date: Fri Dec 20 02:11:39 2019 -0500 quotes commit 3187cee4fba89d72f8d0c26a9987b33adc0d8faa Author: Patrick Schleizer Date: Fri Dec 20 02:10:13 2019 -0500 output commit 5160b4c7816ce449e0dd9cbfaae28050ef2af676 Author: Patrick Schleizer Date: Fri Dec 20 02:08:05 2019 -0500 disable xtrace commit 27bfe95d253178790ee10f591af0d586907463d7 Author: Patrick Schleizer Date: Fri Dec 20 02:07:49 2019 -0500 add echo wrapper commit a6988f3fb8034c2f5be6d3ee6300f9e756e0dfce Author: Patrick Schleizer Date: Fri Dec 20 02:06:31 2019 -0500 output commit 1819577b88ae795c1a6107cf76e084859c9f6d2e Author: Patrick Schleizer Date: Fri Dec 20 02:04:34 2019 -0500 fix commit 278c60c5a01c8dcb8a035950bd9e56ed7d1d431d Author: Patrick Schleizer Date: Fri Dec 20 02:01:36 2019 -0500 exit non-zero if some line cannot be parsed therefore make systemd notice this therefore allow the sysadmin to notice this commit 66bcba831317cf4810e9123b305597ee85fc94bf Author: Patrick Schleizer Date: Fri Dec 20 01:58:35 2019 -0500 improve character whitelisting commit 8f14e808a9b27f980299ed493f1ecb85acbe1c70 Author: Patrick Schleizer Date: Fri Dec 20 01:32:49 2019 -0500 send error messages to stderr commit d8c9fac2e5c8bc511f593d9a477307f8a15cf2e7 Author: Patrick Schleizer Date: Fri Dec 20 01:32:08 2019 -0500 output commit f19abaf6271fcd87226b9ef5ae3f1b567d96cd90 Author: Patrick Schleizer Date: Fri Dec 20 01:31:37 2019 -0500 refactoring commit c5d1e9dda7059d18fad303128f6f09c98fe955b7 Merge: 62eb462 a20b300 Author: Patrick Schleizer Date: Fri Dec 20 01:30:31 2019 -0500 Merge remote-tracking branch 'origin/master' commit a20b30013f9ae229d1fe86cc5992aac474a9d8e6 Merge: 62eb462 9df7407 Author: Patrick Schleizer Date: Fri Dec 20 06:29:58 2019 +0000 Merge pull request #44 from madaidan/permission-hardening Remove SUID bits commit 9df74072862b31871d0aad7bed8333fc8344ffec Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Dec 19 17:01:33 2019 +0000 Remove SUID bits commit 3c2ca0257f08f2c7fa0d0adb74345110801f9fc0 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Dec 19 17:01:08 2019 +0000 Support for removing SUID bits commit 62eb462920e8614ea904a8d3517f7592e67ecab8 Author: Patrick Schleizer Date: Mon Dec 16 06:46:48 2019 -0500 skip console_users_check for Qubes users commit ab68182e118b8e76e2ce2a749b956cf96e3d02b6 Author: Patrick Schleizer Date: Mon Dec 16 06:27:51 2019 -0500 bumped changelog version commit 2cab38a8b3f7423f8956c72f1bf6c399ea70c495 Author: Patrick Schleizer Date: Mon Dec 16 06:24:14 2019 -0500 readme commit 4ca9fc592029cbd28969f1e7fe56907bc7c261cb Author: Patrick Schleizer Date: Mon Dec 16 03:53:10 2019 -0500 fix commit f68efd53cf000b92818e6c97b4c590a2c4b73a5b Author: Patrick Schleizer Date: Mon Dec 16 03:52:09 2019 -0500 remount /sys/kernel/security with nodev,nosuid[,noexec] as suggested by @madaidan http://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/238 commit 2c4170e6f3366709c391db396a74547d4fed9589 Author: Patrick Schleizer Date: Thu Dec 12 09:47:58 2019 -0500 description commit 2d5ef378f36af5d2d94c342c284be4395352bc34 Author: Patrick Schleizer Date: Thu Dec 12 09:39:39 2019 -0500 description commit 300f010fc24846b6416501929ca24c4d80eca8d5 Author: Patrick Schleizer Date: Thu Dec 12 09:29:00 2019 -0500 increase priority of pam-abort-on-locked-password-security-misc since it has its own user help output so it shows before pam tally2 info to avoid duplicate non-applicable help text commit a10597de92c316cc32ab552865a6658b38b19f5e Author: Patrick Schleizer Date: Thu Dec 12 09:04:15 2019 -0500 bumped changelog version commit 729fa26eca292d60bcbeaba05d8878ff6112876e Author: Patrick Schleizer Date: Thu Dec 12 09:00:08 2019 -0500 use pam_acccess only for /etc/pam.d/login remove "Allow members of group 'ssh' to login." remove "+:ssh:ALL EXCEPT LOCAL" commit 22b6480bc4691e76ef155452d2b9df05c5265f68 Author: Patrick Schleizer Date: Tue Dec 10 11:44:02 2019 -0500 bumped changelog version commit 88bea2a6efa8823739ba65b2f5b67cb90071ca3f Author: Patrick Schleizer Date: Tue Dec 10 03:53:10 2019 -0500 comment commit 7d8001ddc9801046289b2f4e31d25dfc3bca6cc5 Author: Patrick Schleizer Date: Tue Dec 10 03:51:39 2019 -0500 refactoring commit d2f6ac0491f179382f4b68455d19956049e6cd23 Author: Patrick Schleizer Date: Tue Dec 10 03:50:23 2019 -0500 fix, do user/group modifications in preinst rather than postinst commit 64ae53edb90929492e11ac81e3e18bcc8164b428 Author: Patrick Schleizer Date: Mon Dec 9 08:25:30 2019 -0500 bumped changelog version commit d80bf036f3b6b70df9208d1ca603c5602298bbf8 Author: Patrick Schleizer Date: Mon Dec 9 03:50:43 2019 -0500 Disable permission hardening now until development finished / tested. commit b72eb30056e186ce13b03907fc37e8d5ebb5df44 Author: Patrick Schleizer Date: Mon Dec 9 02:32:05 2019 -0500 quotes commit c258376b7ed565d0e23963ddab56ce35892ff23f Author: Patrick Schleizer Date: Mon Dec 9 02:31:10 2019 -0500 use read (built-in) rather than awk (external) commit 02165201ab850e32c9f9ad5c4f46cb26dd71dddb Author: Patrick Schleizer Date: Mon Dec 9 02:23:43 2019 -0500 read -r; refactoring as per https://mywiki.wooledge.org/BashFAQ/001 commit 7467252122cb2e7600ce5ab3dce9dac2aa7a0676 Author: Patrick Schleizer Date: Mon Dec 9 02:22:16 2019 -0500 quotes commit 9bea9960173cf06dcbc0aefa2fb3b10df1f84c69 Merge: 6f94423 af62da3 Author: Patrick Schleizer Date: Mon Dec 9 02:21:47 2019 -0500 Merge remote-tracking branch 'origin/master' commit af62da34457a56fee43a6003036a3bb387b23b32 Merge: 6f94423 d7e2dea Author: Patrick Schleizer Date: Sun Dec 8 20:45:16 2019 +0000 Merge pull request #42 from madaidan/permission-hardening File permission hardening commit d7e2deae9250abd79ab83c2025b98476dde710d3 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Dec 8 16:50:54 2019 +0000 Create permission-hardening.service commit 6c564f6e9549462412299fd5b2f7e303409c5dad Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Dec 8 16:50:11 2019 +0000 Create permission-hardening.conf commit 61e19fa5f1343554e9a213a1a9762cef4707ab3d Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Dec 8 16:49:28 2019 +0000 Create permission-hardening commit 6f944234a988b226942832473a5a6825006dcac9 Author: Patrick Schleizer Date: Sun Dec 8 05:26:29 2019 -0500 bumped changelog version commit e64741c01e94849f7ad57231a106e45c4fe3dc65 Author: Patrick Schleizer Date: Sun Dec 8 05:25:19 2019 -0500 readme commit c192644ee328ff8d5d244d10c082b3a871b151b1 Author: Patrick Schleizer Date: Sun Dec 8 05:21:35 2019 -0500 security-misc `/usr/share/pam-configs/permission-lockdown-security-misc` is no longer required, removed. Thereby fix apparmor issue. > Dec 08 09:47:50 host audit[3232]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=3232 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 > Dec 08 09:47:50 host sudo[3232]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied It is no longer required, because... existing linux user accounts: * Get permission lock down because security-misc `debian/security-misc.postinst` calls `/usr/lib/security-misc/permission-lockdown`. new linux user accounts (created at first boot): * security-misc `/usr/share/pam-configs/mkhomedir-security-misc` pam mkhomedir sets secure permissions using `umask=027`. commit edcc2de71dea9cf2f94ec008d2817a0cdfdf5b7c Author: Patrick Schleizer Date: Sun Dec 8 04:38:33 2019 -0500 bumped changelog version commit 1227ccd1f7aa8d96f70d6c5fa20aa985435ca89c Author: Patrick Schleizer Date: Sun Dec 8 04:37:53 2019 -0500 After=qubes-sysinit.service commit 17d81d0083b05316515461154473c8a5d769b776 Author: Patrick Schleizer Date: Sun Dec 8 04:27:01 2019 -0500 bumped changelog version commit ebae9eef38035a75c8aa3281735eab79ed6f4c46 Author: Patrick Schleizer Date: Sun Dec 8 04:25:19 2019 -0500 skip sudo_users_check in Qubes Qubes users can use dom0 to get a root terminal emulator. For example: qvm-run -u root debian-10 xterm commit 53e4717c629039104f45a1da8251e3dd1b5e3baa Author: Patrick Schleizer Date: Sun Dec 8 04:05:29 2019 -0500 bumped changelog version commit bc45ed385e5a2b1b53f81915698e1176359dedf7 Author: Patrick Schleizer Date: Sun Dec 8 04:03:02 2019 -0500 readme commit ac96708b243a766d65e39a037bcf142e526a2382 Author: Patrick Schleizer Date: Sun Dec 8 04:01:11 2019 -0500 improve usr/bin/hardening-enable commit a345a0fb64f7b8421356b913730284b0e6e3e953 Author: Patrick Schleizer Date: Sun Dec 8 03:27:12 2019 -0500 abort installation if ssh.service is enabled but no user is member of group ssh commit 50ac03363f6074cc88b6a7c965a822335624924c Author: Patrick Schleizer Date: Sun Dec 8 03:18:32 2019 -0500 output commit c7c65fe4e7a1fb73921a1b8de25662ff2a21e2a8 Author: Patrick Schleizer Date: Sun Dec 8 03:15:53 2019 -0500 higher priority usr/share/pam-configs/tally2-security-misc so it can give info before pam stack gets aborted by other pam modules commit 3bd0b3f837d5ad8c87e59b99c6baef1e2c74507b Author: Patrick Schleizer Date: Sun Dec 8 03:10:41 2019 -0500 notify when attempting to use ssh but user is member of group ssh commit cea598dc1a96245c4ccd00646e9790f3c9635ffe Author: Patrick Schleizer Date: Sun Dec 8 02:43:05 2019 -0500 refactoring commit 54f5e02c2192a1cd6a30bc04abd77b177b1953c3 Author: Patrick Schleizer Date: Sun Dec 8 02:42:30 2019 -0500 comment commit b4265195f4823618c60274458f885ef61c2452e1 Author: Patrick Schleizer Date: Sun Dec 8 02:41:36 2019 -0500 refactoring commit 0f65b2e85c74a379d8ec5321b13e7e332d8eaaa3 Author: Patrick Schleizer Date: Sun Dec 8 02:38:19 2019 -0500 abort installation if no user is a member of group "console"; output https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/7 commit 1dbca1ea2d80ff7f60a0f426b444994d6bd97d30 Author: Patrick Schleizer Date: Sun Dec 8 02:27:09 2019 -0500 add usr/bin/hardening-enable commit 19cc6d7555364c5d2ee548899679c153e1555a20 Author: Patrick Schleizer Date: Sun Dec 8 02:10:43 2019 -0500 pam description commit 24423b42f0dc23704bddbb0f205ad3115e77d90f Author: Patrick Schleizer Date: Sun Dec 8 02:03:05 2019 -0500 description commit 6b01e5be149f9126308404e6a32931efb3bac277 Author: Patrick Schleizer Date: Sun Dec 8 02:01:22 2019 -0500 comment commit 66bebefc9fa26341c41847f35f26e16df3ce0a37 Author: Patrick Schleizer Date: Sun Dec 8 02:00:23 2019 -0500 description commit 52e0f104cc6edf1fe0953ca815445c351f813812 Author: Patrick Schleizer Date: Sun Dec 8 01:59:55 2019 -0500 comment commit 731d486fa061756b129188959230cb8bf1d78fae Author: Patrick Schleizer Date: Sun Dec 8 01:58:58 2019 -0500 refactoring commit 221a2df2a2621b1d3f391ee3265af7d4f35e1b2b Author: Patrick Schleizer Date: Sun Dec 8 01:58:37 2019 -0500 refactoring commit b871421a542af37771dbe56f09cc16472aa691c7 Author: Patrick Schleizer Date: Sun Dec 8 01:57:43 2019 -0500 usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc commit d36669596f4c71ce885e46fce66fffc7a7443d27 Author: Patrick Schleizer Date: Sun Dec 8 01:56:30 2019 -0500 comment commit 1a0f353708832217b9bc5e3ecd044605de6adca0 Author: Patrick Schleizer Date: Sun Dec 8 01:47:40 2019 -0500 comment commit eed1f0a4620d7db5933fb29189328c934db50d9e Author: Patrick Schleizer Date: Sun Dec 8 01:46:32 2019 -0500 comment commit 2491b6239319c52221f6c58fcfa1c3a247a9ee30 Author: Patrick Schleizer Date: Sun Dec 8 01:43:45 2019 -0500 refactoring, add all groups first before adding any users to any groups commit 1464f01d191ee4e01ed2ec94f4faf8d17ec62b03 Author: Patrick Schleizer Date: Sun Dec 8 01:30:42 2019 -0500 description commit 491dd4d93d133ca23eaf5c501b7ab3d3bbf52a27 Merge: 9432d16 a78a7e5 Author: Patrick Schleizer Date: Sun Dec 8 01:22:16 2019 -0500 Merge remote-tracking branch 'origin/master' commit a78a7e5571b178cbf4cddd065306d130431bc185 Merge: 373e873 6846a94 Author: Patrick Schleizer Date: Sun Dec 8 06:21:44 2019 +0000 Merge pull request #41 from madaidan/system.map Check for more locations of System.map commit 6846a943277c5ad9049cbf3e21fcd739c316cf44 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sat Dec 7 19:38:12 2019 +0000 Check for more locations of System.map commit 9432d1637866087bcc2f1bf0837535a10f96faeb Author: Patrick Schleizer Date: Sat Dec 7 12:13:42 2019 -0500 /usr/bin/cat mrix, commit 373e8733d37cb795c7c48642346b0b6dc6dce30c Merge: c1800b1 447eb14 Author: Patrick Schleizer Date: Sat Dec 7 11:34:42 2019 -0500 Merge remote-tracking branch 'origin/master' commit 447eb144325a532b0aaf7ce772d5a04005b2af1f Merge: c1800b1 668b642 Author: Patrick Schleizer Date: Sat Dec 7 16:34:21 2019 +0000 Merge pull request #40 from madaidan/system.map Remove hyphen from remove-system.map commit c1800b13fe33a1c129dcb30c51dbead7f894b818 Author: Patrick Schleizer Date: Sat Dec 7 11:26:39 2019 -0500 separate group "ssh" for incoming ssh console permission Thanks to @madaidan https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16 commit 668b6420de8024fdeaf948f1750beb8b62d9ffb7 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sat Dec 7 14:15:02 2019 +0000 Remove hyphen commit 55225aa30e78e9a988527ed2da2019dc0a0b2631 Author: Patrick Schleizer Date: Sat Dec 7 07:16:07 2019 -0500 description commit 34a2bc16c85b06e1eccb2f72da89e198184ba72c Author: Patrick Schleizer Date: Sat Dec 7 07:15:58 2019 -0500 description commit d823f06c7858c1380325e3dbbbcfb1854fa64309 Author: Patrick Schleizer Date: Sat Dec 7 07:13:42 2019 -0500 description commit 9ba84f34c68263e5151d5b54264c1edb90603424 Author: Patrick Schleizer Date: Sat Dec 7 06:51:59 2019 -0500 comment commit dc1dfc8c20218a5ca986f49dc96cbfc71d50533e Author: Patrick Schleizer Date: Sat Dec 7 06:51:16 2019 -0500 output commit 8636d2f62995947620fbbd76fc653aab89dda7eb Author: Patrick Schleizer Date: Sat Dec 7 06:51:10 2019 -0500 add securetty commit 532a1525c2350a634b14a84d94997b8db81243a0 Author: Patrick Schleizer Date: Sat Dec 7 06:26:55 2019 -0500 comment commit 14aa6c50774786890686fee2a6d6eed49dadcac1 Author: Patrick Schleizer Date: Sat Dec 7 06:26:23 2019 -0500 comment commit 8b3f5a555ba04bb1d2e6bafb8345782aae875a51 Author: Patrick Schleizer Date: Sat Dec 7 06:25:45 2019 -0500 add console lockdown to pam info output commit 021b06dac95dd742952446e9ff455305c7d2b09b Author: Patrick Schleizer Date: Sat Dec 7 06:04:45 2019 -0500 add hvc0 to hvc9 commit 8a59662a44ea46c5ba86be82ec2bc43e912c79be Author: Patrick Schleizer Date: Sat Dec 7 06:02:45 2019 -0500 comment commit 090ddbe96a48424e0e3f187b917e023f9b710798 Author: Patrick Schleizer Date: Sat Dec 7 06:00:41 2019 -0500 description commit cda67247557ce2028017ba4e6e8824c2ae2f5118 Author: Patrick Schleizer Date: Sat Dec 7 05:56:57 2019 -0500 add pts/0 to pts/9 commit 218cbddba9b053eac4ecb486ea7fbc9e160f18c6 Author: Patrick Schleizer Date: Sat Dec 7 05:52:06 2019 -0500 comment commit 6479c883bf04464b299ce42185df2429f7b5cab5 Author: Patrick Schleizer Date: Sat Dec 7 05:40:20 2019 -0500 Console Lockdown. Allow members of group 'console' to use tty1 to tty7. Everyone else except members of group 'console-unrestricted' are restricted from using console using ancient, unpopular login methods such as using /bin/login over networks, which might be exploitable. (CVE-2001-0797) Not enabled by default in this package since this package does not know which users shall be added to group 'console'. In new Whonix builds, user 'user" will be added to group 'console' and pam console-lockdown enabled by package anon-base-files. /usr/share/pam-configs/console-lockdown /etc/security/access-security-misc.conf https://forums.whonix.org/t/etc-security-hardening/8592 commit 52934c9288a596b233c1ce3b5f68a29248602c96 Author: Patrick Schleizer Date: Sat Dec 7 02:02:32 2019 -0500 bumped changelog version commit 6faa977cd73efd90809c7034d15102095adcfe63 Author: Patrick Schleizer Date: Sat Dec 7 02:02:06 2019 -0500 readme commit 6d92d03b31c8251d3df72aab5e9dfa3327feed1c Author: Patrick Schleizer Date: Sat Dec 7 01:54:50 2019 -0500 description commit 5a4eda0d05bc57680e3f3df2b84471f5f16b8356 Author: Patrick Schleizer Date: Sat Dec 7 01:53:33 2019 -0500 also support /usr/local/etc/remount-disable and /usr/local/etc/noexec commit 0afcc5e798823f4ed3eff2d5f94b3d3fe8ad5069 Author: Patrick Schleizer Date: Fri Dec 6 12:43:21 2019 -0500 bumped changelog version commit 2954dcbccfb2990e95056d20fc9b279569dcacee Author: Patrick Schleizer Date: Fri Dec 6 12:24:55 2019 -0500 minor commit f3647e74787483f0d8076de742cc6f36645f1396 Author: Patrick Schleizer Date: Fri Dec 6 12:18:18 2019 -0500 RemainAfterExit=yes commit af0cf058e7ad5b26c708b1013d8ca8dc172a15e8 Author: Patrick Schleizer Date: Fri Dec 6 11:18:20 2019 -0500 bumped changelog version commit 9b14f24d5e24ac4a6facb20d4fd436f35bed305f Author: Patrick Schleizer Date: Fri Dec 6 11:17:32 2019 -0500 refactoring commit a6133f59125db7482c3f56110ce6ba1a17d15e09 Author: Patrick Schleizer Date: Fri Dec 6 11:16:43 2019 -0500 output commit c1ea35e2ef54119d940b225da41c87e6db32981e Author: Patrick Schleizer Date: Fri Dec 6 11:15:54 2019 -0500 output commit 4bec41379d2baaa81930395ff2329ff42f10ff13 Author: Patrick Schleizer Date: Fri Dec 6 11:15:13 2019 -0500 fix remount with noexec if /etc/noexec exists commit bff425fec2adc3c80fee50466ef81bec19c237cf Author: Patrick Schleizer Date: Fri Dec 6 09:32:18 2019 -0500 bumped changelog version commit b22289f2a8e77ccd9a693871612b61842b1f48c8 Author: Patrick Schleizer Date: Fri Dec 6 09:30:05 2019 -0500 readme commit 470cad6e9176f57d33b038640b20443c3fa971fc Author: Patrick Schleizer Date: Fri Dec 6 05:14:02 2019 -0500 remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in) https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707 commit 8cf5ed990a3940c108d661c6c169b5720b1459d1 Author: Patrick Schleizer Date: Thu Dec 5 15:52:24 2019 -0500 comment commit 19add3299c9215d05208e3c2e748527bf87e66b5 Merge: 0c25a96 9679292 Author: Patrick Schleizer Date: Thu Dec 5 15:46:19 2019 -0500 Merge remote-tracking branch 'origin/master' commit 96792928787c1c129a964bd81e97450d2edb29a6 Merge: 0c25a96 af9e19c Author: Patrick Schleizer Date: Thu Dec 5 20:33:47 2019 +0000 Merge pull request #39 from madaidan/rp_filter Enable reverse path filtering commit af9e19c51f256504c5c2206e31da1911872b6ef8 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Dec 5 20:14:55 2019 +0000 Update control commit 30289c68c24a8aa2ce5f336b79f92cffb7aa98c7 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Dec 5 20:13:10 2019 +0000 Enable reverse path filtering commit 0c25a96b59b5bb55c04c88015eb8b50d79815a23 Author: Patrick Schleizer Date: Tue Dec 3 02:18:32 2019 -0500 description / comments commit d26ba05c4776cdff0750b872f3da70fd25fca1f4 Merge: 6ca48ff 73c6410 Author: Patrick Schleizer Date: Tue Dec 3 01:52:04 2019 -0500 Merge remote-tracking branch 'origin/master' commit 73c6410a0e1e6e56529ba8ea98681867bd8acb37 Merge: 6ca48ff 8d63da3 Author: Patrick Schleizer Date: Tue Dec 3 06:51:31 2019 +0000 Merge pull request #38 from madaidan/distrust-cpu Distrust the CPU for initial entropy commit 8d63da3cef6e114deaa6943ea9a633d6620a974b Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Dec 2 16:46:12 2019 +0000 Update control commit 5da2a27bf064d6efefd0d0ba8041e85c4941d3a2 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Dec 2 16:43:00 2019 +0000 Distrust the CPU for initial entropy commit 6ca48fffdcab8665d75584435dd6a24d6b881347 Author: Patrick Schleizer Date: Thu Nov 28 10:22:41 2019 -0500 bumped changelog version commit ab696f557140fca19c09ac08ba61e9ce55947ed8 Author: Patrick Schleizer Date: Thu Nov 28 10:05:39 2019 -0500 readme commit 25aed91eb167a092ece06a9aa4ab56fea165073e Author: Patrick Schleizer Date: Thu Nov 28 09:20:46 2019 -0500 description commit 0c4e5df3e0214c10390b672645d9f80ef4457392 Author: Patrick Schleizer Date: Thu Nov 28 09:18:05 2019 -0500 description commit 5ac2a6f9ac53f75256c655d329149bccd2d9aa37 Author: Patrick Schleizer Date: Thu Nov 28 09:17:32 2019 -0500 description commit ff3412fbe06476cb295dfd9d61b26694f289d389 Author: Patrick Schleizer Date: Wed Nov 27 10:22:31 2019 -0500 fix, make sure to undo pam changes on package removal Thanks to minimal for the bug report! https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/11 commit 62b924eea7d50f58649e089ff9cf8d73075cac63 Merge: 9091f69 ba02dcb Author: Patrick Schleizer Date: Tue Nov 26 13:00:36 2019 -0500 Merge remote-tracking branch 'origin/master' commit ba02dcb267a95d332bd01bb3fc725e051ccb3246 Merge: 9091f69 d9d6d07 Author: Patrick Schleizer Date: Tue Nov 26 18:00:11 2019 +0000 Merge pull request #37 from madaidan/apparmor-fixes Fix permission-lockdown commit d9d6d0771433700f49c4ddf156a0b5bc7098d94b Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Tue Nov 26 17:12:12 2019 +0000 /dev/pts/[0-9]* rw, commit 9091f69eddb76059995e2f44734437746a3fd108 Author: Patrick Schleizer Date: Mon Nov 25 08:51:36 2019 +0000 bumped changelog version commit 57ce06c0ebaa1e451c39b85c8db27babed4b149e Author: Patrick Schleizer Date: Mon Nov 25 08:41:45 2019 +0000 readme commit aa5451c8cda02e6df3dc089bf813e6acd9878a59 Author: Patrick Schleizer Date: Mon Nov 25 01:39:53 2019 -0500 Lock user accounts after 50 rather than 100 failed login attempts. https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19 commit 6277db1383451822769948bbebac31f719e98e74 Author: Patrick Schleizer Date: Sat Nov 23 14:07:45 2019 +0000 bumped changelog version commit 6a6a638ef01d337da137dc04bcff984f7a36f425 Author: Patrick Schleizer Date: Sat Nov 23 14:06:28 2019 +0000 readme commit fe1f1b73a77d11c136cedcdb3efcb57f4c68c6af Author: Patrick Schleizer Date: Sat Nov 23 11:20:32 2019 +0000 load jitterentropy_rng kernel module for better entropy collection https://www.whonix.org/wiki/Dev/Entropy https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972 https://forums.whonix.org/t/jitterentropy-rngd/7204 commit d32024a3da3cdfbb07f61dd3e9a52535e747de6b Author: Patrick Schleizer Date: Sat Nov 23 05:53:19 2019 -0500 /usr/sbin/pam_tally2 mrix, https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/152 commit 03e80238477bef26cf14a86a136d2ab688c87d08 Author: Patrick Schleizer Date: Fri Nov 22 14:11:30 2019 -0500 output commit e76e1475b0009451b930061bff553684b6490d33 Author: Patrick Schleizer Date: Fri Nov 22 12:24:35 2019 -0500 comment commit a99dfd067ac8a43bdcd779cf57b3533bdaa404fb Author: Patrick Schleizer Date: Tue Nov 19 15:31:55 2019 +0000 bumped changelog version commit 81e4f580af1ea12e79e387d4977771f37c50e7c1 Author: Patrick Schleizer Date: Tue Nov 19 15:29:02 2019 +0000 etc/apparmor.d/usr.lib.security-misc.permission-lockdown: /usr/bin/chmod mrix, commit 8ad8dbea5a5c0bacd03cefb66ad8a1989e1cb0fb Author: Patrick Schleizer Date: Mon Nov 18 19:16:16 2019 +0000 bumped changelog version commit 9a20b85fe16584dda909fd5f1aa6bbb62d06bcf0 Merge: 477d476 2b17c0f Author: Patrick Schleizer Date: Sun Nov 17 11:20:17 2019 -0500 Merge remote-tracking branch 'origin/master' commit 2b17c0f3e4dcd7cb9f2239da649b4a885c27e7cf Merge: 477d476 e92022a Author: Patrick Schleizer Date: Sun Nov 17 16:19:55 2019 +0000 Merge pull request #36 from madaidan/hidepid-fix Remove proc-hidepid systemd sandboxing commit e92022a21cbe2df76026b36482f5c71e3471b344 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sat Nov 16 14:56:28 2019 +0000 Remove systemd sandboxing commit 477d476bb1a7507951c2c04622056de5a8d41a56 Author: Patrick Schleizer Date: Sun Nov 10 08:29:44 2019 -0500 etc/apparmor.d/usr.lib.security-misc.pam_tally2-info: add '#include ' commit 11dc23bf082cb0579b5a4a1bc5788ec0b5140973 Author: Patrick Schleizer Date: Sun Nov 10 08:28:32 2019 -0500 etc/apparmor.d/usr.lib.security-misc.permission-lockdown: add '#include ' commit d1d61b106b54a360ca71bb506e2410ac70ea07ed Author: Patrick Schleizer Date: Sat Nov 9 18:44:50 2019 +0000 bumped changelog version commit 9f2932faab4be91528f3404fcbace7012040dac5 Author: Patrick Schleizer Date: Sat Nov 9 13:32:21 2019 -0500 /usr/bin/id rix, commit 6b7df973f621dc9cbe107ee5d709600005f49e65 Author: Patrick Schleizer Date: Sat Nov 9 12:57:45 2019 +0000 bumped changelog version commit 2e73c053b561eb2ffcd815cba8006da810b02184 Author: Patrick Schleizer Date: Sat Nov 9 12:55:00 2019 +0000 fix lintian warning commit 6e28774f95414c5660b76fca3696710beb2affa2 Author: Patrick Schleizer Date: Sat Nov 9 12:23:15 2019 +0000 bumped changelog version commit 94d40c68d4292c0c399c3b12e1af76cb89e7f436 Author: Patrick Schleizer Date: Tue Nov 5 10:02:55 2019 -0500 do not set kernel boot parameter page_poison=1 in Qubes since does not work https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012 commit f57702c1589047f5d0eff7a7bdffb928117532f6 Author: Patrick Schleizer Date: Tue Nov 5 09:55:43 2019 -0500 comments; copyright commit 74293bcd2f2670abf3e62ac8dad54d9f4e545bb1 Author: Patrick Schleizer Date: Tue Nov 5 01:59:25 2019 -0500 output commit 2b5b06b602f9537c9a5473651cd1a16a4e16e5ba Author: Patrick Schleizer Date: Tue Nov 5 01:59:19 2019 -0500 output commit d6977becbaf644cdc98c081b3c3e3fd366c4072d Author: Patrick Schleizer Date: Tue Nov 5 01:51:14 2019 -0500 refactoring commit daf00067953a61d749a07a0e0b4ec7cd397e4c39 Author: Patrick Schleizer Date: Tue Nov 5 01:50:27 2019 -0500 comment commit 78defc4d0bedf4a727d617f3de0294d9f59e3aa9 Author: Patrick Schleizer Date: Sun Nov 3 04:34:31 2019 -0500 add /var/cache/security-misc/state-files/placeholder file to make sure folder already exists to avoid AppArmor issue https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/76 commit 7c0ec7e50797c0da719f389e61445ff7d8e252b3 Author: Patrick Schleizer Date: Sun Nov 3 04:23:40 2019 -0500 readme commit b55c2fd62e200f96bd552445ad4c517d6a0aee92 Author: Patrick Schleizer Date: Sun Nov 3 02:50:51 2019 -0500 Enables punycode (`network.IDN_show_punycode`) by default in Thunderbird to make phising attacks more difficult. Fixing URL not showing real Domain Name (Homograph attack). https://forums.whonix.org/t/enable-network-idn-show-punycode-by-default-in-thunderbird-to-fix-url-not-showing-real-domain-name-homograph-attack-punycode/8415 commit bf62306d4fc3b3168204254ca354028a1fe857a7 Author: Patrick Schleizer Date: Thu Oct 31 16:34:35 2019 +0000 bumped changelog version commit e1375802eb1521eb0bc9089f2ab12056fa326f17 Author: Patrick Schleizer Date: Thu Oct 31 16:32:28 2019 +0000 apparmor fix https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/67 commit 6e5d8b357d977991953e153d618dbdda2b05c0e6 Author: Patrick Schleizer Date: Thu Oct 31 16:06:51 2019 +0000 bumped changelog version commit 203d5cfa6845e23d73ff3790019bac9579f3524b Author: Patrick Schleizer Date: Thu Oct 31 11:19:44 2019 -0400 copyright commit f001250ae61789bef7b2b19d5c40831273b0acca Merge: d832ab9 5a3cbe8 Author: Patrick Schleizer Date: Mon Oct 28 10:31:30 2019 -0400 Merge remote-tracking branch 'origin/master' commit 5a3cbe81000c3a9bbc69ba03c944c6c5ae9115bf Merge: d832ab9 0e49bdc Author: Patrick Schleizer Date: Mon Oct 28 14:30:45 2019 +0000 Merge pull request #35 from madaidan/apparmor Apparmor profiles commit 0e49bdc45f6c94b3f6c2874fd48a6b1c75519790 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Oct 28 14:26:14 2019 +0000 Licensing commit 5d5ad92638ea0ca079bbf8bb03201e8d5c030b1c Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Oct 28 14:26:05 2019 +0000 Licensing commit 0699747fcb6d79ba6abeccdba99c3bc032c615c6 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Oct 28 14:24:37 2019 +0000 Debian packaging commit fe4e29d392ed8db5571d69b10ef0f8a24eec1829 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Oct 28 14:22:47 2019 +0000 Depend on dh-apparmor commit 1b8b3610b17ae31bc81c3827cea24bd09822a0e3 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Oct 28 14:20:59 2019 +0000 Create usr.lib.security-misc.pam_tally2-info commit 29b05546e4248bdf95b62ea356bd98767e3a59b0 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Oct 28 14:20:08 2019 +0000 Create usr.lib.security-misc.permission-lockdown commit d832ab91bdd9cdbf2a9c3bbee39351082a59f759 Author: Patrick Schleizer Date: Wed Oct 23 10:22:03 2019 +0000 bumped changelog version commit bce5274a15e4d34907c2f65b9811dd44705c120e Author: Patrick Schleizer Date: Tue Oct 22 09:22:29 2019 -0400 quotes fix commit e20b9e21334ef9e16e1fd147fec4ff33f0721d4a Author: Patrick Schleizer Date: Tue Oct 22 09:08:18 2019 -0400 better solution when using pkexec with --user: wrap sudo --user with lxqt-sudo commit d4e02de43a068a22a9fd1b15c4d2b314baf97283 Author: Patrick Schleizer Date: Tue Oct 22 09:04:44 2019 -0400 set SUDO_ASKPASS for pkexec wrapper when using sudo --askpass commit 1a65a91039276f73c68feb5c19b1a3dd86b07cbb Author: Patrick Schleizer Date: Tue Oct 22 08:56:05 2019 -0400 long rather than short option commit b55913637bb66b3c1e9fcab3d1576cb1325419ea Author: Patrick Schleizer Date: Tue Oct 22 08:54:48 2019 -0400 silence output by mount/grep commit a1154170c9f65011ae1a9da51ea1d797381853a7 Author: Patrick Schleizer Date: Tue Oct 22 08:54:17 2019 -0400 Call original pkexec in case there are no arguments. commit 9c8f678cb935d5d63b238d4641bde84c5495127b Author: Patrick Schleizer Date: Mon Oct 21 09:55:41 2019 +0000 bumped changelog version commit 1e4d0ea1d072c193281ac176592108c88e80bad0 Author: Patrick Schleizer Date: Mon Oct 21 09:55:05 2019 +0000 fix lintian warning commit 343d9cc9169dd3e0b4afebaeaa43d0051cbb5e37 Author: Patrick Schleizer Date: Mon Oct 21 09:53:55 2019 +0000 fix commit 2d436f36021d1148862ff5e2db62577580761bf6 Author: Patrick Schleizer Date: Mon Oct 21 09:51:36 2019 +0000 bumped changelog version commit af3f42dabf708b6f6e2c4e2595d6af496b520372 Author: Patrick Schleizer Date: Mon Oct 21 09:51:12 2019 +0000 readme commit 40707e70dbbf74e5ee3cd25bd2737f880d4bca5c Author: Patrick Schleizer Date: Mon Oct 21 05:46:49 2019 -0400 Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040 https://forums.whonix.org/t/cannot-use-pkexec/8129 Thanks to AnonymousUser for the bug report! commit 31b771ac2e1cd692851f0d58191c3147d4a09335 Author: Patrick Schleizer Date: Fri Oct 18 10:39:43 2019 +0000 bumped changelog version commit 2613525b945c98c676a919cb4a9d54b90e51cbbf Author: Patrick Schleizer Date: Fri Oct 18 10:39:19 2019 +0000 readme commit 957deac5cb1e3fdf54990bad21c502388af2407e Author: Patrick Schleizer Date: Fri Oct 18 10:38:25 2019 +0000 fix lintian warning W: security-misc: maintainer-script-should-not-parse-etc-passwd-or-group preinst:19 commit d301e7f3653bdb4b56c42deab9d0566ff1b27380 Author: Patrick Schleizer Date: Fri Oct 18 10:36:44 2019 +0000 description, fix lintian warning commit ce6b64a9baba3763f2137c81c1e022c4e6344d3c Author: Patrick Schleizer Date: Fri Oct 18 08:55:07 2019 +0000 bumped changelog version commit 20b7faa61fb7c425f15492fd8aaa67e4fe06a6d9 Author: Patrick Schleizer Date: Fri Oct 18 08:54:43 2019 +0000 readme commit c9d75ef9ea76fee0cff882143f289d9662826330 Author: Patrick Schleizer Date: Thu Oct 17 06:46:47 2019 -0400 abort installation if no user is part of group sudo https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4 Thanks to minimal for the bug report! commit a5045dc26e3b7d6acd6ae2c5727920824f992cc7 Author: Patrick Schleizer Date: Thu Oct 17 06:18:32 2019 -0400 set -e commit 0b8725306f2c603c28ab78be7000df25ca2ea430 Author: Patrick Schleizer Date: Thu Oct 17 06:13:44 2019 -0400 renamed: etc/hide-hardware-info.d/30_whitelist.conf -> etc/hide-hardware-info.d/30_default.conf commit 4aba02756680eb5e0dac9d84ba434edd735c68c1 Author: Patrick Schleizer Date: Thu Oct 17 06:12:36 2019 -0400 syntax check commit 8b9aa8841a67adb9b3b64a1d43022e950768bc42 Author: Patrick Schleizer Date: Thu Oct 17 06:11:01 2019 -0400 fix commit cfbd77040a51b68dc6e3c1f8f82861cfc4b6e761 Author: Patrick Schleizer Date: Thu Oct 17 06:10:29 2019 -0400 set "shopt -s nullglob" to avoid failing when folder /etc/hide-hardware-info.d does not exist or is empty commit b05663c5f65f59ce652995c403feb9b4e088b4ec Author: Patrick Schleizer Date: Thu Oct 17 06:08:55 2019 -0400 shuffle https://forums.whonix.org/t/restrict-hardware-information-to-root/7329/80 commit 28a440091dd98fd4f3284cce01d692c08aa96bf1 Author: Patrick Schleizer Date: Thu Oct 17 06:08:16 2019 -0400 code simplification commit 3c4e261c20ce7cab51ad9b6596db09e009efbdeb Author: Patrick Schleizer Date: Thu Oct 17 06:05:23 2019 -0400 remove trailing spaces commit c8e0303d6d59e3303c0582ff8ab2664762199c81 Merge: 4b1b3b7 8a42c5b Author: Patrick Schleizer Date: Thu Oct 17 06:04:34 2019 -0400 Merge remote-tracking branch 'origin/master' commit 8a42c5b02387da454ff5661057be88a7c6fe9d9c Merge: 994ca02 61f7423 Author: Patrick Schleizer Date: Thu Oct 17 09:59:12 2019 +0000 Merge pull request #34 from madaidan/whitelist Add a whitelist for /sys and /proc/cpuinfo commit 994ca024c24cf80075b2f03bc65475a5d9980d94 Merge: 4b1b3b7 259b1f2 Author: Patrick Schleizer Date: Thu Oct 17 06:19:46 2019 +0000 Merge pull request #33 from madaidan/documentation Improve documentation commit 61f742304d26e73df8433bd6fa03d33d39e39625 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Oct 16 19:46:59 2019 +0000 return 0 commit 259b1f2c71ec4566011a148e5bc703a41f0ebd90 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Oct 16 19:21:24 2019 +0000 Update control commit ffba0e017940d2be08c1e37514d396ac39f55e35 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Oct 16 19:04:15 2019 +0000 Elaborate commit 4f5b7816ecda6375b051c75a3b0aff93519b4a66 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Oct 16 19:01:49 2019 +0000 Elaborate commit 99a762d3dc6ecbdb160b7840081848444b56c3fa Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Oct 16 18:53:04 2019 +0000 KASLR is different from ASLR commit a14a2854c6e72f2b4b3e5c8d02b63a46c3179a00 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Oct 16 18:52:14 2019 +0000 Elaborate commit f08c03ab21126b2d3ef5d4c2e4e3f0eae14fa5c0 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Oct 16 15:39:23 2019 +0000 Restrict sysfs/cpuinfo if the whitelist is disabled commit af607d5eb233d85d493d796afde76728f0e0e3cd Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Tue Oct 15 21:02:03 2019 +0000 Create sysfs and cpuinfo groups commit 42c1701d5ca446da37a493b27c125b78bd8d183d Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Tue Oct 15 21:00:03 2019 +0000 Whitelist user@.service commit a47a2fca8bcdf8ff480cea879720b9599c491358 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Tue Oct 15 20:58:58 2019 +0000 Create 30_whitelist.conf commit 6b78dbcd07a9d2361c5ab41f5151e24a80309e13 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Tue Oct 15 20:57:02 2019 +0000 Add way to whitelist things commit 4b1b3b7d6675adbde57d9cf5cbcc880f95199ef1 Author: Patrick Schleizer Date: Mon Oct 14 10:23:01 2019 +0000 bumped changelog version commit c19964360a6d42e73e5d2f3b90afd5f676933d30 Author: Patrick Schleizer Date: Mon Oct 14 10:10:08 2019 +0000 readme commit c22738be027f69391a4ac40ce85bfacf35ff1742 Author: Patrick Schleizer Date: Mon Oct 7 08:25:45 2019 +0000 comments commit 75f36bc2c9bf5c50061f05198c504d84b128e5da Author: Patrick Schleizer Date: Mon Oct 7 08:25:07 2019 +0000 comments commit e92a8a69665f982e8b5a37f7081fa75197cde828 Author: Patrick Schleizer Date: Mon Oct 7 08:24:02 2019 +0000 comments commit 60c044a9d669dd816ff473f19e19b87f87cc9008 Author: Patrick Schleizer Date: Mon Oct 7 05:30:56 2019 +0000 copyright / comments commit cd2135ff82de82278eaa680d30bea2fe68f94f52 Author: Patrick Schleizer Date: Sun Oct 6 10:18:24 2019 +0000 comments commit 8b4f2befd46d4db4d2a83d9e79ebcf9abf98fd02 Author: Patrick Schleizer Date: Sat Oct 5 13:15:34 2019 +0000 comment out sack by default https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/8?u=patrick commit 02096f8d7c7ee1f61285cf96564616f2828aa6c2 Author: Patrick Schleizer Date: Sat Oct 5 13:13:46 2019 +0000 Revert "undo Disabling TCP SACK, DSACK, FACK" This reverts commit 5fb4eb8e561e7c37cea977072944501fc32ee883. commit 62a0239207ee355e3d07e0097c963a0ded496e76 Author: Patrick Schleizer Date: Sat Oct 5 11:33:15 2019 +0000 bumped changelog version commit 54b83ae44dbda76b9b2696488194b53612bfc377 Author: Patrick Schleizer Date: Sat Oct 5 07:20:18 2019 -0400 readme commit 5fb4eb8e561e7c37cea977072944501fc32ee883 Author: Patrick Schleizer Date: Sat Oct 5 07:00:47 2019 -0400 undo Disabling TCP SACK, DSACK, FACK https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/5 commit c19942f72b8d74056dd8da8c3cd9ac7e0fbe8991 Merge: 213aef6 a33851a Author: Patrick Schleizer Date: Sat Oct 5 06:58:27 2019 -0400 Merge remote-tracking branch 'origin/master' commit a33851a3c99a5eb9021d2d28b3164ed10025fbd9 Merge: 213aef6 d0c6bb1 Author: Patrick Schleizer Date: Sat Oct 5 10:58:08 2019 +0000 Merge pull request #32 from madaidan/disable-dsack-fack Disable TCP DSACK and FACK commit 213aef6eb9288efffe9fb0458f0aa8a44a6dafa6 Author: Patrick Schleizer Date: Sat Oct 5 09:40:26 2019 +0000 bumped changelog version commit aaebb32b668f4447c011f4e150f959c8d0e1ce09 Author: Patrick Schleizer Date: Sat Oct 5 09:39:05 2019 +0000 readme commit c87fc75f2a7d6ed38362729d27030f83b08292d3 Author: Patrick Schleizer Date: Sat Oct 5 09:36:21 2019 +0000 fix, run remove-system-map.service during sysinit.target commit 25b674678472623c06d948f4cbb967f360ba15f0 Author: Patrick Schleizer Date: Sat Oct 5 09:14:54 2019 +0000 fix systemd unit file proc-hidepid.service: WantedBy=sysinit.target commit d2bc3a2a08a00c68f05ed99caf16aad0b1e11ea4 Author: Patrick Schleizer Date: Sat Oct 5 09:14:41 2019 +0000 chmod +x usr/lib/security-misc/hide-hardware-info commit ffe0d62c8148ec60f7528002e988b969ebb868ca Merge: ddc778b 7bcf73d Author: Patrick Schleizer Date: Sat Oct 5 04:49:05 2019 -0400 Merge remote-tracking branch 'origin/master' commit 7bcf73deaa1c77f9c650d8844ad94d24e38746fd Merge: ddc778b 7345287 Author: Patrick Schleizer Date: Sat Oct 5 08:46:21 2019 +0000 Merge pull request #31 from madaidan/hide-hardware-info Restrict /proc/cpuinfo, /proc/bus, /proc/scsi and /sys to root commit d0c6bb1e9064ffdf45f7ac606f708c3f5e7dc247 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Fri Oct 4 17:35:54 2019 +0000 Disable TCP DSACK and FACK commit 7345287560bc701f8b4aead985238d66104b228c Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Fri Oct 4 17:32:52 2019 +0000 Use sysinit.target instead commit e06eeec6788a46a28682b2c83f1de9f83eacf3bd Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Oct 3 21:42:06 2019 +0000 Disable hide-hardware-info.service by default commit 87917d2f03d5e510f4e2cbdbea2a7692146e820b Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Oct 3 21:38:07 2019 +0000 Add licensing commit b06ab912c04d3d8746afa7492d0c3bb17bf71932 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Oct 3 21:37:29 2019 +0000 Add licensing commit ec5fcf813b80347e5d8aa55dbd5d77860e62ccc6 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Oct 3 20:50:48 2019 +0000 Update control commit ce97e5ed8203809619d8fdf630242712c188cede Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Oct 3 20:45:29 2019 +0000 Create hide-hardware-info.service commit 9449f5017a6feff7e70d625d54d75d514ed2e596 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Oct 3 20:45:14 2019 +0000 Create hide-hardware-info commit ddc778b45281b9f7f42496ffbd4f2137d6fa9d5a Author: Patrick Schleizer Date: Mon Sep 16 13:34:11 2019 +0000 bumped changelog version commit 75258843e9d4da9b0be7aec42528e093e0861992 Author: Patrick Schleizer Date: Mon Sep 16 13:03:43 2019 +0000 copyright commit 8e39cea876a8ff9ca496b9230dd13e4201f1e2f6 Author: Patrick Schleizer Date: Mon Sep 16 13:03:25 2019 +0000 comment commit bac462f2112d0290cad82717e1efed19c8fafac5 Author: Patrick Schleizer Date: Mon Sep 16 13:03:02 2019 +0000 comment commit bec680d4f3ccc406c5d8c5a67d7957be04f6a0de Author: Patrick Schleizer Date: Mon Sep 16 12:30:23 2019 +0000 pam_tally2-info: fix, do nothing when started as user "user" xscreensaver runs as user "user", therefore pam_tally2 cannot function. xscreensaver has its own failed login counter. as user "user" /sbin/pam_tally2 -u user pam_tally2: Error opening /var/log/tallylog for update: Permission denied /sbin/pam_tally2: Authentication error https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698 commit c2e444479cf723a7ddb3c51cd6394795daba108e Author: Patrick Schleizer Date: Sun Sep 15 14:08:13 2019 +0000 bumped changelog version commit c9425a1404af73bf5d92fd7d1665130335d9e789 Author: Patrick Schleizer Date: Sun Sep 15 14:07:50 2019 +0000 readme commit 619550da2393dfe683be827a51d4390b6280ace1 Author: Patrick Schleizer Date: Sun Sep 15 14:00:24 2019 +0000 description commit b95b66e42986a359835127d6c56aabb1e9d9008f Author: Patrick Schleizer Date: Sun Sep 15 13:56:37 2019 +0000 description commit ae804a15e73a4a8b9ef3b605e3fca7ba24e135a6 Author: Patrick Schleizer Date: Sun Sep 15 13:21:02 2019 +0000 description commit 3d187dab99cd6d0a2906e73c86e0dd8c94cbc648 Author: Patrick Schleizer Date: Thu Sep 12 12:50:42 2019 +0000 bumped changelog version commit f13a73e569e6adacd38aaa59f4484919a3896359 Author: Patrick Schleizer Date: Tue Sep 10 12:35:42 2019 -0400 undo SysRq restrictions https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079 commit fbd1a5bde922be9c571d54567c977618e2c4bfc5 Author: Patrick Schleizer Date: Tue Sep 10 12:23:00 2019 -0400 hidepid before sysinit.target commit 1f75a1065049a1c75e0cb597f2bcc1a8e0eca93b Author: Patrick Schleizer Date: Mon Sep 9 12:10:24 2019 +0000 bumped changelog version commit 1b4391417619a51cfe22d9eee21d9fa644d145b6 Merge: 9d875d7 d0b3bc7 Author: Patrick Schleizer Date: Mon Sep 9 11:45:36 2019 +0000 Merge remote-tracking branch 'origin/master' commit d0b3bc7d3da6a4e3a04adb85cc5c7aa6c22bb466 Merge: 9d875d7 60db7e6 Author: Patrick Schleizer Date: Mon Sep 9 11:45:19 2019 +0000 Merge pull request #30 from madaidan/patch-23 fix typo commit 60db7e6294ab405a862c1cbc62140c9e89208b25 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sat Sep 7 20:08:56 2019 +0000 fix typo commit 9d875d7c31b4cd15873709c57ebb338d89477ab5 Author: Patrick Schleizer Date: Sat Sep 7 06:11:32 2019 +0000 bumped changelog version commit b3103b1ba8a1b8d7718ee167230dc938bc8b64b4 Author: Patrick Schleizer Date: Sat Sep 7 06:10:35 2019 +0000 readme commit 7affddb3bbfaa8183bad5986dbbb6ea728df1fe4 Author: Patrick Schleizer Date: Sat Sep 7 05:47:34 2019 +0000 blacklist modules with /bin/false rather than /bin/true to fail with error message rather than failing without notification commit 8132052ce01215a98cb4464e5f78d75349e77b10 Author: Patrick Schleizer Date: Sat Sep 7 05:44:23 2019 +0000 run update-grub from postinst so /etc/default/grub.d changes take effect commit 661bcd8603425934188cf139f33e20675ff4b765 Author: Patrick Schleizer Date: Sat Sep 7 05:39:56 2019 +0000 allow loading unsigned modules due to issues https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23 commit 9ee9309f542472a8c8045df44573a5ec38e32a90 Author: Patrick Schleizer Date: Fri Sep 6 13:04:57 2019 +0000 bumped changelog version commit ea0779e42aa8416c142eb3d37f8cede42794e0f7 Author: Patrick Schleizer Date: Fri Sep 6 13:00:20 2019 +0000 rm_conffile /etc/sudoers.d/umask-security-misc commit 3a9939dccbea16408e8ba1c739748234bde68d89 Author: Patrick Schleizer Date: Fri Sep 6 11:47:40 2019 +0000 bumped changelog version commit 51705c201bd9959a77a53201e492100b751d0508 Author: Patrick Schleizer Date: Fri Sep 6 11:47:17 2019 +0000 readme commit 5960c1682a5177355147fce67c383ce6f861d60c Author: Patrick Schleizer Date: Fri Sep 6 11:46:22 2019 +0000 description commit fccfacfdafd197951e5a9598b9fb47309021ec84 Author: Patrick Schleizer Date: Fri Sep 6 11:45:54 2019 +0000 description commit cb8170fd800816c2f6123cd67819340da8f51551 Author: Patrick Schleizer Date: Fri Sep 6 11:44:56 2019 +0000 comment commit ccdbc52b82993f0078c16ba99248eb4569539344 Author: Patrick Schleizer Date: Fri Sep 6 11:43:55 2019 +0000 comment commit 051856bc8e587250d9b6936661d8f05d965c3e59 Author: Patrick Schleizer Date: Fri Sep 6 11:42:38 2019 +0000 remove trailing space commit 610d3488e9d4372c442eeb33c57a4a791c48267b Author: Patrick Schleizer Date: Fri Sep 6 09:33:06 2019 +0000 bumped changelog version commit b15becd48d3437b8a3965b84d5cdb80012fe32e8 Author: Patrick Schleizer Date: Fri Sep 6 09:32:42 2019 +0000 readme commit 0e20e33d1629e532e77e1f3e21b546ea125f28b0 Author: Patrick Schleizer Date: Thu Sep 5 02:31:57 2019 -0400 description commit 0b3dcef13d6462d9586908a91ff4d976070b26a3 Author: Patrick Schleizer Date: Thu Sep 5 02:30:40 2019 -0400 description commit f2e5883b4c72118d00f77e4dfc3187e5d9bf6391 Author: Patrick Schleizer Date: Thu Sep 5 02:29:48 2019 -0400 description commit a4913ae092e26af4368e0f493b8b79d11329eb18 Author: Patrick Schleizer Date: Thu Sep 5 02:28:43 2019 -0400 description commit a2aeb401a25f3576b8ed95b62fd47edad8e61e2c Author: Patrick Schleizer Date: Sat Aug 31 13:44:37 2019 +0000 bumped changelog version commit 3a5bdddf5c790829252ff7d5443a3d4d3b9218d8 Author: Patrick Schleizer Date: Sat Aug 31 08:43:46 2019 -0400 depend on adduser commit 8bbebf64cff87ce37a100a1da74cfd0e811ed571 Author: Patrick Schleizer Date: Sat Aug 24 16:41:27 2019 +0000 bumped changelog version commit 07cba361ed663672de3d0263e8262c61b4d43b4e Author: Patrick Schleizer Date: Sat Aug 24 16:39:56 2019 +0000 readme commit 0ae5c5ff14c308ff5307926fbe6d93f44e1c7615 Author: Patrick Schleizer Date: Sat Aug 24 12:14:22 2019 -0400 remove umask changes since these are causing issues are are not needed anymore thanks to home folder permission lockdown https://forums.whonix.org/t/change-default-umask/7416/45 commit 41c4682280b7bc8e700d9ed41b55e464c0511b69 Author: Patrick Schleizer Date: Fri Aug 23 16:57:12 2019 +0000 bumped changelog version commit e77260fd9cab49f85d5790188485dce7f9eeee23 Author: Patrick Schleizer Date: Fri Aug 23 16:53:55 2019 +0000 readme commit 793c9b6801ffda5d75d389b8e7a2a6d140d8d382 Merge: a74b983 44d62e0 Author: Patrick Schleizer Date: Mon Aug 19 12:48:23 2019 +0000 Merge remote-tracking branch 'origin/master' commit a74b983283e9aa1662cd6be87148184f380fa297 Author: Patrick Schleizer Date: Mon Aug 19 12:46:59 2019 +0000 remove LLC - IEEE 802.2 from blacklist since required by KVM https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107 https://forums.whonix.org/t/blacklist-uncommon-network-protocols/7391/22 https://github.com/Whonix/security-misc/pull/29 commit 44d62e05b5a60a3d45afd829fb67970afa7678b7 Merge: 0140df8 a8b6281 Author: Patrick Schleizer Date: Mon Aug 19 12:45:52 2019 +0000 Merge pull request #29 from onions-knight/patch-1 Update uncommon-network-protocols.conf commit a8b62811199b6c4e5d86439cd0fc9e9c18dc027b Author: onions-knight <38859709+onions-knight@users.noreply.github.com> Date: Mon Aug 19 11:30:57 2019 +0000 Update uncommon-network-protocols.conf Removing llc from blacklisted network protocols as it is needed by KVM for networking. See https://hub.packtpub.com/kvm-networking-libvirt/ and https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107 commit 0140df866839d4f02ba5988eec8c72a71136482a Author: Patrick Schleizer Date: Mon Aug 19 08:43:28 2019 +0000 virusforget commit 113ab4256861edc068ea09b2d8fb96355cb71867 Author: Patrick Schleizer Date: Mon Aug 19 08:31:23 2019 +0000 virusforget commit 416906d4f9ad522a65d8847c9d03f4497bbd898f Author: Patrick Schleizer Date: Mon Aug 19 08:19:35 2019 +0000 virusforget commit 2d867d9fee691ba088cf42badc4def562d82bd0d Author: Patrick Schleizer Date: Mon Aug 19 08:10:18 2019 +0000 virusforget commit 8e76e6b8b3129bcda1c82322cc56e31edac43e3f Author: Patrick Schleizer Date: Mon Aug 19 07:48:12 2019 +0000 fix commit 3f068f77febebbe425f9d6cd1ef2d620fb6ec379 Author: Patrick Schleizer Date: Mon Aug 19 07:47:20 2019 +0000 keep cache folder outside of reach of user since even user can remove files owned by root in its home folder commit 1fa1efa58e6f719766394bc8b94d4aa4076bdc0d Author: Patrick Schleizer Date: Mon Aug 19 07:22:09 2019 +0000 credits commit 1e026a3ebbacb1011edbbf5b0fbcfe7b5e6338c0 Author: Patrick Schleizer Date: Sun Aug 18 22:50:44 2019 +0000 initial development version of VirusForget commit e15b5603057fd9c67ac1ab34493e8b9f05fbac9b Author: Patrick Schleizer Date: Sat Aug 17 10:54:08 2019 +0000 bumped changelog version commit c897682794639fa7848acf5ba4b33aabbbcd0644 Author: Patrick Schleizer Date: Sat Aug 17 10:53:45 2019 +0000 readme commit e535232728ec7ff6846a3102b73707c549ea64c0 Author: Patrick Schleizer Date: Sat Aug 17 10:37:49 2019 +0000 description commit 7ffdd7c240b55c1d5fae9279b42319a5e8be74ba Author: Patrick Schleizer Date: Sat Aug 17 10:37:42 2019 +0000 description commit 207399439f29b4b421a8e91fc1b965d9e82ba35c Author: Patrick Schleizer Date: Sat Aug 17 10:37:36 2019 +0000 description commit d4fb485e7090a7424f3f80b18b010fbc9859283c Author: Patrick Schleizer Date: Sat Aug 17 10:35:31 2019 +0000 description commit 41b2819ec88364290c5d91daa2236919ea589c1c Author: Patrick Schleizer Date: Sat Aug 17 10:33:47 2019 +0000 PAM: abort on locked password to avoid needlessly bumping pam_tally2 counter https://forums.whonix.org/t/restrict-root-access/7658/1 commit e0e25364e2d14459b918eea2cb63cbe10b8371f3 Author: Patrick Schleizer Date: Sat Aug 17 09:57:48 2019 +0000 bumped changelog version commit cfd18d4486c763a79bc174bded7d8cf0b3dd567f Author: Patrick Schleizer Date: Sat Aug 17 09:56:29 2019 +0000 readme commit ed90d8b025c1f852856fea0e620c240f35e78a53 Author: Patrick Schleizer Date: Sat Aug 17 09:55:20 2019 +0000 change default umask to 027 as per: https://forums.whonix.org/t/change-default-umask/7416/47 commit b9127faac300024f7d8851d41037bebd5d3fe05c Author: Patrick Schleizer Date: Fri Aug 16 16:05:51 2019 +0000 bumped changelog version commit e004a5e0cf22c5add683ed8c1ff6f88bdc4053ba Author: Patrick Schleizer Date: Fri Aug 16 16:05:25 2019 +0000 readme commit f9e3825e9166b9814beb5e0a8e30caa540e66a27 Author: Patrick Schleizer Date: Fri Aug 16 16:05:09 2019 +0000 fix lintian warning commit ec99720811c53bf0ad3a1f36e0d34371ebc6d283 Author: Patrick Schleizer Date: Fri Aug 16 15:59:14 2019 +0000 bumped changelog version commit 6a68c3bd9cd47a8542460a95d90bcf7e34d9f768 Author: Patrick Schleizer Date: Fri Aug 16 15:57:30 2019 +0000 readme commit 224f95799c36f56c2165fe9284abaceaa84f1d3b Author: Patrick Schleizer Date: Fri Aug 16 11:15:25 2019 -0400 sudo default umask 006 https://forums.whonix.org/t/change-default-umask/7416/43 commit 17cfcb63b6358f51a65df9623bc23ddf869b06cc Author: Patrick Schleizer Date: Fri Aug 16 10:50:56 2019 -0400 code simplification; report locked account earlier commit 5754671c460c67bd7d8e064841383ea7b7f90824 Merge: 34672b8 9781598 Author: Patrick Schleizer Date: Fri Aug 16 10:36:43 2019 -0400 Merge remote-tracking branch 'origin/master' commit 97815986321b6daf9c1f0c6f33a4b282ca05438c Merge: 34672b8 85502ad Author: Patrick Schleizer Date: Fri Aug 16 14:36:00 2019 +0000 Merge pull request #27 from madaidan/patch-21 Blacklist bluetooth commit 85502ad430f560070806c8b95b7fed3fe7028587 Merge: 4a6f87f 34672b8 Author: Patrick Schleizer Date: Fri Aug 16 14:35:51 2019 +0000 Merge branch 'master' into patch-21 commit 34672b88a86285e1d3eaf35f0a2b3c2e974ffd26 Author: Patrick Schleizer Date: Thu Aug 15 15:18:02 2019 +0000 bumped changelog version commit a11e3cea9eb160ba84dbc273ea4cb48bc687158f Author: Patrick Schleizer Date: Thu Aug 15 15:08:48 2019 +0000 readme commit ff9bc1d7ea81a8507f44d9bb1301b9665614ebdd Author: Patrick Schleizer Date: Thu Aug 15 13:37:28 2019 +0000 informational output during PAM: * Show failed and remaining password attempts. * Document unlock procedure if Linux user account got locked. * Point out, that there is no password feedback for `su`. * Explain locked (root) account if locked. * /usr/share/pam-configs/tally2-security-misc * /usr/lib/security-misc/pam_tally2-info commit 454e1358220abf75def0d88a22426086a55c0802 Author: Patrick Schleizer Date: Thu Aug 15 07:33:41 2019 +0000 pam_tally2.so even_deny_root commit 63b476221c7b9ece6b99f9e194fab80e300275d9 Author: Patrick Schleizer Date: Thu Aug 15 07:30:56 2019 +0000 use requisite rather than required to avoid asking for password needlessly if login will fail anyhow commit ce4a30d3cecb7e9bddb96c79aab871804cb90bd4 Author: Patrick Schleizer Date: Wed Aug 14 11:52:26 2019 +0000 bumped changelog version commit a7c25a451c78f7b9a5720e1b6fc7d168eb0afa4f Author: Patrick Schleizer Date: Wed Aug 14 11:50:53 2019 +0000 remove unneeded dependency on libpam-cgfs commit 633854c6bec439af9718439c8207012322800166 Author: Patrick Schleizer Date: Wed Aug 14 11:13:25 2019 +0000 bumped changelog version commit 0feb54b28e90b5c4cfcd529914a3892362c34966 Author: Patrick Schleizer Date: Wed Aug 14 11:10:18 2019 +0000 add Depends: apparmor-profile-anondist to fix apparmor issue sudo[19806]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied sudo[18961]: pam_exec(sudo:session): /usr/lib/security-misc/permission-lockdown failed: exit code 13 kernel: audit: type=1400 audit(1565780860.972:224): apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=19806 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 commit 8fdc77fed553d7ba6123d738b9cb3efe98f3f08f Author: Patrick Schleizer Date: Wed Aug 14 10:33:23 2019 +0000 output to stdout commit 5213cfbcdcb41a5aa714d1031b36436adeb0359c Author: Patrick Schleizer Date: Wed Aug 14 10:08:18 2019 +0000 bumped changelog version commit 2875adb7221769dcd23ef701dae8b9ad24708590 Author: Patrick Schleizer Date: Wed Aug 14 10:07:55 2019 +0000 readme commit 01b3a0bfaeda0dad87644ad8d54c61e07dd501f7 Author: Patrick Schleizer Date: Wed Aug 14 09:52:53 2019 +0000 description commit 547ba91d799780487782cdd8088c556d978494e8 Author: Patrick Schleizer Date: Wed Aug 14 09:45:30 2019 +0000 sanity test commit dee195d89e94ff343cec60308cbbb5464d2a7b18 Author: Patrick Schleizer Date: Wed Aug 14 09:40:41 2019 +0000 description commit 799acad724977dea220c2228f9da0db3d6b5170e Author: Patrick Schleizer Date: Wed Aug 14 09:39:43 2019 +0000 skip, if not a folder commit 6321ff5ad5938a929d4a997b4f1b03db2ac4b5fd Author: Patrick Schleizer Date: Wed Aug 14 09:38:44 2019 +0000 refactoring commit 15094cab4fbbb1fd0c20bd8241ea20bd6c0bd331 Author: Patrick Schleizer Date: Wed Aug 14 09:36:30 2019 +0000 avoid ' character in usr/share/pam-configs; in description commit 97d1945e61053efd3b73fb9f761b3ea1c9271cdc Author: Patrick Schleizer Date: Wed Aug 14 09:32:58 2019 +0000 no log needed, informative output to stdout instead commit a085d46c567b0b5dbbaddd8f3e5873d87d904c4a Author: Patrick Schleizer Date: Wed Aug 14 09:31:58 2019 +0000 change priories so "pam_umask.so usergroups umask=006" runs before pam_exec.so /usr/lib/security-misc/permission-lockdown commit f8c828b69a8f52108d19af4076e718930b5dcd07 Author: Patrick Schleizer Date: Wed Aug 14 05:19:02 2019 -0400 output commit e5da6d9699de1d3c4aaefee7d301a4c47f33e4bd Author: Patrick Schleizer Date: Wed Aug 14 05:17:54 2019 -0400 copyright commit 1595789d7c310c80196345e06b6bacc8fb7c0baf Author: Patrick Schleizer Date: Wed Aug 14 05:17:16 2019 -0400 comment commit ce06fdf91103afbaf84523ce998570af733b5bbe Author: Patrick Schleizer Date: Wed Aug 14 05:15:53 2019 -0400 formatting commit 21489111d107023f150988137180154ba62e1ff2 Author: Patrick Schleizer Date: Wed Aug 14 08:34:03 2019 +0000 run permission lockdown during pam https://forums.whonix.org/t/change-default-umask/7416 commit 42f2d5f6664f15baebdaf200a5690cf32cdbe284 Author: Patrick Schleizer Date: Wed Aug 14 07:39:28 2019 +0000 description commit 52df8dc0149d597c3106daa7112a01db444e34f1 Author: Patrick Schleizer Date: Wed Aug 14 07:37:21 2019 +0000 optional pam_umask.so usergroups umask=006 commit f210294f4091b6a09c902a446b125c26022c5d2a Author: Patrick Schleizer Date: Wed Aug 14 07:24:24 2019 +0000 description commit dbea7d1511d8e1b2604960d37146ec931d9dfe15 Author: Patrick Schleizer Date: Wed Aug 14 07:22:14 2019 +0000 add hook etc/kernel/postinst.d/30_remove-system-map to remove system.map on kernel package upgrade; self-document this package: during upgrade the following will be written to stdout: Setting up linux-image-4.19.0-5-amd64 (4.19.37-5+deb10u2) ... /etc/kernel/postinst.d/30_remove-system-map: removed '/boot/System.map-4.19.0-5-amd64 commit f1d8cbc9fb2b800205923cce77a8e242dddd133c Author: Patrick Schleizer Date: Wed Aug 14 07:02:09 2019 +0000 bumped changelog version commit 41f4441d9dc5777d4ea7424f8422164c548da091 Author: Patrick Schleizer Date: Wed Aug 14 07:01:47 2019 +0000 readme commit a82448d46af4fb9dce2de84025b8b820a11fae01 Author: Patrick Schleizer Date: Wed Aug 14 07:01:25 2019 +0000 description commit ff8c0979435b491cf462c5ef6e8e02f6d85f1d81 Merge: 6f8acf0 a8ea379 Author: Patrick Schleizer Date: Wed Aug 14 06:59:50 2019 +0000 Merge remote-tracking branch 'origin/master' commit a8ea37952669b3f40a452cb580442126ec44233a Merge: 6f8acf0 9a49b8e Author: Patrick Schleizer Date: Wed Aug 14 06:59:34 2019 +0000 Merge pull request #28 from madaidan/patch-22 Require all loaded kernel modules to be signed with a valid key. commit 9a49b8ecbb863a995862a4d380c6a03f6c0991ac Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Tue Aug 13 13:33:07 2019 +0000 Create 40_only_allow_signed_modules.cfg Require all loaded kernel modules to be signed with a valid key. commit 6f8acf06d79c77e3bee15cc8696a433271e2b7c9 Author: Patrick Schleizer Date: Sun Aug 11 12:07:07 2019 +0000 bumped changelog version commit 52cee9128316d649ba7ffa9600d0fdc33c99a9a9 Author: Patrick Schleizer Date: Sun Aug 11 11:39:32 2019 +0000 readme commit aacd9c7679b05b7ee59df484f21a24fe7aa5901d Author: Patrick Schleizer Date: Sun Aug 11 10:34:38 2019 +0000 description commit c0b5c70de498d891e4edd5b9af2292909be36776 Author: Patrick Schleizer Date: Sun Aug 11 10:33:22 2019 +0000 description commit 2f37a66fd009c9cba423c0f95833a71c8669af46 Author: Patrick Schleizer Date: Sun Aug 11 10:31:29 2019 +0000 description commit e83ec79a25d09b2467e2389959d87267bab7f1f0 Author: Patrick Schleizer Date: Sun Aug 11 10:30:51 2019 +0000 enable usr/share/pam-configs/mkhomedir-security-misc by default commit 1eb806a03ef25bb387fa80f45dd6509925437048 Author: Patrick Schleizer Date: Sun Aug 11 10:29:49 2019 +0000 pam_mkhomedir.so umask=006 commit c50eb3c9b07b9e54951eb08206db6d28383f6cdc Author: Patrick Schleizer Date: Sun Aug 11 10:28:55 2019 +0000 add usr/share/pam-configs/mkhomedir-security-misc based on /usr/share/pam-configs/mkhomedir commit 75769151cd7980042357f18c5567adab2a031049 Author: Patrick Schleizer Date: Sat Aug 10 11:37:02 2019 +0000 bumped changelog version commit a2fa18c38159161418edcdaacb1baad215f5d31d Author: Patrick Schleizer Date: Sat Aug 10 07:07:28 2019 -0400 pam_tally2.so deny=100 during testing, due to issues https://github.com/Whonix/security-misc/commit/d17e25272b9b7bbb6abc4dccd500a6b34311a7dd https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/12 commit d17e25272b9b7bbb6abc4dccd500a6b34311a7dd Author: Patrick Schleizer Date: Sat Aug 10 06:06:39 2019 -0400 effectively (not directly) add "required pam_tally2.so debug" to /etc/pam.d/common-account This is required because otherwise something like "sudo bash" would count as a failed login for pam_tally2 even though it was successful. https://bugzilla.redhat.com/show_bug.cgi?id=707660 https://forums.whonix.org/t/restrict-root-access/7658 commit 0f896a9d8d6f7c125311a0e226755f8a00214f3c Author: Patrick Schleizer Date: Sat Aug 10 06:05:37 2019 -0400 add onerr=fail audit to pam_tally2 commit a703865dcf736996a58e6f684fc02f0e9dfa8cc7 Author: Patrick Schleizer Date: Thu Aug 1 12:02:41 2019 +0000 bumped changelog version commit 1fe3036a4903588b89edd82e7097a665271fd27f Author: Patrick Schleizer Date: Thu Aug 1 11:13:43 2019 +0000 readme commit e076470f68dc18908c5ab1889232aaaa0fcb9f3d Author: Patrick Schleizer Date: Thu Aug 1 11:04:58 2019 +0000 renamed: usr/share/pam-configs/usergroups -> usr/share/pam-configs/usergroups-security-misc commit 830111e99aa6f45688c4ba00a7f41ea323f15f2a Author: Patrick Schleizer Date: Thu Aug 1 11:04:22 2019 +0000 split usr/share/pam-configs/security-misc into usr/share/pam-configs/tally2-security-misc usr/share/pam-configs/wheel-security-misc commit 5d0aec1321b4f46f1834ba9ad166d2445a995fbb Author: Patrick Schleizer Date: Wed Jul 31 19:12:27 2019 +0000 bumped changelog version commit 89d32402b2dd2182dc6e7788d41708eaaeeb02c1 Author: Patrick Schleizer Date: Wed Jul 31 14:52:29 2019 -0400 fix, do not use "," inside /usr/share/pam-configs files commit 4a6f87f3fa104f0e0a62809fe08f7d07d15dd9f7 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Jul 31 18:33:28 2019 +0000 Update control commit 5a4ea39566621431e931d5bc09957e04f18bbeee Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Jul 31 18:30:57 2019 +0000 Create blacklist-bluetooth.conf commit 864de10659d0145ae8883b98b1746a7debc9492a Author: Patrick Schleizer Date: Wed Jul 31 15:17:51 2019 +0000 bumped changelog version commit 47368ae4fccc85ab3197f07316b03c123187f9a2 Author: Patrick Schleizer Date: Wed Jul 31 15:15:30 2019 +0000 readme commit c09fb208d163be4ff7ace9f41cfee03147018cd8 Author: Patrick Schleizer Date: Wed Jul 31 07:44:50 2019 +0000 bumped changelog version commit ac1220e14bd9428420cf01ef68e5acb690b6afa4 Author: Patrick Schleizer Date: Wed Jul 31 07:32:59 2019 +0000 depend on sudo so group sudo exists during postinst commit 09f75fb1ff03d7a95951a0f6bcb9d84f1744b583 Author: Patrick Schleizer Date: Wed Jul 31 07:32:36 2019 +0000 description commit 2ad087dcd9e4fd3e747a47577b9d4ba1088d6a33 Author: Patrick Schleizer Date: Wed Jul 31 07:30:40 2019 +0000 description commit 404f597c0aaddeef3c8c555d2d7f5a9993f9e512 Author: Patrick Schleizer Date: Wed Jul 31 07:29:42 2019 +0000 description commit c921872016672073927fce34ed764263c8d6db5b Author: Patrick Schleizer Date: Wed Jul 31 07:27:13 2019 +0000 description commit 39e1b1c5f0622c062f12c532400ca170d3eb789f Author: Patrick Schleizer Date: Wed Jul 31 07:26:25 2019 +0000 update file path commit cf906687561acee7f61fdf100b801d670a74a94f Author: Patrick Schleizer Date: Wed Jul 31 03:25:02 2019 -0400 lock user accounts after 5 failed authentication attempts using pam_tally2 commit 3e29761560085f9e3d84250e29a2ea5e34766432 Author: Patrick Schleizer Date: Wed Jul 31 03:17:06 2019 -0400 debug at the end commit 5cdb3edb321046bf9dc09e91665e63faf16e9786 Author: Patrick Schleizer Date: Wed Jul 31 03:16:41 2019 -0400 usr/share/pam-configs/wheel -> usr/share/pam-configs/security-misc commit 031a1c8751504b00f131fd8d518f59b975353369 Author: Patrick Schleizer Date: Mon Jul 22 01:16:18 2019 +0000 bumped changelog version commit f38f307b37d2efb036c5b4e85f48921b0acfadeb Merge: 8c538ba b2582fb Author: Patrick Schleizer Date: Sun Jul 21 09:12:33 2019 -0400 Merge remote-tracking branch 'origin/master' commit b2582fbd4c2364c7bca95b4038eec2ef2a2fae41 Merge: 8c538ba 077899c Author: Patrick Schleizer Date: Sun Jul 21 12:40:37 2019 +0000 Merge pull request #26 from fepitre/fix-files Fix files commit 077899c23d518416cd9ee801a3607585d3a51aab Author: Frédéric Pierret (fepitre) Date: Sun Jul 21 11:23:06 2019 +0200 Add .gitignore commit 5fbe7537613a2034d80983e095cdd8d2971b1bcc Author: Frédéric Pierret (fepitre) Date: Sun Jul 21 11:19:35 2019 +0200 spec: update %files section QubesOS/qubes-issues#1885 commit 8c538ba318e5524d07034f2f718e4b5ae483176d Author: Patrick Schleizer Date: Wed Jul 17 21:38:26 2019 +0000 bumped changelog version commit 1c7441ddf194fd54f40f1b0d16c408fd29d49b9e Author: Patrick Schleizer Date: Wed Jul 17 21:16:14 2019 +0000 alias /etc/securetty -> /etc/securetty.security-misc, commit 940054d53ff9b7027f414268370245627675a60a Author: Patrick Schleizer Date: Wed Jul 17 21:08:23 2019 +0000 bumped changelog version commit 08d37471d486f13aebeb2c355280f3b207eb044b Author: Patrick Schleizer Date: Wed Jul 17 21:06:17 2019 +0000 readme commit c0a4a10d6b89000735227f51464cc1ce76f8419b Author: Patrick Schleizer Date: Wed Jul 17 21:05:11 2019 +0000 description commit 7352b2ac31d7fde7e15da044c7f7279d7eddc8ae Author: Patrick Schleizer Date: Wed Jul 17 21:03:54 2019 +0000 description commit b153e8f7df1f2a8e815b910aa6962ae3abe80755 Author: Patrick Schleizer Date: Wed Jul 17 21:02:48 2019 +0000 fix path commit 4bf2360b9579b12775487e4215af5afa1c180f04 Author: Patrick Schleizer Date: Wed Jul 17 21:02:27 2019 +0000 description commit 9f2e300e72263380a0a99e59efe636652f4a8ce1 Author: Patrick Schleizer Date: Wed Jul 17 20:48:33 2019 +0000 description commit d044780c04e0bcfc9d91a0cf6fc26d9f778bb50d Author: Patrick Schleizer Date: Wed Jul 17 20:42:14 2019 +0000 description commit 75e5714d183b8ad08bc7a96643b2a38727620530 Author: Patrick Schleizer Date: Wed Jul 17 20:40:01 2019 +0000 description commit 8c2f983578a0af63258bfe7e2b95f230e43df860 Author: Patrick Schleizer Date: Wed Jul 17 20:39:42 2019 +0000 description commit 2299ed041f101f1fa9711d83a31ad6e8d07d3023 Author: Patrick Schleizer Date: Wed Jul 17 20:36:51 2019 +0000 passwordless recovery / emergency console https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211 https://salsa.debian.org/ah/user-setup/commit/bc5ca2de85ec27845d0b46059cb7cc02bae7b44d https://forums.whonix.org/t/restrict-root-access/7658/46 commit 50036b2934410b57936a4909d022d436cd27cdfc Author: Patrick Schleizer Date: Wed Jul 17 19:13:57 2019 +0000 bumped changelog version commit 3f9437f1ecfd292f06ce021f12cb5430da280f84 Author: Patrick Schleizer Date: Wed Jul 17 14:25:19 2019 -0400 Revert "set back to default group "root" rather than group "sudo" membership required to use su" This reverts commit 2f276cdb10aedf0d30c01d25e50b17cac7d1c62c. commit 1b772c6a9aac9e6c203c0c89b49e589a2b6e83d3 Author: Patrick Schleizer Date: Tue Jul 16 19:45:52 2019 +0000 bumped changelog version commit 2499ae0890bb524d3756e6135d5d6986e74210ed Author: Patrick Schleizer Date: Tue Jul 16 07:28:50 2019 -0400 description commit d0124b24d19e0c34c23931bd252ccffe2f786b3d Author: Patrick Schleizer Date: Tue Jul 16 07:27:56 2019 -0400 description commit 4b604bbb240d5fb32428ef0aafde3d6646752d31 Author: Patrick Schleizer Date: Mon Jul 15 13:26:47 2019 +0000 bumped changelog version commit f21fa8d95d19665e1cb1320062007472284bd9b8 Author: Patrick Schleizer Date: Mon Jul 15 13:03:30 2019 +0000 readme commit 5c741d2149f12554e63d0fcb0d129cbbdad66569 Author: Patrick Schleizer Date: Mon Jul 15 13:02:30 2019 +0000 shuffle commit d247b7534b9e3a161fdba296c32dd85b7e91a665 Author: Patrick Schleizer Date: Mon Jul 15 13:01:46 2019 +0000 sort description by categories commit 168ea5a660561fdaa438fdf88f6cecf1f2677324 Author: Patrick Schleizer Date: Mon Jul 15 08:48:17 2019 -0400 shuffle commit 2f276cdb10aedf0d30c01d25e50b17cac7d1c62c Author: Patrick Schleizer Date: Mon Jul 15 08:44:28 2019 -0400 set back to default group "root" rather than group "sudo" membership required to use su since root login will be locked by default anyhow Thanks to @madaidan for providing the rationale! https://forums.whonix.org/t/restrict-root-access/7658/42 commit 6d1e8ac9a4657bb3d49a9674ce3a1500350d4bba Author: Patrick Schleizer Date: Sun Jul 14 11:16:49 2019 +0000 description commit ffb61f43ea8011d71cf9c5bba1e277a2f825eea7 Author: Patrick Schleizer Date: Sun Jul 14 11:11:59 2019 +0000 fix, add 'group=sudo' and 'debug' for debugging https://forums.whonix.org/t/restrict-root-access/7658 commit 1731196c9fda93233917bcf6dba48834be03a448 Author: Patrick Schleizer Date: Sat Jul 13 18:51:32 2019 +0000 bumped changelog version commit 6af2d7facb391724d48dece28c1a34f4aaaf3929 Author: Patrick Schleizer Date: Sat Jul 13 18:12:25 2019 +0000 copyright commit 75f0ca565d10fd1c02800387d52b1db8a039ecc8 Author: Patrick Schleizer Date: Sat Jul 13 18:12:04 2019 +0000 set -e commit c389e13e1a6143fb69dbd57e4c2e5a80aa8cbf84 Author: Patrick Schleizer Date: Sat Jul 13 17:59:49 2019 +0000 use pre.bsh commit 7afddb028f423254adcd6026aaf12627cebbee17 Author: Patrick Schleizer Date: Sat Jul 13 16:30:39 2019 +0000 bumped changelog version commit c13485f532203dbb3675d367be3bc16811719442 Author: Patrick Schleizer Date: Sat Jul 13 16:29:10 2019 +0000 readme commit ea90f95f1c7b8200db222e42a5f72221212a71e1 Author: Patrick Schleizer Date: Sat Jul 13 16:26:40 2019 +0000 cleanup commit ea8b22ee78439a3cd5f7305f9588940320740ab9 Author: Patrick Schleizer Date: Sat Jul 13 16:26:14 2019 +0000 shuffle commit ca7e0e0161d6eaa2a166d7a7a26e5577f5a4dd6a Author: Patrick Schleizer Date: Sat Jul 13 16:25:08 2019 +0000 description commit ffb5a9c48201dc38a886cbd26753ff56b1ed832a Author: Patrick Schleizer Date: Sat Jul 13 16:23:39 2019 +0000 formatting commit 41675ddcff4d561282db9b43d2d9f993a39600c8 Author: Patrick Schleizer Date: Sat Jul 13 16:21:34 2019 +0000 removed: The amount of hashing rounds used by shadow is bumped to 65536. This increases the security of hashed passwords. Since we do not do that currently. https://forums.whonix.org/t/restrict-root-access/7658/37 commit 3f031a297dc2d54346e9c9b3d566c3fa3a469240 Author: Patrick Schleizer Date: Sat Jul 13 16:20:14 2019 +0000 Removes read, write and execute access for others for all users who have home folders under folder /home by running for example "chmod o-rwx /home/user" during package installation or upgrade. This will be done only once per folder in folder /home so users who wish to relax file permissions are free to do so. This is to protect previously created files in user home folder which were previously created with lax file permissions prior installation of this package. commit 4740e8b3357914aee16079b980b8861376cd222c Author: Patrick Schleizer Date: Sat Jul 13 16:13:55 2019 +0000 cleanup commit 834fcc4671a50f10426a62cb5986d79f991903b8 Author: Patrick Schleizer Date: Sat Jul 13 15:17:16 2019 +0000 bumped changelog version commit e9eb38b5dbbddffb12103c14edc3745e239365a5 Author: Patrick Schleizer Date: Sat Jul 13 15:04:09 2019 +0000 formatting commit e2b626870221971b1f6202dbb8eb0f9b0b0654ec Author: Patrick Schleizer Date: Sat Jul 13 14:58:47 2019 +0000 bumped changelog version commit 1d8a0dbec7ca5418b1c4fa70ae14a063c94bd119 Author: Patrick Schleizer Date: Sat Jul 13 14:57:51 2019 +0000 remove no longer shipped files in etc/pam.d/* commit 8e5d45352eaacd9ee4ae1357efb7d4f393dedf9b Author: Patrick Schleizer Date: Sat Jul 13 14:55:31 2019 +0000 bumped changelog version commit cb668459e81d74baf28ac43173bb50c7210e37a4 Author: Patrick Schleizer Date: Sat Jul 13 10:35:10 2019 -0400 port umask from /etc/pam.d to /usr/share/pam-configs implementation https://forums.whonix.org/t/change-default-umask/7416 commit ac25733de871b0da5ef42e2e0283a44d94ac3112 Author: Patrick Schleizer Date: Sat Jul 13 14:01:53 2019 +0000 remove etc/pam.d/common-password.security-misc rounds=65536 due to unclean implementation, see: https://forums.whonix.org/t/restrict-root-access/7658/37 commit 69b97981f3b5e4efc75954d6957659f1bb8e7d18 Author: Patrick Schleizer Date: Sat Jul 13 12:33:51 2019 +0000 convert etc/pam.d/su.security-misc to usr/share/pam-configs/wheel https://forums.whonix.org/t/restrict-root-access/7658/32 commit 4079632d1aed4f3e50ea21de674a9b6d537d3e05 Author: Patrick Schleizer Date: Sat Jul 13 11:41:37 2019 +0000 remove modifying to /etc/pam.d directly (unrelased) config-package-dev displace /etc/securetty remove trailing spaces https://forums.whonix.org/t/restrict-root-access/7658/31 commit cdb7c6f7eb8e61bd203c9a4cb755da0b97cc9a3d Author: Patrick Schleizer Date: Thu Jul 11 18:28:04 2019 +0000 bumped changelog version commit aee6b346359db4973fdc80d565f7a6972bb884a0 Author: Patrick Schleizer Date: Thu Jul 11 18:26:17 2019 +0000 fix lintian warning commit a40a04aaec0c30ceb47266a3f9b2b714e9b89888 Merge: f5356ce 93190eb Author: Patrick Schleizer Date: Thu Jul 11 14:08:30 2019 -0400 Merge remote-tracking branch 'origin/master' commit 93190ebf1019f76b73cf0f1e4491f15fd36bcae1 Merge: f5356ce 1aee08f Author: Patrick Schleizer Date: Thu Jul 11 18:08:01 2019 +0000 Merge pull request #25 from madaidan/patch-20 Improve documentation of blacklisting uncommon network protocols commit 1aee08fa5e46cbd9439c36df9bcbb7a513270e1b Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Jul 11 15:30:09 2019 +0000 Update control commit b63d4ccb41d6c4942faa8ec5e2b8de8cffacd03e Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Jul 11 15:28:56 2019 +0000 Update uncommon-network-protocols.conf commit 853c2eb37786b1f625d5b54a54cf16fc09e1b367 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Jul 11 15:26:14 2019 +0000 Update control commit f5356cee2c6c09aa08ca1a8675501657c1d1b37c Author: Patrick Schleizer Date: Thu Jul 11 07:16:38 2019 +0000 bumped changelog version commit bea98474ba8a189b4c174ce6613547b8f377de68 Author: Patrick Schleizer Date: Thu Jul 11 07:07:21 2019 +0000 chmod +x usr/lib/security-misc/panic-on-oops commit 0057c0dd8c4d4b85f07949c1c1e61608769e82f1 Author: Patrick Schleizer Date: Thu Jul 11 07:07:01 2019 +0000 fix lintian warning commit 2a893c0562438aaf0c34a25538a8e21bb11ba197 Merge: 3df6a44 a54500c Author: Patrick Schleizer Date: Thu Jul 11 06:50:35 2019 +0000 Merge remote-tracking branch 'origin/master' commit a54500c6f18719520ae66c335870d3e8f03e9e14 Merge: 7d3a615 1e4d349 Author: Patrick Schleizer Date: Thu Jul 11 06:41:37 2019 +0000 Merge pull request #23 from madaidan/patch-18 Blacklist more uncommon network protocols commit 7d3a61564dc01b899466defe957a7bc65d38dc89 Merge: 3df6a44 932524c Author: Patrick Schleizer Date: Thu Jul 11 06:41:08 2019 +0000 Merge pull request #24 from madaidan/patch-19 Move disable-coredumps.conf to correct position commit 932524cbd1b15df06bd4e395dc391dd489ba100f Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Jul 10 15:28:48 2019 +0000 Move disable-coredumps.conf to correct position commit 1e4d3495167c0305ec1fce8568658a06750df674 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Jul 10 14:28:39 2019 +0000 Update control commit 4058e283a542900e7c8bcc060012d7c33964e36a Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Jul 10 14:27:19 2019 +0000 Blacklist more uncommon network protocols commit d70440aaeda5f1a1ab0459d02f5f5e56c808bbde Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Tue Jul 9 21:57:37 2019 +0000 Remove duplicate commit a8b44c75f9ca6df1460ce0feca647f2f370f8833 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Tue Jul 9 21:57:07 2019 +0000 Update control commit 2d27bdd808374a71cd9d7187326be99420411583 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Tue Jul 9 21:55:37 2019 +0000 Blacklist more uncommon network protocols commit 3df6a44e98e93ecea6c6b6fa00c7fb05cbcfc0a5 Author: Patrick Schleizer Date: Tue Jul 9 06:56:23 2019 -0400 also allow members of group sudo to run /usr/lib/security-misc/panic-on-oops commit 5fb500ac32a8935ef989770b2b9d17df4fa1698c Merge: 8793708 e4bb770 Author: Patrick Schleizer Date: Tue Jul 9 06:55:27 2019 -0400 Merge remote-tracking branch 'origin/master' commit e4bb77037e9327eea7b8fd92961192613d6e0763 Merge: a9441e7 0f15303 Author: Patrick Schleizer Date: Tue Jul 9 10:54:48 2019 +0000 Merge pull request #21 from madaidan/patch-16 Make the kernel panic on oopses commit 0f15303eb4dd5701cae5b3985be47918e2e4700a Merge: 45f8102 a9441e7 Author: Patrick Schleizer Date: Tue Jul 9 10:54:24 2019 +0000 Merge branch 'master' into patch-16 commit 8793708906d037746a2e946177d8a4d1884b391a Merge: 50c00fc a9441e7 Author: Patrick Schleizer Date: Tue Jul 9 03:23:26 2019 -0400 Merge remote-tracking branch 'origin/master' commit a9441e7be4794e88f782f1ff5dd95f00e3928279 Merge: 50c00fc 24b326d Author: Patrick Schleizer Date: Tue Jul 9 07:21:47 2019 +0000 Merge pull request #22 from madaidan/patch-17 Restrict access to the root account commit 24b326d906375bb543b936936519231f51154dcd Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Jul 8 23:24:41 2019 +0000 Update control commit 24d9eadcb267b34ce31981d841e58d4e2c769793 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Jul 8 23:19:59 2019 +0000 Use 65536 hashing rounds commit 86117d957763a4dd07fb9a84c07a2934a02d32f8 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Jul 8 23:19:19 2019 +0000 Create common-password.security-misc commit 8ad9a54b094a4a15ef726f513e38c953cc247b80 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Jul 8 23:17:17 2019 +0000 Don't allow root login from a terminal commit 890298a3c882000a8351186521e9c1852dec298a Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Jul 8 23:15:56 2019 +0000 Restrict su to users in the root group commit 38099a2a5d830a522fd51b9d9953ae47a14c5289 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Jul 8 23:11:17 2019 +0000 Create su.security-misc commit 45f8102d565512938e5c533ffcd4cc06ea68b580 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Jul 8 23:04:47 2019 +0000 Update control commit 2a1742705563c264b3ea634345373cce2986d283 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Jul 8 23:01:30 2019 +0000 Create security-misc commit 4ac700ded0cca668f585ea466e167f055783e28d Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Jul 8 22:59:39 2019 +0000 Create 50panic_on_oops commit 52c61011d4000b49edb0783fcca05952b0da7ee2 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon Jul 8 22:58:56 2019 +0000 Create panic-on-oops commit 50c00fcfa13b436e0bba4e1065f0bf94605c1654 Author: Patrick Schleizer Date: Mon Jul 8 00:23:52 2019 +0000 bumped changelog version commit 223b6918339dc53b8ff8499d3d52210ee07e24a8 Author: Patrick Schleizer Date: Sun Jul 7 23:39:58 2019 +0000 add 'Depends: libpam-cgfs' https://forums.whonix.org/t/change-default-umask/7416/30?u=patrick commit d31a16f264ea23a2fc890ffd6664deac3f4c4bdf Author: Patrick Schleizer Date: Sun Jul 7 23:00:27 2019 +0000 bumped changelog version commit 673aab6bc2b41d1a0d1829ce200d7b5c3d9e7067 Author: Patrick Schleizer Date: Sun Jul 7 22:18:47 2019 +0000 shut up pam-auth-update commit 67ff83262bd74d467cd92e8a15d13e0c4ca38b5b Author: Patrick Schleizer Date: Sun Jul 7 21:31:56 2019 +0000 move to pam-auth-update --force --package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog. commit 8399a1136788dfbbfd5dfb5c11356776e90326cc Author: Patrick Schleizer Date: Sun Jul 7 21:11:08 2019 +0000 bumped changelog version commit d4c79cce69d454202304a7d8369fa7b0f1c50946 Author: Patrick Schleizer Date: Sun Jul 7 21:09:26 2019 +0000 add "Depends: libpam-runtime" so pam-auth-update is available for Debian maintainer script commit f68b96241c6afc7dffa8831f35d38bf1bf49508a Author: Patrick Schleizer Date: Sun Jul 7 21:08:28 2019 +0000 comment commit 91fb21aafbab4811ac2055decae0fc58f624c259 Author: Patrick Schleizer Date: Sun Jul 7 16:51:40 2019 -0400 Due to error: Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so run: pam-auth-update --package from Debian maintainer scripts commit e543c4bf82568dbe00cbeaa850c9f09dd9166e32 Author: Patrick Schleizer Date: Sun Jul 7 16:37:46 2019 -0400 apparmor fixes (this broke whonixcheck apparmor profile) commit 8f4a5f33b9aaaec95d834bb2d6b65c8bcd995e03 Author: Patrick Schleizer Date: Sun Jul 7 09:39:12 2019 +0000 bumped changelog version commit 3558a9949fe9924d027b267152125b33e25085c8 Author: Patrick Schleizer Date: Sun Jul 7 09:37:25 2019 +0000 Enable APT seccomp sandboxing. Thanks to @torjunkie for the suggestion! https://forums.whonix.org/t/apt-seccomp-bpf-sandboxing/7702 commit 93e81b433036ef2f226d0a2b1422034aba54ea3a Author: Patrick Schleizer Date: Sat Jul 6 13:56:28 2019 +0000 bumped changelog version commit 3cd1a5ec094cff0151c888418b7b14d5413eb353 Author: Patrick Schleizer Date: Sat Jul 6 13:56:00 2019 +0000 fix lintian warning commit b73cdfd7cc3918633459315f5d9867f6a8798208 Author: Patrick Schleizer Date: Sat Jul 6 13:53:10 2019 +0000 bumped changelog version commit 7b0b9da32c660e527741a56543c78ee3ac93d541 Merge: 6df7b3c 649878f Author: Patrick Schleizer Date: Sat Jul 6 07:06:54 2019 -0400 Merge remote-tracking branch 'origin/master' commit 649878fdcb81ac621af9bc1481a3b6b41d3e22a0 Merge: 6df7b3c 8888147 Author: Patrick Schleizer Date: Sat Jul 6 11:06:25 2019 +0000 Merge pull request #20 from madaidan/patch-15 Blacklist HDLC and use "install" for blacklisting firewire/thunderbolt commit 8888147e1e1102fa852dce14c3ca1cb91cd1ff3b Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Jul 4 14:26:31 2019 +0000 Update control commit 46409be8b664db730113b4495ef69bee0f41c53a Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Jul 4 14:25:28 2019 +0000 Use install instead of blacklist commit eb7eaffba1f437763773b5c7f2b44ef51684ddcd Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Jul 4 14:24:44 2019 +0000 Blacklist n-hdlc commit 6df7b3c295352d0d05070b3c0faf2a14e71b1264 Author: Patrick Schleizer Date: Mon Jul 1 15:23:49 2019 +0000 bumped changelog version commit f82731698c20028531de673903faca10aa136416 Author: Patrick Schleizer Date: Mon Jul 1 14:53:01 2019 +0000 re-enable PrivateNetwork=true commit 81b38529d92e9bea79db8694200d70b08d3b42a6 Author: Patrick Schleizer Date: Mon Jul 1 13:58:20 2019 +0000 add copyright for files in etc/pam.d/* commit 552b6edbedfbb346c1738ea3edbad16368780c7b Author: Patrick Schleizer Date: Mon Jul 1 13:51:00 2019 +0000 fix machine readable copyright format commit a05264934b1160f44966e3e0b32e54841b15dd06 Author: Patrick Schleizer Date: Mon Jul 1 13:46:01 2019 +0000 add copyright for etc/login.defs.security-misc commit 48e511347c7d85478b8593e55f061a53aefbafaa Author: Patrick Schleizer Date: Mon Jul 1 13:37:55 2019 +0000 fix lintian warning commit 93c08210545dd77b608515351154bcc16c8464b4 Author: Patrick Schleizer Date: Mon Jul 1 13:35:45 2019 +0000 config-package-dev displace files for change umask https://forums.whonix.org/t/change-default-umask/7416 commit a73f0566e978afb6d5b9693bf432a2496bedd61f Author: Patrick Schleizer Date: Mon Jul 1 13:25:23 2019 +0000 change default umask to 006 session optional pam_umask.so usergroups https://forums.whonix.org/t/change-default-umask/7416/17 commit 41b61e32776c15a8dcde4479841b71c7e9ca28d4 Author: Patrick Schleizer Date: Mon Jul 1 13:24:29 2019 +0000 revert to Debian buster original commit 88a78b1c87e8419bbb70daa77f7ddfb2332668ae Merge: 24cc8e3 8c60e7c Author: Patrick Schleizer Date: Mon Jul 1 09:21:05 2019 -0400 Merge remote-tracking branch 'origin/master' commit 8c60e7c67f692aa9e70316bdde29cdc41eff2a75 Merge: 24cc8e3 cfaafe4 Author: Patrick Schleizer Date: Mon Jul 1 13:20:21 2019 +0000 Merge pull request #18 from madaidan/patch-14 Change the default umask to 006 commit 24cc8e380df8706cd8e9765d89bd44ac78c58936 Author: Patrick Schleizer Date: Mon Jul 1 03:43:02 2019 -0400 comment out proc-hidepid.service hardening for now since broken in Qubes Debian AppVMs https://forums.whonix.org/t/kernel-hardening/7296/104 commit 0bffc7a9303d0b32427da04694bbefcf6a3104c8 Merge: 3c176ce 344d009 Author: Patrick Schleizer Date: Mon Jul 1 03:08:26 2019 -0400 Merge remote-tracking branch 'origin/master' commit 3c176ce1580a3e5232bc1837b51aa3ec288b809d Author: Patrick Schleizer Date: Mon Jul 1 03:07:14 2019 -0400 allow permissions openat mkdir since required in Qubes Debian templates commit 344d00903250d699fc64d7fa9fad80475ade92e5 Merge: f26ad14 b8f2aee Author: Patrick Schleizer Date: Mon Jul 1 06:39:28 2019 +0000 Merge pull request #19 from madaidan/patch-15 Add licensing to proc-hidepid.service commit b8f2aee905b78034a115e1e2c1d6ecb7fa624122 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 13:22:43 2019 +0000 Add licensing commit cfaafe400cd1f77df12f7f6dc9c9da58595bcbdf Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 13:16:12 2019 +0000 Update control commit eedeaa0e7faf8d9f75d99d037fa80bd5d08c6db3 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 13:12:59 2019 +0000 Update common-session-noninteractive commit a9af85f58529e0dcb154b669bd53aba8333d5634 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 13:12:16 2019 +0000 Update common-session commit 1e1d29cfdedaa01d0180b8ca5a79c6f401728432 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 13:11:31 2019 +0000 Create common-session-noninteractive commit 501901f7c04514c66a4f97f5eb0e523aa55a1094 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 13:10:54 2019 +0000 Change default umask to 006 commit 09a5c27f475ea6947180088b4efb615101fdbf9c Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 13:10:29 2019 +0000 Create common-session commit a319333493ad1839ff7fb1d4b6f43dc719b57844 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 13:09:51 2019 +0000 Create login.defs commit f26ad14d4cab627c04dfa375ac831a3a09c9a165 Author: Patrick Schleizer Date: Sun Jun 30 07:21:58 2019 -0400 bumped changelog version commit b8ace6e3f6a94268e0f63907e62bf968445ae548 Author: Patrick Schleizer Date: Sun Jun 30 07:21:31 2019 -0400 bump commit f3a48009878e0edb033633d609f82a167cd8e616 Author: Patrick Schleizer Date: Sun Jun 30 08:23:51 2019 +0000 bumped changelog version commit 85f61758c5b6d8b6a57d140a9f3795769a3ed183 Author: Patrick Schleizer Date: Sun Jun 30 04:11:38 2019 -0400 fix package description commit e47339706170c92b8db44f014942ea7d94d1ff9e Merge: 24b19c5 ec78a3e Author: Patrick Schleizer Date: Sun Jun 30 04:11:12 2019 -0400 Merge remote-tracking branch 'origin/master' commit ec78a3e42e23a270a245dc254046ac1d7fc6ceec Merge: 9525ff8 67de524 Author: Patrick Schleizer Date: Sun Jun 30 08:10:28 2019 +0000 Merge pull request #17 from madaidan/patch-13 Disable coredumps commit 67de5247c8e7cd68c851a3d62168e9de69000afe Merge: dbfb9e1 9525ff8 Author: Patrick Schleizer Date: Sun Jun 30 08:10:04 2019 +0000 Merge branch 'master' into patch-13 commit 9525ff87c6ae3cd6538a0a8f294e6b8610e79a32 Merge: 24b19c5 22267c8 Author: Patrick Schleizer Date: Sun Jun 30 08:09:23 2019 +0000 Merge pull request #16 from madaidan/patch-12 Mount /proc with hidepid=2 commit dbfb9e1cdf1e042c8985e2e69b7f5f5f1eaed860 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 00:21:46 2019 +0000 Update control commit 024a698249392bdc6ebd362a2c978bc0e02bd55f Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 00:20:38 2019 +0000 Update control commit 230ef34db45c1c7d980abfd8bd4770ec336ae4bf Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 00:19:04 2019 +0000 Create disable-coredumps.conf commit 1bf802f8469a4ffc36cccca1ea6fc6f92ea6af8a Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 00:16:50 2019 +0000 Create coredumps.conf commit f040081a5998fddd1ea4bc30140e41c405842371 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 00:13:52 2019 +0000 Prevent setuid processes from creating coredumps. commit c6b669f1a53bfef08a82994422f9e1b627a937d5 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 30 00:11:13 2019 +0000 Create disable-coredumps.conf commit 22267c895b15e10c98bae365ef2bef12f95454aa Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sat Jun 29 22:30:41 2019 +0000 Update control commit a2c676ed48782f86e8b58d39f8bec4cd37a47cf5 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sat Jun 29 22:28:41 2019 +0000 Update proc-hidepid.service commit dcf57bebf0d28089045a29477f26ad35d1041392 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sat Jun 29 22:27:24 2019 +0000 Create proc-hidepid.service commit 24b19c597685233e3ebc7a5200bf929319f8a63f Author: Patrick Schleizer Date: Sat Jun 29 10:35:13 2019 +0000 bumped changelog version commit befa03fea80c53bac3c4b1bb530be2f965ce6157 Author: Patrick Schleizer Date: Sat Jun 29 10:34:48 2019 +0000 fix lintian warning commit 250919b821a00c93ee4fe7d92f6f3ed812110aac Merge: ecf5d80 60e6dfc Author: Patrick Schleizer Date: Sat Jun 29 06:06:02 2019 -0400 Merge remote-tracking branch 'origin/master' commit 60e6dfcbff08dd4526e60c3302741e40d98c8b3e Merge: ecf5d80 9e9c854 Author: Patrick Schleizer Date: Sat Jun 29 10:05:34 2019 +0000 Merge pull request #15 from madaidan/patch-11 Update control commit 9e9c854d274d7322759a9e5d2c49bcbd60e63e0d Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Fri Jun 28 11:34:35 2019 +0000 Update control commit b26d861dffdbca124322cbfbda99ab71a3142e06 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Fri Jun 28 11:33:48 2019 +0000 Update control commit ecf5d80fdf0e8f997afa88f8d788a7df88008afc Author: Patrick Schleizer Date: Fri Jun 28 07:20:53 2019 +0000 bumped changelog version commit 36c2b1d28391ac2ea0f995fd0a348eecbe833a6c Author: Patrick Schleizer Date: Fri Jun 28 07:18:30 2019 +0000 fix lintian warning commit a978fe10001a8c1a9a6a3179d9fc5dc9ed433bc2 Author: Patrick Schleizer Date: Fri Jun 28 07:17:35 2019 +0000 chmod +x usr/lib/security-misc/remove-system.map commit fe69dc6173e8a3e45ff7996597e9e50f09033279 Author: Patrick Schleizer Date: Fri Jun 28 07:09:35 2019 +0000 bumped changelog version commit 6a6afc347ad80bd133438a27e2dc64a1b54c784a Author: Patrick Schleizer Date: Fri Jun 28 03:02:49 2019 -0400 update files list commit ccb89cfd5574ed5a7b3802edc3bf188250edfddd Merge: 0a0be1a ab31223 Author: Patrick Schleizer Date: Fri Jun 28 03:00:21 2019 -0400 Merge remote-tracking branch 'origin/master' commit ab312235ba89d62b7b83c26f8e9b8a8ff0ec985b Merge: 5e02100 3801a53 Author: Patrick Schleizer Date: Fri Jun 28 06:59:16 2019 +0000 Merge pull request #14 from madaidan/patch-10 Add some hardening for other distributions commit 5e02100e34776bf410ba05d7a3f7ee7f696ca0fc Merge: 7e12e16 b809185 Author: Patrick Schleizer Date: Fri Jun 28 06:58:32 2019 +0000 Merge pull request #13 from madaidan/patch-9 Remove System.map and restrict the SysRq key. commit 7e12e16dc0513f0a6936e576e3c8fa8ee44509d2 Merge: 0a0be1a 641407c Author: Patrick Schleizer Date: Fri Jun 28 06:57:42 2019 +0000 Merge pull request #11 from madaidan/patch-7 Protect against DMA attacks commit 3801a53a9e01aafa3783276059a7907f5b20b96e Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Jun 27 18:17:58 2019 +0000 Update tcp_hardening.conf commit c54125270b44140b9ecfe0420205ac685b2a3505 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Jun 27 18:15:57 2019 +0000 Create dmesg_restrict.conf commit b8091850082fe1b956d6cff11fc7aa17786e693e Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu Jun 27 16:09:52 2019 +0000 Update remove-system-map.service commit 9392c8deb2657d3ff2c3734fb8bf1863d4e2a2d7 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Jun 26 15:03:54 2019 +0000 Update remove-system.map commit 8ef0db17e6a9c066b50a021292aab80a7523cbb6 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Wed Jun 26 12:59:45 2019 +0000 Use a for loop to detect if System.map exists commit 3116a56f1353681fbb97d4e7f92ee069f2577b33 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Tue Jun 25 19:25:32 2019 +0000 Create remove-system-map.service commit 382e336f69097f3baa7693da6aaf8833b05cf322 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Tue Jun 25 19:20:27 2019 +0000 Create remove-system.map commit 01c839c815b7f8c16c231bbd72da1673ad88fdb7 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Tue Jun 25 19:16:43 2019 +0000 Restrict what the SysRq key can do commit 0a0be1ad2889182b15d5851740ff43fb75773571 Author: Patrick Schleizer Date: Sun Jun 23 19:57:42 2019 +0000 bumped changelog version commit 7806af14193f195e825678471ba65c64e07d7d0a Author: Patrick Schleizer Date: Sun Jun 23 19:51:53 2019 +0000 readme commit 4e32438d75726014573b35c9b101abf59dfc3ba4 Author: Patrick Schleizer Date: Sun Jun 23 19:47:05 2019 +0000 debian/control syntax fix commit a098b18560e30ef238f693bf8f05933489027dd4 Merge: 2a62899 90d676e Author: Patrick Schleizer Date: Sun Jun 23 19:46:30 2019 +0000 Merge remote-tracking branch 'origin/master' commit 90d676ec1864bd915310673d134d62d10a17a42f Merge: 2a62899 1a07d90 Author: Patrick Schleizer Date: Sun Jun 23 19:45:31 2019 +0000 Merge pull request #12 from madaidan/patch-8 Update control commit 1a07d90ed2da597db6d58c5f2da6dc3b32a8104b Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 23 19:26:03 2019 +0000 Update control commit 2a6289980e07d1d9c263f2d5abfc3b9e37c5054f Author: Patrick Schleizer Date: Sun Jun 23 18:46:52 2019 +0000 syntax fix GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt" https://forums.whonix.org/t/kernel-hardening/7296/70 commit f1147318c04642f355eae96786c26ec1cb53977c Merge: cd73466 aec6da2 Author: Patrick Schleizer Date: Sun Jun 23 18:45:41 2019 +0000 Merge remote-tracking branch 'origin/master' commit aec6da28e9ac4f8289d7b7aaa77bcef2562cda74 Merge: cd73466 2178fb3 Author: Patrick Schleizer Date: Sun Jun 23 18:45:24 2019 +0000 Merge pull request #10 from madaidan/patch-6 Enable more kernel hardening parameters commit 641407c8e9c728429ec86e7c89e431896d88e116 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 23 18:38:50 2019 +0000 Enable IOMMU commit 07c6362f1aff2e151c51aa681a79c3ef650baa6d Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 23 18:34:45 2019 +0000 Blacklist thunderbolt and firewire commit 2178fb37a85808df0c455f7dd76fc72516d6ff28 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun Jun 23 17:54:34 2019 +0000 Add more kernel hardening parameters commit cd7346699c10e258d5af5f51ad56493e98e4eb1a Author: Patrick Schleizer Date: Sun Jun 23 12:22:13 2019 +0000 bumped changelog version commit 60334797d003f63606645220fbc66393eb30cde0 Author: Patrick Schleizer Date: Sun Jun 23 09:00:12 2019 +0000 /etc/sysctl.d/tcp_sack.conf commit d404624bacf220e5545c8e5ffbace937924c77cd Author: Patrick Schleizer Date: Sun Jun 23 08:38:01 2019 +0000 bumped changelog version commit ae50d8134294d3746235d383c18fc187c18717d7 Merge: 5269cfe cd7172c Author: Patrick Schleizer Date: Sun Jun 23 03:59:58 2019 -0400 Merge remote-tracking branch 'origin/master' commit cd7172c00cbf0cb69e159b6159ef0bfff663a507 Merge: 5269cfe 807ac7d Author: Patrick Schleizer Date: Sun Jun 23 07:59:35 2019 +0000 Merge pull request #9 from madaidan/patch-5 Disables SACK. commit 807ac7d65916071e4294f42d62b8b2353255c4bc Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sat Jun 22 16:08:30 2019 +0000 Create tcp_sack.conf commit 5269cfeef99b500e4aa7c883434f3d5554559d16 Author: Patrick Schleizer Date: Fri Jun 21 05:40:04 2019 +0000 bumped changelog version commit 0a5b15ff45dc1b30867b0093d238b95dde7c0810 Merge: ca1aa1e f9dc1b6 Author: Patrick Schleizer Date: Fri Jun 21 04:05:50 2019 +0000 Merge remote-tracking branch 'origin/master' commit f9dc1b6322961ff0e6c7a5be122f9d1031ba87ea Merge: ca1aa1e 2e81885 Author: Patrick Schleizer Date: Thu Jun 20 23:54:58 2019 -0400 Merge pull request #8 from marmarek/packaging qubes-builder integration commit 2e81885f691201e2229dadfd5ec7b554980ac689 Author: Marek Marczykowski-Górecki Date: Fri Jun 21 04:52:01 2019 +0200 Add rpm packaging QubesOS/qubes-issues#1885 commit 27e68a39fe005a58cac02336fc6c468a4b2f5d31 Author: Marek Marczykowski-Górecki Date: Fri Jun 21 04:51:33 2019 +0200 Add Makefile.builder for qubes-builder (Debian) QubesOS/qubes-issues#1885 commit ca1aa1e577179d92f4ec002221b8c4207e6ce1d6 Author: Patrick Schleizer Date: Mon Jun 10 15:42:58 2019 +0000 bumped changelog version commit 8b5e84d76a762b6c8cac8626245d5311afbea221 Author: Patrick Schleizer Date: Sun Jun 9 10:24:53 2019 +0000 cleanup, delete debian/security-misc.maintscript to fix lintian warning commit f9acd890a703ce375ed07ad9e1be2bed019e49a3 Author: Patrick Schleizer Date: Sun Jun 9 10:24:24 2019 +0000 lintian commit 49873e8e0286f7604399c7e857c7714271991956 Author: Patrick Schleizer Date: Sun Jun 9 10:06:58 2019 +0000 solve package file conflict https://github.com/QubesOS/qubes-issues/issues/1885#issuecomment-500200375 commit d5127e716632af2f494e9b41571c44a56a887667 Author: Patrick Schleizer Date: Sat Jun 8 11:32:12 2019 +0000 bumped changelog version commit 9fe58728102f92d0584ef128c53f5e99d3956d92 Author: Patrick Schleizer Date: Sat Jun 8 00:05:35 2019 -0400 fix debian/watch lintian warning debian-watch-contains-dh_make-template commit e7edbe5fb446f869e7b64802038f410c74ce538c Author: Patrick Schleizer Date: Fri May 24 20:48:59 2019 +0000 bumped changelog version commit 6102c571a31c8a166fb306ba9e1a0a4e444c58a8 Author: Patrick Schleizer Date: Fri May 24 12:29:08 2019 -0400 readme commit afb5f5f96500f31864e32af90b2e9bbfd1a9acc1 Author: Patrick Schleizer Date: Thu May 23 22:38:13 2019 +0000 bumped changelog version commit 0a200e09ecf745d23e5e880d521f1aec2a7b25a9 Merge: 65d7eb8 244234c Author: Patrick Schleizer Date: Thu May 23 18:25:47 2019 -0400 Merge remote-tracking branch 'origin/master' commit 244234c8b709a425feed4f3cfb87389f4fb2c6f5 Merge: 65d7eb8 7177c60 Author: Patrick Schleizer Date: Thu May 23 22:25:13 2019 +0000 Merge pull request #7 from madaidan/patch-3 Disable uncommon network protocols commit 7177c6041a9b086a4cb90504a492136b4da732a2 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu May 16 20:30:49 2019 +0000 Create uncommon-network-protocols.conf commit 65d7eb81a6b84afcbf0692265f6d7a4b4599017b Author: Patrick Schleizer Date: Thu May 16 20:25:46 2019 +0000 bumped changelog version commit a2b184e5bb9942aa63a36fb918b203053a53f1e4 Merge: 71bf635 7d7b899 Author: Patrick Schleizer Date: Thu May 16 19:53:27 2019 +0000 Merge remote-tracking branch 'origin/master' commit 7d7b899dd13f7123822bf269a639c68ff5cb737e Merge: 71bf635 b814f33 Author: Patrick Schleizer Date: Thu May 16 19:52:52 2019 +0000 Merge pull request #6 from madaidan/patch-2 Even more kernel hardening commit b814f338b803ae33380551919b00144bb63a53b8 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu May 16 16:33:03 2019 +0000 Update tcp_hardening.conf commit e6794721bd181f8884cd3817b5ae3c6c58747ae7 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Thu May 16 16:29:20 2019 +0000 Update ptrace_scope.conf commit 71bf63511b2cf2ca955900b85a536e4b3adf4c66 Author: Patrick Schleizer Date: Sun May 12 11:08:32 2019 +0000 bumped changelog version commit c040117fe47acad2e5c76baa55d42a6ec9223955 Author: Patrick Schleizer Date: Sun May 12 10:50:34 2019 +0000 lintian commit 26fe4305a1fd072a8608f62a30129ad249203684 Author: Patrick Schleizer Date: Sun May 12 10:48:27 2019 +0000 bumped changelog version commit 06b86229a4e1cc45a9bbe21c9a4c3e2a16fb82dc Author: Patrick Schleizer Date: Sun May 12 02:58:45 2019 -0400 update path to pre.bsh commit 137bc073c5d65988cce832336ebee5c47071e732 Author: Patrick Schleizer Date: Wed May 8 21:38:25 2019 -0400 port to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml https://forums.whonix.org/t/whonix-xfce-development/6213/84?u=patrick commit 3bd4da6794067708f517b099548c0aa2a2b65146 Merge: c80b746 b00a264 Author: Patrick Schleizer Date: Wed May 8 21:32:29 2019 -0400 Merge remote-tracking branch 'origin/master' commit b00a264ce27c48584879d85275a3fa3f19030906 Author: Patrick Schleizer Date: Wed May 8 21:29:36 2019 -0400 Disable thunar-volman by default. commit a4852ad6c8260c68d9c1024e09a9487a8e2e1f61 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon May 6 20:37:53 2019 +0000 Create fs_protected.conf commit 0296e51e06d94cea598fcad3bdbfa165e519a47b Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon May 6 15:46:37 2019 +0000 Create ptrace_scope.conf commit 2923fc96ef9ee96a3149c8b2f781402c65e106b9 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon May 6 15:45:53 2019 +0000 Create tcp_hardening.conf commit 4216299ee847da0bdf4c714451a70b69f5881d8c Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Mon May 6 15:42:55 2019 +0000 Create kexec.conf commit c80b7465bfb9164fb300dea71c38f58672199b17 Author: Patrick Schleizer Date: Mon May 6 09:58:44 2019 +0000 bumped changelog version commit f917c27a197d49b7bcdbfe065fe0696792d05350 Author: Patrick Schleizer Date: Mon May 6 05:51:14 2019 -0400 remove trailing spaces commit 83e12f8e89cf0269daeca36946cdef07e23075b3 Merge: 74cdecf 5177444 Author: Patrick Schleizer Date: Mon May 6 05:50:35 2019 -0400 Merge remote-tracking branch 'origin/master' commit 5177444d624a8a935c461ebe1065d451d2f8da0f Merge: 74cdecf 02e8888 Author: Patrick Schleizer Date: Mon May 6 05:46:03 2019 -0400 Merge pull request #5 from madaidan/patch-1 More kernel hardening commit 02e8888b0bc4f0dfadccbebc9e6e75849d32ba76 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun May 5 20:17:33 2019 +0000 Update 40_kernel_hardening.cfg commit 3695d7491ef8a7af81c0c2aad0babc48ec30af81 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun May 5 14:42:03 2019 +0000 Create 40_kernel_hardening.cfg commit d2ca85c6860322a35ef0eb347c01c9f21dcf144f Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun May 5 14:36:30 2019 +0000 Create mmap_aslr.conf commit 197c1120a9f9f9a38548e4341d12b404fe72fde9 Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun May 5 14:35:42 2019 +0000 Create harden_bpf.conf commit 351db0ef7f0e0eee09496ba56ec13d07ae84761e Author: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun May 5 14:34:41 2019 +0000 Create kptr_restrict.conf commit 74cdecfd6b86c4932be2f3b6677ff023c6d52053 Author: Patrick Schleizer Date: Fri May 3 11:34:25 2019 +0000 bumped changelog version commit 09c35d5da251c190febaeb3437e151612597375d Author: Patrick Schleizer Date: Fri May 3 10:56:56 2019 +0000 update commit db9e60c894c06d316f124659571c4b360e3fc08b Author: Patrick Schleizer Date: Sat Apr 6 12:13:43 2019 +0000 bumped changelog version commit 6ba1fb70d2ae71d2d97752458c9996709e9a74af Author: Patrick Schleizer Date: Fri Apr 5 14:06:00 2019 -0400 port to debian buster commit 811dcee2cb43b7569fc1172fa13d7f4a4aece754 Author: Patrick Schleizer Date: Fri Apr 5 09:26:18 2019 -0400 fix lintian warning commit a985581c68a8f92d9f588d5c2a7b606e8dc220dd Author: Patrick Schleizer Date: Thu Apr 4 05:51:06 2019 -0400 port to debian buster commit db5c3ccde6edcafc5467674176c94008765c0ecc Author: Patrick Schleizer Date: Wed Apr 3 18:05:56 2019 -0400 readme commit 2913acda63b8d2309392ef7af6833a407d7cfa3c Author: Patrick Schleizer Date: Fri Mar 29 10:02:51 2019 +0000 bumped changelog version commit 2ea9957e4c4200f0c729f482acd9c3519e8de2c9 Author: Patrick Schleizer Date: Fri Mar 29 09:03:18 2019 +0000 https://www.whonix.org/wiki/Dev/Licensing commit c5768683f402289456375bb64a40250474005c25 Author: Patrick Schleizer Date: Tue Mar 12 11:36:25 2019 +0000 bumped changelog version commit 811852656e5fdeae19c2a942207e4318c2f9b14d Author: Patrick Schleizer Date: Fri Mar 1 14:32:41 2019 +0000 add improved legal protections clauses The license for software created by Whonix is the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version with additional terms applicable per GNU GPL version 3 section 7. The additional terms are based on the Doom 3 license which is Debian refers to as `GPL-3+-with-id-software-additional-terms`, which is Debian DFSG [1] (The Debian Free Software Guidelines) approved and which is therefore suitable for Debian `main`. Whonix made applied minimal changes to it: * Rewrite `The Doom 3 BFG Edition GPL Source Code` to the more common `this program` which is used throughout the GPL. * Added a "trump clause" [2], in other words, any conflicts or disputes between the additional terms and the GPLv3 shall be resolved in favor of the GPLv3 by adding `Notwithstanding any other provision of this License` (as mentioned in GPL FAQ [3]) at the beginning of the additional terms. [1] https://www.debian.org/social_contract#guidelines [2] https://www.fsf.org/news/canonical-updated-licensing-terms [3] https://www.gnu.org/licenses/gpl-faq.html#v3Notwithstanding For more considerations, see also: https://www.whonix.org/wiki/Dev/Licensing commit 2298d0f6b0a7214ae4f6ecc7a56734905cdb9352 Author: Patrick Schleizer Date: Wed Nov 28 06:33:14 2018 +0000 bumped changelog version commit 63b080f40bab38bdb1c91519b90c3988640970d9 Author: Patrick Schleizer Date: Mon Nov 19 06:27:52 2018 -0500 fix hiding network bookmark in thunar by default Thanks to @Algernon for suggesting the fix! commit daf7fc002b2d946c2946b9effe3fecc5cebe4cf2 Author: Patrick Schleizer Date: Mon Nov 19 03:08:20 2018 -0500 Disables network bookmark by default. commit 2bd6dabc7c523d7680917753e61130cf78d7067e Author: Patrick Schleizer Date: Thu Nov 8 09:55:41 2018 +0000 bumped changelog version commit 0c020af885b3dfb2924102e6cf41a5af114cc140 Merge: f9e1877 6f240c0 Author: Patrick Schleizer Date: Thu Nov 8 09:53:47 2018 +0000 Merge remote-tracking branch 'origin/master' commit 6f240c0c4c88df2946fdd673f833ee05dd8340bb Merge: f9e1877 f84f988 Author: Patrick Schleizer Date: Thu Nov 8 04:53:25 2018 -0500 Merge pull request #4 from Algernon-01/master Enable hidden files and volume management again. commit f84f988118e30a2a3d4d74ed008c1a626c35c365 Author: Algernon-01 <33966997+Algernon-01@users.noreply.github.com> Date: Thu Nov 8 07:22:35 2018 +0000 Enabled hidden files and volume management. commit 5aebf292149cca72cba3416c0de0f927d76d3281 Author: Algernon-01 <33966997+Algernon-01@users.noreply.github.com> Date: Fri Nov 2 10:16:09 2018 +0000 Security and general settings for Thunar. commit f9e18772d72abeb1d14e3dc2740950f91900ee69 Author: Patrick Schleizer Date: Thu Nov 1 07:42:29 2018 +0000 bumped changelog version commit 4ecd32ef9996442532b78ae1d46694d0e452cec0 Author: Patrick Schleizer Date: Wed Oct 31 02:26:13 2018 -0400 description commit 008a97d9e7f891a706a277c8e9bb2e3a958d1e63 Author: Patrick Schleizer Date: Wed Oct 31 02:22:43 2018 -0400 disable previews in thunar commit 256e4bac52d6c93a957ef47d07be2b7a0add8435 Author: Patrick Schleizer Date: Fri Sep 14 13:20:11 2018 +0000 bumped changelog version commit 73e5319711b897beb8fecae57f7552d764e438e5 Author: Patrick Schleizer Date: Fri Sep 14 10:46:00 2018 +0000 'Depends: libglib2.0-bin' - contains glib-compile-schemas (required by postinst) commit 64b5e55d8cfc27c56c64b56837e7cf291a5473e0 Author: Patrick Schleizer Date: Mon Aug 27 16:49:44 2018 +0000 bumped changelog version commit 1211aee0206b0d829b1101348b2a9836996ceef9 Author: Patrick Schleizer Date: Tue Aug 21 05:18:37 2018 +0800 readme commit c296cba838f64ad4bf96b281c2e2de410a3db589 Author: Patrick Schleizer Date: Thu Feb 1 15:18:55 2018 +0000 bumped changelog version commit edbf198a930de31a1423b962979583a1d9775e70 Author: Patrick Schleizer Date: Mon Jan 29 15:50:36 2018 +0000 readme commit 6b94612ca4e29921186c1d9e26bf7dcd887cd13a Author: Patrick Schleizer Date: Mon Jan 29 15:38:57 2018 +0000 update copyright commit 5b3fc2f6b943a50f305299ea0d940ccf13474e1c Author: Patrick Schleizer Date: Mon Jan 29 15:22:05 2018 +0000 update copyright commit c3b6a44e97674fc6553aad33e8d8abd6e8e4df44 Author: Patrick Schleizer Date: Mon Jan 29 15:15:17 2018 +0000 update copyright commit ff28f5932c0fc5ba9eac4bda8e01ccaa71291021 Author: Patrick Schleizer Date: Mon Jan 29 15:09:42 2018 +0000 update copyright commit 674d2d8abf38842d43a1ea10668d860b258c7f70 Author: Patrick Schleizer Date: Thu Dec 21 20:35:29 2017 +0000 bumped changelog version commit 776bf9d6954fd7c33e2743e1d8e6dbd865c954d7 Author: Patrick Schleizer Date: Thu Dec 21 20:26:29 2017 +0000 readme commit 7b2d3c9e2f61e34248aa1192ec5325b544e1124c Author: Patrick Schleizer Date: Wed Jul 26 14:37:34 2017 +0000 bumped changelog version commit dc2c9a9992551f5967e09b31a90721a9aadaf962 Merge: 61bd4d0 91ff0c2 Author: Patrick Schleizer Date: Tue Mar 14 13:43:18 2017 +0000 Merge remote-tracking branch 'origin/master' commit 91ff0c2571b41710440006e770b8295c03b3a295 Merge: 61bd4d0 6e5e5d6 Author: Patrick Schleizer Date: Tue Mar 14 13:42:37 2017 +0000 Merge pull request #2 from HulaHoopWhonix/patch-2 Update README.md commit 6e5e5d6ea65a0fee4c76e5ad74c444344ff1f462 Author: HulaHoopWhonix Date: Tue Mar 14 13:11:44 2017 +0000 Update README.md commit 61bd4d05b76088657e392cb311983617b8a68750 Author: Patrick Schleizer Date: Mon Mar 6 16:16:32 2017 +0000 bumped changelog version commit 99bb1e877ec84bf7d3c6873f0369aed2fb92be4b Author: Patrick Schleizer Date: Mon Mar 6 15:00:33 2017 +0000 "$@" commit f6bc1884855d84599ee731f694e0073f1df73ce1 Author: Patrick Schleizer Date: Tue Feb 28 15:22:54 2017 +0100 comment commit 18e23af784e69e1bd40725a23acac9aaa3b167ab Author: Patrick Schleizer Date: Mon Feb 27 23:59:37 2017 +0000 cleanup commit 6195450eb2721d987f185f127a5435e8c7f798cc Author: Patrick Schleizer Date: Mon Feb 27 23:57:04 2017 +0000 No longer ignore duplicate apt sources in apt-get-wrapper. No longer acceptable because these generate lots of noise in the terminal. commit 191918027c1971bfb871abb438c4917e5b98bb74 Author: Patrick Schleizer Date: Mon Feb 27 23:43:02 2017 +0000 adjust apt-get-wrapper for Debian stretch's apt-get commit 2130b4c654ae5e3f94e7febe00a47e3969858770 Author: Patrick Schleizer Date: Mon Feb 27 23:16:32 2017 +0000 use python rather than unbuffer because unbuffer eats exit code when process is killed commit cc351165dc78a8b7158a2b9bfdd9e4f0b3866239 Author: Patrick Schleizer Date: Mon Feb 27 19:36:38 2017 +0000 apt-get-wrapper: - fix exit code handling - code simplification commit 1fb48e3548499d8a2891ec40314ffad8b6f1811e Author: Patrick Schleizer Date: Mon Feb 27 02:04:00 2017 +0000 bumped changelog version commit 966e90ebe2d5cd930ebb9367fdbcd0f8e46a0adb Author: Patrick Schleizer Date: Mon Feb 27 00:17:36 2017 +0000 add missing dependency tcl8.6 (which is required by unbuffer [package expect]) commit 5653b7732ae47b7e8e38e2c363aff4ef724c0484 Author: Patrick Schleizer Date: Sun Feb 26 23:57:17 2017 +0000 fix, show progress during apt-get-wrapper fix, propagate signals to apt-get child process commit 49cde21078ccc9f623add6f587ee719843647ee7 Author: Patrick Schleizer Date: Tue Feb 21 19:54:41 2017 +0000 Whonix 14 KDE plasma 5 fixes https://phabricator.whonix.org/T633 commit 0228e87d477f634d1e1db7c1cf6f213275d40dd9 Author: Patrick Schleizer Date: Sun Feb 19 22:37:10 2017 +0000 minor commit dfe8a569b639dd09ef4cd7f35c05efd7ea080406 Author: Patrick Schleizer Date: Sun Feb 19 22:32:04 2017 +0000 override glib-compile-schemas with || true in postinst https://phabricator.whonix.org/T500 commit 5ba2a5b6ff53df37ad38f082ad86ff2227158d93 Author: Patrick Schleizer Date: Sun Feb 19 22:25:28 2017 +0000 disable previews in nautilus by default for better security copied solution by @unman https://github.com/QubesOS/qubes-issues/issues/1108 https://github.com/QubesOS/qubes-core-agent-linux/pull/39 https://phabricator.whonix.org/T500 commit 91adab0d1bab6c6b31903f1e165944b3f8c8adb1 Author: Patrick Schleizer Date: Fri Feb 17 14:08:56 2017 +0000 bumped changelog version commit c59d15d48f1950697d4e1da13282688f4f483ea5 Author: Patrick Schleizer Date: Wed Feb 15 20:46:22 2017 +0000 Debian stretch / kde plasma5 fix: KDEDIRS -> XDG_CONFIG_DIRS https://phabricator.whonix.org/T633 commit bddbba84a6fad680359bc8eee0c395fcc4d79ca9 Author: Patrick Schleizer Date: Tue Feb 14 17:30:31 2017 +0000 "$@" commit 9b0d3e34fc8e1981cf59b17aed8abcc38052fc61 Author: Patrick Schleizer Date: Tue Feb 14 02:37:08 2017 +0000 add usr/lib/security-misc/apt-get-update-sanity-test a CVE-2016-1252 sanity test script commit 5e076415536e1513463c59dba6e8afc4e90b7f1a Author: Patrick Schleizer Date: Mon Feb 13 17:26:59 2017 +0000 readme commit 0bb059093f7b4940836057b069bbec3a51ed91ac Author: Patrick Schleizer Date: Fri Feb 10 15:47:52 2017 +0000 remove faketime from Build-Depends: since no longer used for reproducible builds commit be8084ad1c136ee4a18cb24abcc0c14c522b8089 Author: Patrick Schleizer Date: Fri Feb 10 15:35:25 2017 +0000 remove debian/gain-root-command workaround commit 90f175e117d9ca2b84072bee129539569143e10c Author: Patrick Schleizer Date: Wed Feb 8 14:26:26 2017 +0000 double apt-get-update wrapper timeout from 120 to 240 seconds since it takes a bit longer than 120 seconds for me on a fast connection commit 1e66e03da14ae2e3f7b315e443836c35f954b84f Author: Patrick Schleizer Date: Sun Jan 15 15:35:31 2017 +0000 bumped changelog version commit d80d576953ccea7f183bfe4b1e13655ebc03e557 Author: Patrick Schleizer Date: Sun Jan 15 13:11:38 2017 +0000 fix lintian warning commit 59633fbc604207947427839004afcbc8c8d5e4d4 Author: Patrick Schleizer Date: Sun Jan 15 08:35:40 2017 +0100 packaging, bumped Standards-Version from 3.9.6 to 3.9.8 for jessie support commit 814d6c5f74dd4808f28a0650909672be62639cd1 Author: Patrick Schleizer Date: Thu Jan 12 02:56:55 2017 +0000 bumped changelog version commit 0cf6524f0fac00c1b9bde836b7e7cc62cb3e41f4 Author: Patrick Schleizer Date: Sun Dec 25 02:33:44 2016 +0000 apt-get-update: implement SIGINIT trap; hide 'ps' output commit c4089d8d4017f713631fbc5f09ccf7047dcb7008 Author: Patrick Schleizer Date: Sun Dec 25 01:36:04 2016 +0000 update path to /usr/lib/security-misc/apt-get-wrapper commit 7b01fb934140afdcd8f7275c92cd557a1080d18e Author: Patrick Schleizer Date: Sun Dec 25 01:35:17 2016 +0000 remove obsolete comments commit 8160cfe1d720707895172a18608366ddd65f9ec6 Author: Patrick Schleizer Date: Sun Dec 25 01:29:31 2016 +0000 moved apt-get-update and apt-get-wrapper from whonixcheck to security-misc commit 7b3ef3a00f28592852ee701d4ce3803348de6999 Author: Patrick Schleizer Date: Sat Dec 10 02:30:50 2016 +0000 bumped changelog version commit 4416ea5cf904b296749ad53a7a04b0b6d40b5bcf Author: Patrick Schleizer Date: Mon Nov 21 17:42:55 2016 +0000 readme commit 6cda8b1496795422d4c0bfcea2ea2bf29c32daa0 Author: Patrick Schleizer Date: Mon Oct 10 16:10:30 2016 +0000 disable conntrack helper for better security https://phabricator.whonix.org/T486 commit 0d66fc60b9ea65e826560986698c11cea7ca4ea6 Author: Patrick Schleizer Date: Mon Apr 25 23:27:58 2016 +0000 bumped changelog version commit 192d1e0cee505a59c5f62d01022562b12ca6646e Author: Patrick Schleizer Date: Mon Apr 25 23:19:54 2016 +0000 /etc/sysctl.d/nf_conntrack_helper.conf disabled for now as it needs more work https://phabricator.whonix.org/T486 commit 492ce128909cfda8645738b092fd9e8722c64aa0 Author: Patrick Schleizer Date: Thu Apr 7 22:54:45 2016 +0000 bumped changelog version commit 9d7ad9e97ed6b341e72ed6d6d2104c840c73b37f Author: Patrick Schleizer Date: Thu Mar 31 15:53:40 2016 +0000 fixed package description and package description linitan warnings commit d5e61eb4b12106f9ee3fdf8938686e89a8c7e465 Author: Patrick Schleizer Date: Thu Mar 31 15:36:59 2016 +0000 added 'Replaces: tcp-timestamps-disable' https://phabricator.whonix.org/T486 commit 7b54755841907c2b86b12eed5035860e17445193 Merge: 10c87b8 be086ae Author: Patrick Schleizer Date: Thu Mar 31 15:35:07 2016 +0000 merged tcp-timestamps-disable package into security-misc package disable conntrack helper for better security https://phabricator.whonix.org/T486 commit be086aea597ff5e4db29f56fa57399c67568d4b6 Merge: 10c87b8 d0eceae Author: Patrick Schleizer Date: Thu Mar 31 15:34:17 2016 +0000 Merge pull request #1 from HulaHoopWhonix/patch-1 Create tcp_timestamps.conf commit d0eceae0c84a42bce4ade28c593fd6ba002a67b9 Author: HulaHoopWhonix Date: Thu Mar 31 03:18:38 2016 +0000 Update README.md commit 989f2f54e22ff676df83463edaca439a4695af49 Author: HulaHoopWhonix Date: Thu Mar 31 03:18:05 2016 +0000 Update control commit c7d88571e48fface5fc24d7d471724303e374f37 Author: HulaHoopWhonix Date: Thu Mar 31 03:16:10 2016 +0000 Update control commit 27200cd98f6d2be7e55765a8d17a075299db7b2e Author: HulaHoopWhonix Date: Thu Mar 31 02:57:15 2016 +0000 Update README.md commit 92d738db56f048f2ee5de0239ddd6ba141373f99 Author: HulaHoopWhonix Date: Thu Mar 31 02:53:12 2016 +0000 Create nf_conntrack_helper.conf commit 5992a7f026b1ee22c1ab82411048b58e89ed0dc2 Author: HulaHoopWhonix Date: Thu Mar 31 02:48:06 2016 +0000 Create tcp_timestamps.conf commit 10c87b84e2d3b0eec7a6a3d283d3b1e02f080e58 Author: Patrick Schleizer Date: Tue Dec 15 21:05:03 2015 +0000 updated README.md commit ba7b06ce302006a12fe7886c4338b5e44a571fa2 Author: Patrick Schleizer Date: Tue Dec 15 04:16:14 2015 +0000 bumped changelog version commit c47f9697b4af46f713e49eb026f1c5ab4b77ad20 Author: Patrick Schleizer Date: Tue Dec 15 04:14:00 2015 +0000 deactivate preview in Nautilus commit 4b7d8a4bd88bd7b8a904d0b48fddf2803457ab47 Author: Patrick Schleizer Date: Tue Dec 15 02:00:39 2015 +0000 bumped changelog version commit d3ccf0eeaf9802fa09e70633efb45dcc2b767cba Author: Patrick Schleizer Date: Tue Dec 15 02:00:24 2015 +0000 initial commit