mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-10-01 08:25:45 -04:00
15969 lines
452 KiB
Plaintext
15969 lines
452 KiB
Plaintext
commit e04f9cd4c17305d5201aa973c34778e81508734b
|
||
Merge: 18d426f 65aa910
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Sep 24 20:16:06 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 65aa910503c07f708abf20f78be2f519ef58764a
|
||
Merge: 18d426f 870ff88
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Sep 24 20:15:03 2024 -0400
|
||
|
||
Merge pull request #272 from raja-grewal/text
|
||
|
||
Documentation update
|
||
|
||
commit 870ff88605b8167c8882162cc3da005d71ca0cd3
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Wed Sep 25 10:01:45 2024 +1000
|
||
|
||
Comment on Flatpak requiring unprivileged user namespaces
|
||
|
||
commit 769767a96a5de2a8bc05e70ca490d8340b553061
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Wed Sep 25 09:54:49 2024 +1000
|
||
|
||
Update mmap ASLR docs
|
||
|
||
commit 18d426f521b2b1369fe68e143dc8a0be064d0dcc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Sep 14 02:56:09 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 3280dbd5d562d7f6b50118ac0da36c3285493be6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Sep 13 22:52:47 2024 -0400
|
||
|
||
Fix VirtualBox audio device ICH AC97.
|
||
|
||
no longer `blacklist snd_intel8x0`
|
||
|
||
Breaks VirtualBox audio device ICH AC97, which is unfortunately still required by some users.
|
||
https://www.kicksecure.com/wiki/Dev/audio
|
||
|
||
Fixes https://github.com/Kicksecure/security-misc/issues/271
|
||
|
||
commit 1bc694fa124eaeb6e1517d2191a8fd97446872c4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Sep 8 17:41:30 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 01908d505a59e7ec37cc3de3e1d49ff35ba127aa
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Sep 5 07:00:11 2024 -0400
|
||
|
||
readme
|
||
|
||
commit e914028be7a48a3bfdf86e09c029011807f080d7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Sep 5 06:03:05 2024 -0400
|
||
|
||
add KSPP compliance status to readme based on comment by @raja-grewal
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/256#issuecomment-2330376651
|
||
|
||
commit 40fb14c654df94e9bdfb30ae55fc3bc4f0a0aef4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Sep 4 14:13:15 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 5a255d4831470449a26b324a8f16594432bf834b
|
||
Merge: d618f9f 563a898
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Sep 4 10:12:34 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 563a8980133e15e33ac95a631e37ecfff88f6f8f
|
||
Merge: 175945e e61027a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Sep 4 10:11:48 2024 -0400
|
||
|
||
Merge pull request #265 from raja-grewal/mmap_min_addr
|
||
|
||
Set `sysctl vm.mmap_min_addr=65536`
|
||
|
||
commit d618f9f35b8e8c6eee1e164a6ec300d63b1ee797
|
||
Merge: 59374ce 175945e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Sep 4 10:07:50 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 175945ec9a28bf1e5b0fa0d2ae2bd6546d6c6172
|
||
Merge: b0a8544 3101035
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Sep 4 10:05:47 2024 -0400
|
||
|
||
Merge pull request #268 from raja-grewal/panic_on_warn
|
||
|
||
Enable `panic_on_warn=1`
|
||
|
||
commit b0a8544182f6ff3c8c3f1068176ff5e9e4f557ef
|
||
Merge: 59374ce 7393ba1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Sep 4 10:04:45 2024 -0400
|
||
|
||
Merge pull request #270 from raja-grewal/typo
|
||
|
||
Small typo
|
||
|
||
commit 7393ba159192fdfc45ef31a3fa60786f899dbf25
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Wed Sep 4 23:23:24 2024 +1000
|
||
|
||
Typo
|
||
|
||
commit 59374ce902127e2125addc2ebb57d0d856a63671
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Aug 29 09:49:51 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 7e2838ec077b53e41d468d5655290152761c8745
|
||
Merge: 9c918eb 0762794
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Aug 29 05:06:07 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 0762794ff684049a62b5b92b61177615a5376ad7
|
||
Merge: 9c918eb 6294729
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Aug 29 04:46:26 2024 -0400
|
||
|
||
Merge pull request #269 from raja-grewal/tidy
|
||
|
||
Minor correction
|
||
|
||
commit 6294729c8ef24077cd342b4557653806c3aacd34
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Aug 29 15:34:24 2024 +1000
|
||
|
||
Follow-up on https://github.com/Kicksecure/security-misc/commit/f70fe308a9f65873d34de2d1906d825f3a56e272
|
||
|
||
commit 3101035a3fd5fbe87c79e95e51dc2da39fee93d5
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Aug 29 01:57:32 2024 +1000
|
||
|
||
Enable `panic_on_warn=1`
|
||
|
||
commit 9c918eb4313b60dc15aa9fa4474a7977602030c1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Aug 28 11:01:37 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit f70fe308a9f65873d34de2d1906d825f3a56e272
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Aug 28 06:49:50 2024 -0400
|
||
|
||
no longer set sysctl `fs.binfmt_misc.status=0` /
|
||
no longer disallow registering interpreters for miscellaneous binary formats
|
||
|
||
causing file/folder permissions issue `d????????? ? ? ? ? ? .`
|
||
|
||
Firefox no longer starting (probably not not a Firefox issue)
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/267
|
||
|
||
commit 463aa58f28b6389d0925fed87096b348b652cc16
|
||
Merge: cf824dd 328840c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Aug 28 06:42:49 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 328840c933a583adc5458aa08c63fb627b31b298
|
||
Merge: cf824dd 9e91c98
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Aug 28 06:38:57 2024 -0400
|
||
|
||
Merge pull request #264 from raja-grewal/kspp_compliance
|
||
|
||
Add KSPP compliance notices to corresponding parameters and `sysctls`
|
||
|
||
commit 9e91c98cc926e7a166458cd78e3c1d1ced23c753
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 26 12:40:04 2024 +1000
|
||
|
||
Add details on BPF hardening and split the `sysctl`s
|
||
|
||
commit 2c356e8b0ef7db56e7b453535c8cb6c83fc2e3c6
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 26 11:34:12 2024 +1000
|
||
|
||
Add KSPP notice definitions
|
||
|
||
commit 2841d789bebbd43f855b6ffb92a3a6f017007a72
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 26 11:21:26 2024 +1000
|
||
|
||
README: Update
|
||
|
||
commit ac6602ac3531ae57603e8a9e5ac2ee1652164b23
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 26 11:19:20 2024 +1000
|
||
|
||
Add detail on disabling user namespaces breaking UPower
|
||
|
||
commit 9dbd200be415c86e7039463c6269fad8395a4373
|
||
Merge: 32de5e7 cf824dd
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Mon Aug 26 11:08:21 2024 +1000
|
||
|
||
Merge branch 'Kicksecure:master' into kspp_compliance
|
||
|
||
commit cf824ddb248957fd9e542c1a5adc5e90381f684c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 25 15:34:55 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 500568e322b2e3623fc649209d671c7b9d9fa097
|
||
Merge: 43d13b7 73900b5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 25 11:01:58 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 73900b59db37d77bc24bd5088aae3cc760aacc69
|
||
Merge: 43d13b7 1f51d4e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 25 11:00:51 2024 -0400
|
||
|
||
Merge pull request #263 from raja-grewal/max_user_namespaces
|
||
|
||
Provide option to disable user namespaces
|
||
|
||
commit 43d13b70f12d2198a800054ce4d1ff901cc474f9
|
||
Merge: 8353764 fae586c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 25 10:55:52 2024 -0400
|
||
|
||
Merge remote-tracking branch 'raja/syntax'
|
||
|
||
commit 835376418d616699023f8e638666f43d34241863
|
||
Merge: ae85fd5 342caf8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 25 10:48:25 2024 -0400
|
||
|
||
Merge remote-tracking branch 'raja/mod'
|
||
|
||
commit ae85fd5b4ce6f4716f95332c19b79d3daa8f7220
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 25 14:33:40 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 433b15f985545f531b87d09659bbbb89993b5a67
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Aug 21 12:51:51 2024 +1000
|
||
|
||
README.md: Organise `sysctl`s
|
||
|
||
commit af87a84b4f40b2ad9ac05dd9bce837665f239454
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Aug 21 12:52:48 2024 +1000
|
||
|
||
README.md: Organise kernel boot parameters
|
||
|
||
commit 32de5e7c49d301b62b838ba88550f58b02b6562b
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Aug 25 12:57:22 2024 +1000
|
||
|
||
Add details on oopses and warnings
|
||
|
||
commit e4909b5e28e16f09de0e548c9221578ebe1190a3
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Aug 25 12:47:04 2024 +1000
|
||
|
||
Add details on kernel panics
|
||
|
||
commit 342caf82b20acc2931563449fafe9a98cbedaba2
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Aug 21 12:52:48 2024 +1000
|
||
|
||
README.md: Organise kernel boot parameters
|
||
|
||
commit b87a18d4050bbf2add5cc4920684876a440e65bb
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Aug 21 12:51:51 2024 +1000
|
||
|
||
README.md: Organise `sysctl`s
|
||
|
||
commit 18ed77ecc93e9ee759a4990a32edb3dd671b8c26
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Aug 21 12:50:14 2024 +1000
|
||
|
||
Refactor modprobe.d to minimise potential future merge conflicts
|
||
|
||
commit 56b28e38264fe742b8d694176f1057c15574fc08
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 19 11:50:08 2024 +1000
|
||
|
||
Typo
|
||
|
||
commit e61027a40e2ab82fac3ae4cfd5f91fd0a47f31e5
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 19 11:32:20 2024 +1000
|
||
|
||
Set `sysctl vm.mmap_min_addr=65536`
|
||
|
||
commit 94dab1b7c503429e2fa91019a0183b2f36c6693f
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 19 10:53:05 2024 +1000
|
||
|
||
Partial compliance with the KSPP on kernel panics
|
||
|
||
commit 683110e7f02fa5fc6415354386552640cdb8758b
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 19 01:34:14 2024 +1000
|
||
|
||
Correction
|
||
|
||
commit 1f51d4eeb2b0c6e23ce64fb272eecb97e089324d
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Aug 18 13:53:11 2024 +1000
|
||
|
||
Add details on user namespaces
|
||
|
||
commit 248e094b8e0bbf7892f79ad1c3ec77c7ed00d008
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Aug 17 01:06:21 2024 +1000
|
||
|
||
Include KSPP compliance notices
|
||
|
||
commit 759aee8150a2d1258d73217c071b25432d47496f
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 16 22:54:57 2024 +1000
|
||
|
||
Provide option to disable user namespaces
|
||
|
||
commit fae586c3c5e8382ca01c60f810b26d88189a5514
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 16 19:23:48 2024 +1000
|
||
|
||
Patch bug in existing `rp_filter` `sysctl`
|
||
|
||
commit e962153f84c4cb8e13fb0cc25d611ae481c7a0c7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Aug 16 08:38:12 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 40b12f5a2a4a40d7033569b11ad4e1c228e7389b
|
||
Merge: 12296c6 305467c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Aug 16 04:30:29 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 305467c652af933bb5aa5a677b10a992a5f19cab
|
||
Merge: 12296c6 a5373af
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Aug 16 04:25:43 2024 -0400
|
||
|
||
Merge pull request #245 from raja-grewal/blacklist_to_disable
|
||
|
||
Update `/etc/modprobe.d/*`
|
||
|
||
commit 12296c68dc0aaa3703e1c36f854a02de8db412fe
|
||
Merge: 4bc12b0 036bcea
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Aug 16 04:22:43 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 036bcea4e6757de094fcafdadcf56aaa90729d79
|
||
Merge: ef60c5b 81bf7a8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Aug 16 04:20:32 2024 -0400
|
||
|
||
Merge pull request #262 from raja-grewal/docs
|
||
|
||
Miscellaneous updates to presentation
|
||
|
||
commit 81bf7a8f90098a7107dcb3c783b87a168f5c090f
|
||
Merge: cea8e75 ef60c5b
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Fri Aug 16 16:57:01 2024 +1000
|
||
|
||
Merge branch 'Kicksecure:master' into docs
|
||
|
||
commit ef60c5b153a521e1cfd522ac471a8ca6dc076d90
|
||
Merge: 4bc12b0 b552b92
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Aug 16 02:43:57 2024 -0400
|
||
|
||
Merge pull request #249 from raja-grewal/binfmt_misc
|
||
|
||
Disallow registering interpreters for miscellaneous binary formats
|
||
|
||
commit cea8e753786d100ebe961ad74a99925e54d47771
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 16 14:55:22 2024 +1000
|
||
|
||
Consistent formating
|
||
|
||
commit 84376d23fc17d2ced890ffca0b05d15907d42a6f
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 16 13:39:11 2024 +1000
|
||
|
||
Add details on ASLR and move to user space section
|
||
|
||
commit a13298002350a39491a509d15633edb95a2e3edd
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 16 13:24:25 2024 +1000
|
||
|
||
Update README.md
|
||
|
||
commit 9212a4e93754a4505be3fcf0ff4b029c073d2f07
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 16 13:12:07 2024 +1000
|
||
|
||
Typos
|
||
|
||
commit 23a77d4973ec20b2aaab6a9c3a9fd8a98034923e
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 16 12:46:51 2024 +1000
|
||
|
||
Simplify syntax of some network-related `sysctl`'s
|
||
|
||
commit e3a3207a4447568a17129afe9dde34debc465e21
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 16 12:41:36 2024 +1000
|
||
|
||
Clarify DMA hardening
|
||
|
||
commit be9308e490f79a7b7788a744524d1d91cc870726
|
||
Merge: 73db68d 4bc12b0
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Fri Aug 16 11:45:43 2024 +1000
|
||
|
||
Merge branch 'Kicksecure:master' into docs
|
||
|
||
commit 4bc12b07b42def786862b938e3f63c18cf874158
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Aug 15 17:51:18 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 9e61e37c17524b57f185b796f2ac19ba193205a8
|
||
Merge: 89e816d dfd1c97
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Aug 15 13:47:33 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit dfd1c97168249b229495cbd873d4d8493e244663
|
||
Merge: 89e816d ec3038c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Aug 15 13:46:30 2024 -0400
|
||
|
||
Merge pull request #248 from raja-grewal/secure_redirects
|
||
|
||
Re-enable (default) `secure_redirects` for ICMP redirect messages
|
||
|
||
commit b552b92401f67d59e12ac6fda2f7fe1c54b0c8a7
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Aug 15 11:54:21 2024 +1000
|
||
|
||
Add references on `fs.binfmt_misc.status`
|
||
|
||
commit 326d82a9beee130956dd817812016a6ee16fccbc
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Aug 15 11:46:56 2024 +1000
|
||
|
||
Revert "Provide optional `sysctl fs.binfmt_misc.status=0`"
|
||
|
||
This reverts commit debd7a7b7ae8b03e04d2c8597bcccf2c79000570.
|
||
|
||
commit 73db68dbf9a1f9ded95a593db36a4960ce06a173
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 9 14:27:30 2024 +1000
|
||
|
||
Add details on KFENCE
|
||
|
||
commit f8fa89b245d929aee9884937fdcf44a6551df4cf
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 9 14:21:59 2024 +1000
|
||
|
||
Add details on `tcp_timestamps`
|
||
|
||
commit 3456f1c1d7725846ec201c28dd693bf9b07bab89
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 9 13:39:25 2024 +1000
|
||
|
||
Minor consistency update in README.md
|
||
|
||
commit 15c638acad64cc3dcc7b5c43d9a6be2fa2350654
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 9 13:36:47 2024 +1000
|
||
|
||
Add reference on RDRAND
|
||
|
||
commit 077bc48a26d1d3f5d1f758d7e251edccba64742b
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 9 13:35:33 2024 +1000
|
||
|
||
Add reference on `rp_filter`
|
||
|
||
commit d8bcec881f66604e29d6e0c1426635e2ad4979f1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 9 13:33:32 2024 +1000
|
||
|
||
Add some notices for future Debian 13 rebase
|
||
|
||
commit 0b0683499a6a21e3995a115c377eb19008bc4cd1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 9 13:30:39 2024 +1000
|
||
|
||
Consistent line length formatting
|
||
|
||
commit e5a38fc856c66d2bd6abc35fc08d4f2083ea8e54
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Aug 9 13:30:15 2024 +1000
|
||
|
||
Typo
|
||
|
||
commit a5373afc55e789f4657f3d843243e878e4afffa2
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Aug 7 14:44:14 2024 +1000
|
||
|
||
Details on disabled `fbdev` kernel modules
|
||
|
||
commit e98dc8c4f8af32dd3b10c034477fd2154df189ac
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Aug 7 14:14:47 2024 +1000
|
||
|
||
Update notifications for disabled kernel modules
|
||
|
||
commit 50fa721fd54cd696ae90a35bc7df7c8f1eb17a13
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Aug 7 14:01:49 2024 +1000
|
||
|
||
Update docs regarding Intel module disabling
|
||
|
||
commit ec3038c7bc625f6c8eddb753ffe295ff2697a717
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Aug 7 13:48:53 2024 +1000
|
||
|
||
Clarify `secure_redirects`
|
||
|
||
commit debd7a7b7ae8b03e04d2c8597bcccf2c79000570
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Aug 7 13:33:44 2024 +1000
|
||
|
||
Provide optional `sysctl fs.binfmt_misc.status=0`
|
||
|
||
commit 89e816dda6c5a00512b276071c4d9fe108ee63b5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 6 14:01:39 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 967f9e257b09bc73ddb579292d507f7cb9832643
|
||
Merge: fa90918 a25aaf9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 6 09:57:56 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit a25aaf900a12666046278a9fab6933b3d5670679
|
||
Merge: 6bc039a 8559079
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 6 09:55:20 2024 -0400
|
||
|
||
Merge pull request #260 from raja-grewal/vdso32
|
||
|
||
Enable `vdso32=0`
|
||
|
||
commit 6bc039a430289342f06857a52a5f13829d6e50f5
|
||
Merge: ce60d56 d102ec1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 6 09:52:56 2024 -0400
|
||
|
||
Merge pull request #259 from raja-grewal/kfence
|
||
|
||
Enable `kfence.sample_interval=100`
|
||
|
||
commit ce60d5615fe99e41c48d459f562d581a688c295a
|
||
Merge: b027842 c0d140f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 6 09:48:08 2024 -0400
|
||
|
||
Merge pull request #258 from raja-grewal/legacy_tiocsti
|
||
|
||
Enable `dev.tty.legacy_tiocsti=0`
|
||
|
||
commit b0278428a73cd3d329aaa36626005e0c593331f0
|
||
Merge: fa90918 aa34d86
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 6 09:39:04 2024 -0400
|
||
|
||
Merge pull request #257 from raja-grewal/slab_debug
|
||
|
||
Enable `slab_debug=FZ`
|
||
|
||
commit 8559079312adb4ed92e5f478120b408dfe7a1124
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 5 15:10:02 2024 +1000
|
||
|
||
Enable `vdso32=0`
|
||
|
||
commit d102ec19972865032f12f90bffe3e592546f0267
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 5 15:07:56 2024 +1000
|
||
|
||
Enable `kfence.sample_interval=100`
|
||
|
||
commit c0d140f2211e6490d13e3cd327005027c668905f
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 5 15:06:34 2024 +1000
|
||
|
||
Enable `dev.tty.legacy_tiocsti=0`
|
||
|
||
commit aa34d86598f5b846b007730104e4c99c59f9984d
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 5 14:27:17 2024 +1000
|
||
|
||
Enable `slab_debug=FZ`
|
||
|
||
commit 4f7f82016015f61002ac8f778b61968c572dc7dc
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Aug 5 14:16:33 2024 +1000
|
||
|
||
Add reference
|
||
|
||
commit fa9091869d417c6494840d0cb32623037d70c8be
|
||
Merge: 06f0c27 725118c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 4 16:20:36 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 725118c5759b45118bbd2804492526ea2a7c1a81
|
||
Merge: 6d97408 6d211fa
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 4 16:19:52 2024 -0400
|
||
|
||
Merge pull request #243 from raja-grewal/namespaces
|
||
|
||
Restrict unprivileged user namespaces
|
||
|
||
commit 06f0c27128a66c1074f405de3139651519e48204
|
||
Merge: 8abc5ae 6d97408
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 4 16:15:01 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 6d97408a6d2f002461ae6ca1d647fbf24bf1b99e
|
||
Merge: 8abc5ae 6f14d68
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 4 16:11:46 2024 -0400
|
||
|
||
Merge pull request #255 from raja-grewal/SLUB
|
||
|
||
Restore option to enable `slub_debug=FZ`
|
||
|
||
commit 8abc5ae8f0f152c68f855f0e8d993880589c5d5c
|
||
Merge: de6f3ea eab66da
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 4 16:09:52 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit eab66dad0994e408c1beaade3fdcf2cd1d605b31
|
||
Merge: de6f3ea ca2179b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 4 16:08:32 2024 -0400
|
||
|
||
Merge pull request #254 from raja-grewal/patch
|
||
|
||
Updates to kernel and `sysctl` hardening
|
||
|
||
commit 6f14d68cdcad3784311e33029eba6906ea0784c2
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Aug 3 15:12:15 2024 +1000
|
||
|
||
Update legacy name `slub_debug` -> `slab_debug`
|
||
|
||
commit 22b6cee80c74aff3d0f9cd36822ae88f8fa8e601
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Aug 3 15:11:14 2024 +1000
|
||
|
||
Add details about `slub_debug`
|
||
|
||
commit b77d1a2b980ae20158aa628eec67b016282d0a40
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Aug 3 14:49:48 2024 +1000
|
||
|
||
Revert "Remove the optional `slub_debug` parameter since it is no longer recommended"
|
||
|
||
This reverts commit 48e1ac416314d2c66f3a0d5044a3c51cb6fb4093.
|
||
|
||
commit ca2179bb6a01e3ebbb1e04e3507cc305f25bca4e
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Aug 3 00:25:49 2024 +1000
|
||
|
||
Provide the option to disable legacy TIOCSTI operation
|
||
|
||
commit 52aeacb4da4a8458b0ffdc1ade4094a178def6f4
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Aug 3 00:13:38 2024 +1000
|
||
|
||
Provide option to disable 32 bit vDSO mappings
|
||
|
||
commit 9099ecce8ae12352f2b739d3d7adf6069488ff49
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Aug 3 00:12:50 2024 +1000
|
||
|
||
Provide option to enable the kernel Electric-Fence
|
||
|
||
commit f6a16258a116ce5c5f4f6bad9d8ab9b6e1ec6bb7
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Aug 3 00:11:06 2024 +1000
|
||
|
||
Add references to KSPP
|
||
|
||
commit e53d24fc48b51a21fc182cc59890e97a1d7ac647
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Aug 3 00:09:42 2024 +1000
|
||
|
||
Add missing GRUB command lines for disabled boot parameters
|
||
|
||
commit de6f3ea74a5a1408e4351c955ecb7010825364c5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jul 28 20:50:22 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit d036094089e3e3a74df981c50882481273fcb6c0
|
||
Merge: e60ce50 0f86fbd
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jul 28 15:44:40 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 0f86fbd8ceea3157ee035eb9f4a0ff13024f1bc9
|
||
Merge: e60ce50 73979d4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jul 28 15:43:54 2024 -0400
|
||
|
||
Merge pull request #242 from raja-grewal/ptrace
|
||
|
||
Disable the usage of `ptrace()` by all processes
|
||
|
||
commit 9cabaa1bd15a0639c87bf2e965755d06ff0a7bb4
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Jul 28 22:04:30 2024 +1000
|
||
|
||
Typo
|
||
|
||
commit d2d024ebe9a371eaf90b7b72f8a227e5d2e9babe
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Jul 28 22:03:33 2024 +1000
|
||
|
||
Typo
|
||
|
||
commit 9fbee9fc82768c3b436307459d174378ee471335
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Jul 28 21:57:25 2024 +1000
|
||
|
||
Clarify
|
||
|
||
commit e60ce50d30c8981f13d8bab1d6ca8b8efb9d8928
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 27 16:13:35 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit e86b2e7f8fcda5727b158579610cb6a0354e89cf
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 27 12:13:18 2024 -0400
|
||
|
||
output
|
||
|
||
commit 144545762674e914046bb94100237329320e8ece
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Jul 27 14:00:30 2024 +1000
|
||
|
||
Show details regarding `secure_redirects` (again)
|
||
|
||
commit 73979d4342dae2017be52d5182bb66fa28be398d
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Jul 27 13:28:59 2024 +1000
|
||
|
||
Link to `ptrace()` discussion
|
||
|
||
commit 1c9f33f90606fb930744f1b9afc11caf87626194
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Jul 27 13:24:08 2024 +1000
|
||
|
||
Revert "Disable the usage of `ptrace()` by all processes"
|
||
|
||
This reverts commit b04828f858fa6d101099773d3156841fd6d33b6f.
|
||
|
||
commit 330cf14eab248d035fa467dba4f7bc3eb92a33bb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 15:40:24 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 62bb4bc6269a0603c15f1efaad7ca365ea15c9d7
|
||
Merge: 7969e86 886f609
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 11:10:25 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 886f6095dba71d76d5fd98277374417657e0cd31
|
||
Merge: 7969e86 ed33366
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 11:08:30 2024 -0400
|
||
|
||
Merge pull request #250 from raja-grewal/Panik-Kalm
|
||
|
||
Add details on "oopes" and kernel panics
|
||
|
||
commit 7969e8607160eae0cb5a3adddeec8d07c1d6e097
|
||
Merge: e2ae93a 0318f57
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 11:06:13 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 0318f577ab554ae2ac0f9417b18134723ea2b580
|
||
Merge: e2ae93a 4397de0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 11:04:29 2024 -0400
|
||
|
||
Merge pull request #246 from raja-grewal/cfi
|
||
|
||
Provide the option to change the default CFI implementation in the future
|
||
|
||
commit e2ae93a9571f2f0c9077ea61436a540a3be5a894
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 10:30:45 2024 -0400
|
||
|
||
port to safe_echo
|
||
|
||
commit 8ec23ed7128580ed0092df43945ba55e94163a6d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 10:28:57 2024 -0400
|
||
|
||
echo does not support end-of-options
|
||
|
||
commit 6096ed1109a0d5a62a844552fee500ebe66071c8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 10:26:43 2024 -0400
|
||
|
||
comment
|
||
|
||
commit ac41d1cfff8b722248a5ef1dfe38a8c704f04134
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 10:25:59 2024 -0400
|
||
|
||
comment
|
||
|
||
commit 3b033ceba24e5e14056d54710d782397e5c669df
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 10:17:24 2024 -0400
|
||
|
||
shellcheck
|
||
|
||
commit 04d9ca1ebe79cae5cce04b6533285b8d1299d692
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 10:16:20 2024 -0400
|
||
|
||
use `find` with `safe_echo_nonewline`
|
||
|
||
commit 20454fb81157f1f962f36d9c37d34f4ac650a1e6
|
||
Merge: 28b25bd 6bbf176
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Sat Jul 27 00:09:30 2024 +1000
|
||
|
||
Merge branch 'Kicksecure:master' into blacklist_to_disable
|
||
|
||
commit 6bbf176e3b91f842cf4cdeaf8cb1f4c60e159a0c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 09:33:45 2024 -0400
|
||
|
||
consider end-of-options for `find`
|
||
|
||
commit 794f6a25fa87a9d6d796b07ee06b690ea0badc92
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 09:08:29 2024 -0400
|
||
|
||
comment
|
||
|
||
commit 7e0f1a87010674c63963b70c87e903cf27b288ef
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 09:08:04 2024 -0400
|
||
|
||
dpkg-statoverride can actually handle '--file-name'.
|
||
|
||
commit ee037c01a1208b9247c3ae144fa3faa68657ffdb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:58:44 2024 -0400
|
||
|
||
Skip file names starting with '--',
|
||
|
||
because this would be interpreted by dpkg-statoverride as an option.
|
||
|
||
commit 82d401a7de58b74448113bed36c8f0cc073c7f82
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:52:42 2024 -0400
|
||
|
||
sanity test
|
||
|
||
commit 0e661bc688c7222840c9d83fb3ccab6549b3ac11
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:49:14 2024 -0400
|
||
|
||
output
|
||
|
||
commit d144f68d1a06a1153c4178b2f6ba9643dededbb8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:46:08 2024 -0400
|
||
|
||
output
|
||
|
||
commit 05504b9ab251ae6e48b5d28eb5fdcd12d730ea8a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:40:10 2024 -0400
|
||
|
||
minor
|
||
|
||
commit d96c0633d431dafd034ae8d1ae0ffbb59c49be4a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:39:11 2024 -0400
|
||
|
||
more use of end of options
|
||
|
||
commit 8e40c10c319a76e0256c8f135182b0ca7f532f85
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:31:17 2024 -0400
|
||
|
||
comment
|
||
|
||
commit f2c9c2f5d1b59127b22fae4dd4b8bb7a6f98a485
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:26:16 2024 -0400
|
||
|
||
output
|
||
|
||
commit 2b40ea75e9c3f679fd09ae331a56f294c3ac7607
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:24:23 2024 -0400
|
||
|
||
cleanup
|
||
|
||
commit 6f0551b944cbf83d82f7a1a554c4461bc971520b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:23:54 2024 -0400
|
||
|
||
refactoring
|
||
|
||
commit aac450f80836b03478b9e2632afc5a4519f9b37a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:22:04 2024 -0400
|
||
|
||
refactoring
|
||
|
||
commit 30f46790a4df7662926fa43d44ac34c3286dd590
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:21:21 2024 -0400
|
||
|
||
use end of options whenever possible
|
||
|
||
commit 95722d6d7902367afb44175263a8628df9ad01b2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:13:33 2024 -0400
|
||
|
||
use long option name
|
||
|
||
commit 19f131c7426aaa5199504e75aba180a7771a2520
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 08:07:08 2024 -0400
|
||
|
||
code simplification
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/251
|
||
|
||
commit 9694cf0cd1a225c68d45814e0f4d6995659a0066
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 07:43:59 2024 -0400
|
||
|
||
output
|
||
|
||
commit bdfe764f9d805b14dca4196e623e81ce95145d9b
|
||
Merge: 9f13523 652a06c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 07:19:05 2024 -0400
|
||
|
||
Merge remote-tracking branch 'ben-grande/stat-dedup'
|
||
|
||
commit 9f135231ccdc3f6eba27db2e1794eff23f03fc0f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 06:43:01 2024 -0400
|
||
|
||
no longer disable Intel ME related kernel modules
|
||
|
||
because that might break firmware updates
|
||
|
||
This reverts commit 64f8b2eb5870664fca06aa060f2f50af358ced55.
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/239
|
||
|
||
commit f616da7c0690fc0dffc21be59174ed8754ec55fb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 26 09:40:59 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 4397de0138dac47aee66570fcfe4ef38c8179321
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Jul 26 11:30:46 2024 +1000
|
||
|
||
Update description of `cfi=kcfi` kerenel parameter
|
||
|
||
commit 652a06c8e9f841e043cc5b5fb030b149cb70dc85
|
||
Author: Ben Grande <ben.grande.b@gmail.com>
|
||
Date: Thu Jul 25 12:37:21 2024 +0200
|
||
|
||
Only print SUID or SGID values when set
|
||
|
||
commit 3b8a3f9b832ee1eee959fbcce8b5eed417d4712e
|
||
Author: Ben Grande <ben.grande.b@gmail.com>
|
||
Date: Thu Jul 25 12:20:16 2024 +0200
|
||
|
||
Unduplicate stat call
|
||
|
||
commit 28b25bda3f51c7d5a6ee6d28446cb5f731f452d0
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Jul 25 15:51:32 2024 +1000
|
||
|
||
Partial inclusion of GrapheneOS infrastructure blacklist
|
||
|
||
commit ed3336694ce35614ab47db42bce29d3c69d46752
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Jul 25 10:28:27 2024 +1000
|
||
|
||
Provide the option to immediately reboot on a kernel panics
|
||
|
||
commit 3926b91dcf371377d38c747e5c7718ac2fed3c83
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Jul 25 10:26:23 2024 +1000
|
||
|
||
Add documentation on `sysctl kernel.panic_on_oops=1`
|
||
|
||
commit f699eb02a27ef54b9ced5866447b63152984af66
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Jul 25 10:11:33 2024 +1000
|
||
|
||
Set `sysctl fs.binfmt_misc.status=0`
|
||
|
||
commit 9231f058911ab9059e91c4c0c1677ef66b5bb666
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 13:31:49 2024 -0400
|
||
|
||
todo
|
||
|
||
commit 4cc1289e89b341e15725d65e405e607ea4784f9f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 13:30:30 2024 -0400
|
||
|
||
output
|
||
|
||
commit 10c73b326f824f783169383888b9464965a53cbb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 12:07:26 2024 -0400
|
||
|
||
fix delimiter parsing
|
||
|
||
commit a16dd8474bf72c2b8c63adc7500140e89d19fedb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:50:30 2024 -0400
|
||
|
||
sanity test
|
||
|
||
commit cc2b335ee692cc04a2c4e298902f3503927b2c50
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:48:32 2024 -0400
|
||
|
||
cleanup
|
||
|
||
commit 6cadc70a96cd709fb7a94abcb14e7dd97c57fdb8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:47:52 2024 -0400
|
||
|
||
output
|
||
|
||
commit cda0d26af7c057dab8edf4897f98c2e8f83e3d56
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:45:13 2024 -0400
|
||
|
||
cannot use NULL inside a bash variable
|
||
|
||
use custom delimiter instead
|
||
|
||
commit 4a5312b3a9419c8b3e07dda2b650d5fbf9a38d34
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:27:51 2024 -0400
|
||
|
||
output
|
||
|
||
commit 3bf1f26c0bb271d63c16b314e4da040abf5b3713
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:20:26 2024 -0400
|
||
|
||
downgrade warning of non-existing folders to info
|
||
|
||
to avoid all users by default getting a warning for expected non-existing folders
|
||
|
||
commit 151ca659a9f5565744ff57f3b581c8c051def148
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:19:15 2024 -0400
|
||
|
||
output
|
||
|
||
commit c9fd2ceb61ea176c731432f02a9fa40652fbddc8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:13:35 2024 -0400
|
||
|
||
downgrade warning of non-existing files to info
|
||
|
||
to avoid all users by default getting a warning for expected non-existing files
|
||
|
||
commit 721392901be384014298f59deb57747b825c8b37
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:12:39 2024 -0400
|
||
|
||
remove duplicate test
|
||
|
||
commit 9712b5b4e3cff3eac8ef03b5e562ff89d74ef4b8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:12:18 2024 -0400
|
||
|
||
output
|
||
|
||
commit 00911df5c1de24960ad6d21b4cd99450f2d08a88
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:10:56 2024 -0400
|
||
|
||
modify call of stat to use NUL delimiter
|
||
|
||
for more robust string parsing
|
||
|
||
commit d5366835112cc5fabef7ec46a9c582c08121cb14
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:03:28 2024 -0400
|
||
|
||
local clean_output_prefix clean_output
|
||
|
||
commit a6e517736b83c124cf8cec52bac184612a29ad0d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:02:25 2024 -0400
|
||
|
||
local stat_output
|
||
|
||
commit ced02fb9e03e12c7d51923511e7d6a54b09a6274
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 11:01:24 2024 -0400
|
||
|
||
add sanity test for file_name output from stat
|
||
|
||
commit b9dfe70a016e46e1f275918be19890526182cfa2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 10:58:05 2024 -0400
|
||
|
||
check first if file_name is empty
|
||
|
||
commit 1cbda7998196dc04e83c48526d15f9ad5f11e6c9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 10:57:13 2024 -0400
|
||
|
||
check first if array is empty before parsing further
|
||
|
||
commit a077ae54ea050af8828813b781738cba24e27624
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 10:56:08 2024 -0400
|
||
|
||
modify call of stat to use NUL delimiter
|
||
|
||
for more robust string parsing
|
||
|
||
commit 1135d34ab334c9b39e51a147dc94df568f982512
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 24 23:33:36 2024 +1000
|
||
|
||
Reword description of `cfi=kcfi` kerenel parameter
|
||
|
||
commit 7200e9bd8c793f5ea30c3448fd03fbd38c6292b5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 09:15:02 2024 -0400
|
||
|
||
output
|
||
|
||
commit 1b6161c2dcd9a0686503c84cda4c9f6a29fe4e02
|
||
Merge: d2563ed 8be21b6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 24 09:13:48 2024 -0400
|
||
|
||
Merge remote-tracking branch 'ben-grande/fuzz'
|
||
|
||
commit 88c88187f2909322211cc08598717068ea7cf1d1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 24 17:26:50 2024 +1000
|
||
|
||
Re-enable (default) `secure_redirects` for ICMP redirect messages
|
||
|
||
commit 8be21b6eff40fdd3909ef63468463fc52e8bf45f
|
||
Author: Ben Grande <ben.grande.b@gmail.com>
|
||
Date: Tue Jul 23 19:36:12 2024 +0200
|
||
|
||
Handle newlines in file names
|
||
|
||
commit aa99de68d307cd88462665424996d9b730ab5087
|
||
Author: Ben Grande <ben.grande.b@gmail.com>
|
||
Date: Tue Jul 23 18:46:47 2024 +0200
|
||
|
||
Log output with defined levels
|
||
|
||
commit 06fbcdac1de6f1830d911f05a4f7c14fd522fad4
|
||
Author: Ben Grande <ben.grande.b@gmail.com>
|
||
Date: Tue Jul 23 09:55:02 2024 +0200
|
||
|
||
Prettify log messages
|
||
|
||
commit fb494c2ba5b7fd0f864a59896710d9cddf92b458
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 23 13:12:13 2024 +1000
|
||
|
||
Update docs relating to the `cfi=kcfi` kernel parameter
|
||
|
||
commit 7ee1ea2cc7dd62feee3243d64b414130e68d35e9
|
||
Author: Ben Grande <ben.grande.b@gmail.com>
|
||
Date: Mon Jul 22 17:06:07 2024 +0200
|
||
|
||
Unify functions that evaluate commands
|
||
|
||
commit 9c3566f524f748b9f7c98a36b3f2b1064cdba3ed
|
||
Author: Ben Grande <ben.grande.b@gmail.com>
|
||
Date: Mon Jul 22 16:01:14 2024 +0200
|
||
|
||
Delimit file names with null terminator
|
||
|
||
commit d6fc71dba78a9c871015ebdde3bef61943369b47
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 22 17:26:00 2024 +1000
|
||
|
||
Add option to switch (back) to using kCFI in the future
|
||
|
||
commit f582e543434ba20a2fb7f7300058f7c8a7d62878
|
||
Merge: a189956 d2563ed
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Mon Jul 22 15:12:00 2024 +1000
|
||
|
||
Merge branch 'Kicksecure:master' into blacklist_to_disable
|
||
|
||
commit d2563ed92317a029340dbb83f30da008b01325f2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jul 21 10:40:14 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 64f8b2eb5870664fca06aa060f2f50af358ced55
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jul 21 06:36:22 2024 -0400
|
||
|
||
Revert "no longer disable Intel ME related kernel modules"
|
||
|
||
This reverts commit 6157e328f40a7f3780208489b1ffecef8e6d738a.
|
||
|
||
https://www.kicksecure.com/wiki/Out-of-band_Management_Technology#Intel_ME_Kernel_Modules
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/239
|
||
|
||
commit 04fb00572f2e4c9bdfaaa0f6da8007999daab641
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 20 17:02:05 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit f0a478c7c91697988926a73d3a1880dd8caaca68
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 20 12:57:56 2024 -0400
|
||
|
||
permission hardener: allow postfix
|
||
|
||
postqueue matchwhitelist
|
||
postdrop matchwhitelist
|
||
|
||
commit a189956adc2cf5a1c8311d0e0e9c7cfbc6e4afe3
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Jul 20 20:11:09 2024 +1000
|
||
|
||
Typo
|
||
|
||
commit 3c720a0715191c858e8d1df9795dddfea5dbdcf1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Jul 20 15:03:21 2024 +1000
|
||
|
||
Disable some legacy drivers
|
||
These were all previously blacklisted for over 2 years.
|
||
|
||
commit c4965ed838b1df93ddb9e947fb2f0d23fa8ffc17
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Jul 20 14:55:10 2024 +1000
|
||
|
||
Disable legacy framebuffer drivers
|
||
These were all previously blacklisted for over 2 years.
|
||
|
||
commit 9f53a0182b5f6a7cf8228bf19b04661d39c7a2fe
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 19 07:20:59 2024 -0400
|
||
|
||
undo io_uring related changes
|
||
|
||
as these should be done in a separate pull request (if apprpriate)
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/244#issuecomment-2238889062
|
||
|
||
commit 8791aecb38a41aa0b0c108505726bc6a1ace903e
|
||
Merge: 2d11436 06894d1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 19 07:19:09 2024 -0400
|
||
|
||
Merge remote-tracking branch 'raja/fixes'
|
||
|
||
commit 06894d1c98e91f43af58cc438559ea76b6a361e3
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Jul 19 18:30:42 2024 +1000
|
||
|
||
Typo
|
||
|
||
commit 2d11436432d3b2b75f84b05550de06cd77ec6e79
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 18 18:05:07 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit cac5bbad99a9c083c5b5f85f07c7368287c64f72
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 18 14:04:00 2024 -0400
|
||
|
||
comment
|
||
|
||
commit a5eed00eba76f83c310f62d000830f38b0e87d21
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 18 14:02:38 2024 -0400
|
||
|
||
cleanup comments
|
||
|
||
commit 21efacf1b111d9599e72cef23b791cf4961c04c3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 18 14:00:28 2024 -0400
|
||
|
||
cleanup duplicate comments which are already in `/etc/dkms/framework.conf`
|
||
|
||
commit 61628c2baf58ca2859bc5fc99782985ef0822750
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 18 14:11:35 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 05cf438199ca75f96cf8e67131f4a409b465e7e7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 18 10:11:03 2024 -0400
|
||
|
||
no comments / copyright allowed in .displace-extension
|
||
|
||
commit 2ccc95f6d44bacd3da97d586542695f33d5faf38
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 18 14:05:23 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 95286df50274953326accb615487e21d409b652a
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Jul 18 15:28:31 2024 +1000
|
||
|
||
Update README.md regarding secure ICMP redirects
|
||
|
||
commit 13cc1f0986033855a399b50442a86a8d8552eb96
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Jul 18 12:25:00 2024 +1000
|
||
|
||
Clarify (future) disabling of `io_uring`
|
||
|
||
commit 9e6facda7017498e8310a9c39403e95e81c5a903
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Jul 18 12:21:37 2024 +1000
|
||
|
||
Update module disabling presentation
|
||
|
||
commit faa9181a6c0c78b9471c9a4e6bdd3291aec704f6
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Jul 18 12:19:27 2024 +1000
|
||
|
||
Typos
|
||
|
||
commit 6d211faf591608ea6e7f484e8bc69dd567877abf
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Jul 18 11:04:54 2024 +1000
|
||
|
||
Restrict unprivileged user namespaces
|
||
|
||
commit b04828f858fa6d101099773d3156841fd6d33b6f
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Jul 18 11:01:41 2024 +1000
|
||
|
||
Disable the usage of `ptrace()` by all processes
|
||
|
||
commit d454f36c63bd653e47353fb1c93107b2d5584fe2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 11:52:29 2024 -0400
|
||
|
||
spelling
|
||
|
||
commit f4da582aa31b869413aef6f4e252b7985e961339
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 11:44:17 2024 -0400
|
||
|
||
spelling
|
||
|
||
commit 9e976474d5d620be9e4f8d8a97f73c6cc3e64573
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 11:40:51 2024 -0400
|
||
|
||
spelling
|
||
|
||
commit b569fc02a4650187e69b62b95439c05ee2611e91
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 11:38:53 2024 -0400
|
||
|
||
spelling
|
||
|
||
commit a2e26f441b6f44831c7b1bf3bf9dc2cf6f06e176
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 11:04:03 2024 -0400
|
||
|
||
spelling
|
||
|
||
commit c8be4ac83c2563798ee35d56200eb8d11a2c32e3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 10:56:14 2024 -0400
|
||
|
||
comment
|
||
|
||
commit 24cd70a014b221b25669755b955bc114fe083643
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 10:55:12 2024 -0400
|
||
|
||
spelling
|
||
|
||
commit 5cec685cf9b0845838f17fba78ac65d6c2e63386
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 10:49:21 2024 -0400
|
||
|
||
spelling
|
||
|
||
commit 821a416fe39e11ca030c63f25a5220772d80eae5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 10:43:16 2024 -0400
|
||
|
||
spelling
|
||
|
||
commit 9a387f95e9346030e2adc3252a45942949561b52
|
||
Merge: fd41acd 4afe257
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 10:32:26 2024 -0400
|
||
|
||
Merge remote-tracking branch 'raja/miscellaneous'
|
||
|
||
commit fd41acdc721a6463813bc347cb965b6211fb9447
|
||
Merge: 0da22c2 1087387
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 10:27:31 2024 -0400
|
||
|
||
Merge remote-tracking branch 'raja/fack_off'
|
||
|
||
commit 4afe257a42576158a54a68948440a2b4c043b67c
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Jul 18 00:14:13 2024 +1000
|
||
|
||
minor
|
||
|
||
commit d0a59617f6b8a90fd5c758699e910af9d7496c98
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Jul 18 00:13:30 2024 +1000
|
||
|
||
Add missing Copyright (C) statements
|
||
|
||
commit 8f3896c3dac13b604e36d4249f976598f271a215
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 23:44:37 2024 +1000
|
||
|
||
Upgrade hyperlinks to HTTPS
|
||
|
||
commit 1087387b362d5598e44262db07ab0fff9118b064
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 23:35:25 2024 +1000
|
||
|
||
Remove obsolete `#net.ipv4.tcp_fack=0`
|
||
|
||
commit 0da22c20316c8f0f574e0127926506e52ccbc269
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 09:07:31 2024 -0400
|
||
|
||
minor
|
||
|
||
commit c336b266f61528cce27e1cafac6377370927a787
|
||
Merge: afe3c25 df80385
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 09:06:44 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit df80385289717fee0266436d056c9aedd0fb06af
|
||
Merge: afe3c25 724435e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 09:04:18 2024 -0400
|
||
|
||
Merge pull request #237 from raja-grewal/intel_pmt
|
||
|
||
Disable some Intel PMT kernel modules
|
||
|
||
commit afe3c25a49940f7f322414c08e8dbd631e696215
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 08:58:00 2024 -0400
|
||
|
||
update readme
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/239
|
||
|
||
commit f7772fb85a1fe6d3c0749e5f34fc29111b6a8125
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 08:57:35 2024 -0400
|
||
|
||
minor
|
||
|
||
commit 6157e328f40a7f3780208489b1ffecef8e6d738a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 08:52:11 2024 -0400
|
||
|
||
no longer disable Intel ME related kernel modules
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/239
|
||
|
||
commit daee8b900b3057235aedc17b1231c3c05599140c
|
||
Merge: 954ff1b a4ba6e4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 08:47:55 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit a4ba6e485d94512fdf737b9f66137c3f692c9904
|
||
Merge: 9a75135 abafb19
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 08:46:27 2024 -0400
|
||
|
||
Merge pull request #236 from raja-grewal/intel_me
|
||
|
||
Disable more Intel ME kernel modules
|
||
|
||
commit 954ff1be41288b5fa2e50d492d92544915f93bb5
|
||
Merge: d29a616 9a75135
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 08:42:52 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 9a75135633ad172f7cbf318e1206865493c28bb4
|
||
Merge: d29a616 a340899
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 08:41:43 2024 -0400
|
||
|
||
Merge pull request #238 from raja-grewal/uvcvideo_2
|
||
|
||
Minor additions to `30_security-misc_disable.conf`
|
||
|
||
commit d29a616142562492db6c45c299f002100e905828
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 08:39:20 2024 -0400
|
||
|
||
minor
|
||
|
||
commit a2802f352fc7021ead0d431c665cc16b2821ae0b
|
||
Merge: 0b873b7 81a3715
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 08:38:23 2024 -0400
|
||
|
||
Merge remote-tracking branch 'raja/kargs'
|
||
|
||
commit 0b873b765e20b06113d808075fa95c8acbb1e0fc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 08:05:27 2024 -0400
|
||
|
||
minor
|
||
|
||
commit 070bb46a08afcd84fb638472c39bd543bad4fb17
|
||
Merge: 6d6e547 25fd532
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 08:02:45 2024 -0400
|
||
|
||
Merge remote-tracking branch 'raja/sysctl'
|
||
|
||
commit 6d6e5473f2778a2a5b1ca7826d0a3a5a63cff08a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 08:00:24 2024 -0400
|
||
|
||
minor
|
||
|
||
commit cf5f0edbb85589a72ec891e9c3e090f9e81c4fda
|
||
Merge: fe5c840 693b47e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 17 07:59:35 2024 -0400
|
||
|
||
Merge remote-tracking branch 'raja/sysctl'
|
||
|
||
commit 25fd532ce62399d5bb42d844ad32b5128eaf748d
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 21:56:40 2024 +1000
|
||
|
||
Update README.md relating to `sysctl`'s
|
||
|
||
commit 39fd125eb0f0c16c8a64933bbd04709287a2686a
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 21:44:44 2024 +1000
|
||
|
||
Provide explanation on the disabling of IPv6 Privacy Extensions
|
||
|
||
commit a3408990ab439e6edbf8691cf7d65fb16c0d24df
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 15:03:39 2024 +1000
|
||
|
||
Uncomment disabling of already disabled ATM modules
|
||
|
||
commit 693b47e6235528ab7a9032818cce22fd63a4f5ea
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 14:58:30 2024 +1000
|
||
|
||
Clarify ICMP redirect acceptance and sending
|
||
|
||
commit 81a3715c7c0b73796a62297ebe55e861a46f7686
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 13:32:08 2024 +1000
|
||
|
||
Add info regarding the downsides of disabling SMT
|
||
|
||
commit abafb1945cace774429fefd0c1a037fb2ec3f774
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 13:26:03 2024 +1000
|
||
|
||
Add Intel ME references
|
||
|
||
commit f317aaebab126bafe3cfaef8159bf0820c392c87
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 01:09:02 2024 +1000
|
||
|
||
Disable two network modules
|
||
These were previously blacklisted for two years in https://github.com/Kicksecure/security-misc/commit/61ef9bd59f9ff39c140f782ff5b41d0a3c6d97bc.
|
||
|
||
commit d69fe88091c7212a9af86306c797aed40398584b
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 01:08:01 2024 +1000
|
||
|
||
Provide option to disable `uvcvideo` driver
|
||
|
||
commit 49594ccb223c09d70f00434e5875c9dae1a2360d
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 00:49:25 2024 +1000
|
||
|
||
Partially revert https://github.com/raja-grewal/security-misc/commit/f4d652fa7b5dd350b577521c6bba22c9eb3c13f1
|
||
|
||
commit 824d9b82e53485eed8eaf24e9815ac07ad0f2406
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 00:36:18 2024 +1000
|
||
|
||
Uncomment redundant disabling of TCP FACK`
|
||
|
||
commit d1119c38b6ad4193919d4b800de0a3cb014f92c1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 17 00:31:23 2024 +1000
|
||
|
||
Apply changes from code review
|
||
|
||
commit fe5c840b79c4aabd5c21a286d3ce1a3ee460812c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jul 15 21:18:55 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 6e63fc8985b97902dbae2553ded51950168dc222
|
||
Merge: fe0846c b7796a5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jul 15 17:14:25 2024 -0400
|
||
|
||
Merge remote-tracking branch 'ben-grande/fuzz'
|
||
|
||
commit fe0846c8c2bdfc0534850b1e9bf9c4130381def9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jul 15 12:30:38 2024 -0400
|
||
|
||
fix
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/234#discussion_r1678065395
|
||
|
||
commit 94df2e3d244f5e6e8e4320c1f28cc11dba00dd36
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jul 15 12:29:52 2024 -0400
|
||
|
||
further discussion required
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/234#issuecomment-2228909249
|
||
|
||
commit 41f0b53dd62d2968a6ff88a6fd907ca42f581847
|
||
Merge: 5ba5a85 9300c20
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jul 15 12:28:03 2024 -0400
|
||
|
||
Merge remote-tracking branch 'raja/kernel_modules'
|
||
|
||
commit 73f6d4b26f51f0c920fe020677f464c536d75410
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 16 01:03:41 2024 +1000
|
||
|
||
Fix transcription error
|
||
|
||
commit 724435e56ea059183241044a4fc09423187533eb
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 22:38:43 2024 +1000
|
||
|
||
Disable some Intel Platform Monitoring Technology Telemetry (PMT) modules
|
||
|
||
commit 61941da37509a4bb809212536b79f461a209f584
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 22:38:09 2024 +1000
|
||
|
||
Create `disabled-intelpmt-by-security-misc`
|
||
|
||
commit 22ba7a7c393a8c9005dfe26aea396815a4d54803
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 22:21:20 2024 +1000
|
||
|
||
Disable more Intel Management Engine (ME) modules
|
||
|
||
commit 9300c208e25d936f2c633a0904126566afc1c275
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 21:36:25 2024 +1000
|
||
|
||
Fix script
|
||
|
||
commit f2db11269e89d4c945642b661aa9cbe356f89037
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 21:18:32 2024 +1000
|
||
|
||
Fix script
|
||
|
||
commit 382f1e9ec00ab5f012f028fa324d6cf73040c37d
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 21:13:25 2024 +1000
|
||
|
||
Fix error
|
||
|
||
commit a8bc1144c32b4b4f20904af5f813da1051fe4c9c
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 21:10:13 2024 +1000
|
||
|
||
Updated wording of error files for disabled modules
|
||
|
||
commit fda3832eaf293915ab77ce73a0be2caec15e21fa
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 21:08:45 2024 +1000
|
||
|
||
Replace bash file presented for disabling of miscellaneous modules
|
||
|
||
commit 8219a1e257525d487a49e7b3a6b14c1e180a7b52
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 21:02:10 2024 +1000
|
||
|
||
Update README.md relating to disabled miscellaneous modules
|
||
|
||
commit cb2fb95b81efa2ebb2bd80aeaacad9122f0f073c
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 21:01:36 2024 +1000
|
||
|
||
Disable more miscellaneous drivers
|
||
|
||
commit c52b1a3fd269ef4f98028dd5eead476abe5d138d
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 20:58:45 2024 +1000
|
||
|
||
Create `disabled-miscellaneous-by-security-misc`
|
||
|
||
commit 96aa63267a6fcee03f252f0791f37b7b6222a7c1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 20:57:14 2024 +1000
|
||
|
||
Disable more Thunderbolt modules
|
||
|
||
commit 51f7776bc8722752d53fc503b0c79564d8715d4c
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 20:56:12 2024 +1000
|
||
|
||
Disable more network protocols/drivers
|
||
|
||
commit 9e40ff055195b1e8637d1e957c3f8db01f99bbc1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 20:54:18 2024 +1000
|
||
|
||
Disable more network file systems
|
||
|
||
commit 82c5a93f7cf2846490120c5262a146a313a5ce47
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 20:53:07 2024 +1000
|
||
|
||
Disable another GPS module
|
||
|
||
commit 99b0ce7948213e7f7adf42ddd7c7beb229374bd4
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 20:47:56 2024 +1000
|
||
|
||
Disable more file systems
|
||
|
||
commit 4476a477a77c98cf4334fbcb866bc8f113f568ac
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 20:47:07 2024 +1000
|
||
|
||
Provide option to disable more Bluetooth modules
|
||
|
||
commit e0696d02a234e6f7ab9fb601ffe58e7d953846a2
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 20:46:04 2024 +1000
|
||
|
||
Update `security-misc.maintscript`
|
||
Due to previous splitting IN https://github.com/Kicksecure/security-misc/commit/b02230a783941da412be72fb52053db0c6b8010f.
|
||
|
||
commit b2657bc61fb15bb89d62f0743a36835c1f0dda8a
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 15:05:00 2024 +1000
|
||
|
||
Improve docs
|
||
|
||
commit 1c2afc1f253e15d2605d1bef0e323e6e972a2484
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 15:01:48 2024 +1000
|
||
|
||
Update presentation of the `kernel.printk` sysctl
|
||
|
||
commit c8385d82fbd6ba16ba1f0b4969661474966b74f1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 14:57:40 2024 +1000
|
||
|
||
Clarify instructions for increasing log verbosity
|
||
|
||
commit d229e8b04d914803fa66c3a695022cfb2d9b2a25
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 14:50:29 2024 +1000
|
||
|
||
Fix link
|
||
|
||
commit fbfdb0fa99087e4160979b612db04e63a1d3e3b1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 14:40:03 2024 +1000
|
||
|
||
Update `security-misc.maintscript` relating to grub
|
||
|
||
commit f4d652fa7b5dd350b577521c6bba22c9eb3c13f1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 14:39:12 2024 +1000
|
||
|
||
Update presentation of `quiet loglevel=0`
|
||
|
||
commit 69c8e849270393537d3e024137bc20a42c848333
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 14:38:21 2024 +1000
|
||
|
||
Fix typos
|
||
|
||
commit 48e1ac416314d2c66f3a0d5044a3c51cb6fb4093
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 02:04:25 2024 +1000
|
||
|
||
Remove the optional `slub_debug` parameter since it is no longer recommended
|
||
|
||
commit 99038c7a0621f5c9852638c1706c5306b42e6480
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 02:02:01 2024 +1000
|
||
|
||
Add option to disable support for x86 processes and syscalls in the future
|
||
|
||
commit f550fbe07cafb75112e98268730d1bcc511489e2
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 01:59:04 2024 +1000
|
||
|
||
Add option to disable the entire IPv6 stack functionality
|
||
|
||
commit a33d4cd099b8cbf569ff35627eeacf3562a4371e
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 15 01:56:25 2024 +1000
|
||
|
||
Refactor existing kernel parameters for clarity
|
||
|
||
commit acd60e45d8cbc98ea935c9bf035f2840622ab58d
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Jul 14 20:07:31 2024 +1000
|
||
|
||
Add comment about enabling core dump files
|
||
|
||
commit 5cf9afc21563712b851850e2041141807503807c
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Jul 14 17:05:49 2024 +1000
|
||
|
||
Include optional `sysctl`'s in README.md
|
||
|
||
commit 2b9e174c9db69f2c30828aae236c631d46255e07
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Jul 14 16:22:52 2024 +1000
|
||
|
||
Remove empty lines
|
||
|
||
commit dd1741c4a1cd18f34f69437c00f3a78a9ebd402a
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Jul 14 13:40:53 2024 +1000
|
||
|
||
Some documentation additions and fixes
|
||
|
||
commit 565597c9a282b08697d04204f5eb9c22153e77bd
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Jul 14 01:21:24 2024 +1000
|
||
|
||
Minor documentation changes and fixes
|
||
|
||
commit 5ba5a85ad09b74a29c5ed0e5c265d54d93da9d32
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 13 15:01:16 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit ad860063aba0443a8ac8b9cf191d008617d6d904
|
||
Merge: f34b9d7 9f58266
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 13 10:55:45 2024 -0400
|
||
|
||
Merge remote-tracking branch 'raja/modprobe'
|
||
|
||
commit 9f582665467fd4fdf20c83841305785024bceedf
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Jul 13 23:32:01 2024 +1000
|
||
|
||
Move nf_conntrack_helper disabling into separate file
|
||
|
||
commit 8f2ec75f8173b6ab970a5ef213dcf5a3f67aa84a
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Jul 13 23:30:55 2024 +1000
|
||
|
||
Clarify README.mmd relating to module disabling
|
||
|
||
commit 98580bb39a495a141e7b40792fd9d232fcf29d23
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Jul 13 23:29:52 2024 +1000
|
||
|
||
Update modprobe presentation
|
||
|
||
commit 2de3a795990234134be15be90aa55f547c064d92
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat Jul 13 22:41:40 2024 +1000
|
||
|
||
Refactor existing sysctl for clarity
|
||
|
||
commit f34b9d7c45cd723535eedd3df99896ee7f852388
|
||
Merge: 05c1711 5f10cc8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 13 06:14:43 2024 -0400
|
||
|
||
Merge remote-tracking branch 'raja/modules'
|
||
|
||
commit 5f10cc8bcf11654f5e0f97c07e0a7ff198013c1e
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Jul 12 16:22:10 2024 +1000
|
||
|
||
Update README.md relating to modprobe
|
||
|
||
commit 41a3bf92fbdac88a1884dee735600cafa35134bf
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Jul 12 16:21:41 2024 +1000
|
||
|
||
Sort `30_security-misc_disable.conf`
|
||
|
||
commit f31dc8aebc652b2037c375351fc478d9b5ba4c27
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Jul 12 16:21:03 2024 +1000
|
||
|
||
Fix error in error script
|
||
|
||
commit b02230a783941da412be72fb52053db0c6b8010f
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Jul 12 02:42:37 2024 +1000
|
||
|
||
Split modprobe into blacklisted and disabled configurations
|
||
|
||
commit fc792ff23234399ed299c3fdc086d47c87d9b4a3
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Jul 12 02:29:36 2024 +1000
|
||
|
||
Alphabetically sort existing modprobe
|
||
|
||
commit fe20f3240e2f31099bcaa9f9e2045320df810edf
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Jul 12 02:28:48 2024 +1000
|
||
|
||
Refactor existing modprobe for clarity
|
||
|
||
commit 275a4ffc1114856cbd9a1cd49701dcb25d87bfb5
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Jul 12 02:27:56 2024 +1000
|
||
|
||
Remove redundant disabled modules
|
||
|
||
commit b7796a5334075d5fa538d7579003fde6287d7e6d
|
||
Author: Ben Grande <ben.grande.b@gmail.com>
|
||
Date: Thu Jul 11 11:04:22 2024 +0200
|
||
|
||
Unify method to find SUID files
|
||
|
||
commit 05c1711b16c96a221c13a011a6666fe6b385ec1e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jun 11 12:56:56 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit e48115588caae8e51bb980ac84b1f0f415ca0d17
|
||
Merge: b316352 cad8d85
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jun 11 07:25:47 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit cad8d857556e29544f742fdac8fe82758a4f885c
|
||
Merge: b316352 e198447
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jun 11 07:25:07 2024 -0400
|
||
|
||
Merge pull request #227 from 3uryd1ce/fix-pam.d-path
|
||
|
||
fix(etc): delete typo in /etc/apparmor.d tunables
|
||
|
||
commit e1984478662fc51e6eacc989bc6bba0ca1fc07cd
|
||
Author: Ashlen <dev@anthes.is>
|
||
Date: Sat Jun 8 22:17:05 2024 -0600
|
||
|
||
fix(etc): delete typo in /etc/apparmor.d tunables
|
||
|
||
/etc/pam.d was present twice in a row ("/etc/pam.d//etc/pam.d") in this
|
||
file: /etc/apparmor.d/tunables/home.d/security-misc.
|
||
|
||
commit b316352ede379d96cff4813735b93eb59506fe42
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jun 1 18:13:08 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit c815304026d30f7774f804498d20431ccdf8dc7f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jun 1 14:12:57 2024 -0400
|
||
|
||
readme
|
||
|
||
commit 641e98e57714f7d38962bfd12d673500b8114356
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jun 1 17:35:04 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit e0cd9579d64e6d16667832de51f77a3091ef213e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jun 1 13:32:13 2024 -0400
|
||
|
||
remove duplicate `fsckobjects = true` from `/etc/gitconfig`
|
||
|
||
commit bbe64a0b7992610dfef6002271718a2aee115cae
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue May 28 12:04:53 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit ae24a97d4d0ffcfb3d1cc92edb61e7ecf4535ee7
|
||
Merge: bfca98e a735857
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue May 28 08:02:21 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit a7358578520294b51e1001199670a0bbeeb43eb1
|
||
Merge: bfca98e 4efa293
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue May 28 07:55:31 2024 -0400
|
||
|
||
Merge pull request #226 from Kicksecure/gitconfig
|
||
|
||
add `/etc/gitconfig` by default for better `git` security
|
||
|
||
commit 4efa293f3b76814bc5399a959482d7db6e7431ec
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue May 28 07:51:06 2024 -0400
|
||
|
||
add `/etc/gitconfig` by default for better `git` security
|
||
|
||
```
|
||
[core]
|
||
symlinks = false
|
||
|
||
[transfer]
|
||
fsckobjects = true
|
||
fsckobjects = true
|
||
[fetch]
|
||
fsckobjects = true
|
||
fsckobjects = true
|
||
[receive]
|
||
fsckobjects = true
|
||
fsckobjects = true
|
||
```
|
||
|
||
+ additional suggestions as comments
|
||
|
||
fixes https://github.com/Kicksecure/security-misc/issues/225
|
||
|
||
commit bfca98ea89cea0f8604ecca0c8640860320e8e33
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat May 18 20:45:12 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit eb82884fb2e3d3bb4fa5555d8212146042ba8aa4
|
||
Merge: 5867b1b 12e006e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat May 18 16:42:41 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 12e006ef9cabbbcbe9cb45d9a6631e9a7a47cf3a
|
||
Merge: 5867b1b 2f71605
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat May 18 16:30:07 2024 -0400
|
||
|
||
Merge pull request #222 from raja-grewal/text
|
||
|
||
Update Readme and Copyright
|
||
|
||
commit 2f716050d17016be6f550a7de8e0c1030e869e8f
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Sun May 12 01:06:34 2024 +0000
|
||
|
||
Update README.md
|
||
|
||
commit 1bb843ec3863696170242c57668d0b3f44f41d7b
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat May 11 13:18:36 2024 +1000
|
||
|
||
Update Copyright (C) to 2024
|
||
|
||
commit dddac1dc4015a28fc6b12244809685295272edd1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sat May 11 13:15:42 2024 +1000
|
||
|
||
Update README.md
|
||
|
||
commit 5867b1b014f450acdf70c203ffe2f27831f1d9b0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 10 11:20:36 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 9b589bc3116c8f9d6d574021bcec7b5dec3888b8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 10 06:49:34 2024 -0400
|
||
|
||
comment
|
||
|
||
commit 8d01fc2d351285c9c2f810bf5cf10797c9b9eb41
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 10 06:48:26 2024 -0400
|
||
|
||
chmod +x
|
||
|
||
commit 8a28c1bc38b87bf55f25764c96a0e81e22137232
|
||
Merge: a9886a3 0f1119f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 10 06:48:04 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 0f1119f326cd769db8995e8eb54ff35503c70562
|
||
Merge: 547757f 677f75a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 10 06:45:57 2024 -0400
|
||
|
||
Merge pull request #221 from raja-grewal/firewire
|
||
|
||
Disable Firewire Module
|
||
|
||
commit 547757f4514a54437d044656c5e2b6d413a4cc30
|
||
Merge: 7b9fe44 06f13bb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 10 06:45:34 2024 -0400
|
||
|
||
Merge pull request #220 from raja-grewal/block_gps
|
||
|
||
Block Several GPS-related Modules
|
||
|
||
commit 7b9fe44a20f3caf67f386969a5fc7c980e5f0282
|
||
Merge: 62ea4dc 132b41a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 10 06:43:43 2024 -0400
|
||
|
||
Merge pull request #219 from raja-grewal/logging_martians
|
||
|
||
Revert Logging of Martians
|
||
|
||
commit 62ea4dc1768f69bb28a69c20e55c87ae692cc0c8
|
||
Merge: a9886a3 4694268
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 10 06:43:15 2024 -0400
|
||
|
||
Merge pull request #218 from raja-grewal/secure_cpu
|
||
|
||
More CPU Mitigations and Additional References
|
||
|
||
commit 677f75ae8ed64af599f837ced15f34990df498e5
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Thu May 9 02:34:02 2024 +0000
|
||
|
||
Disable `firewire-net` module
|
||
|
||
commit 06f13bb766bd84182331aeb1632b917de4b36020
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Thu May 9 02:28:53 2024 +0000
|
||
|
||
Disable GPS modules like GNSS
|
||
|
||
commit f3800a4e2b7bef87cc3bd8791f9e7f654f8d782a
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Thu May 9 02:25:46 2024 +0000
|
||
|
||
Create disabled-gps-by-security-misc
|
||
|
||
commit 132b41ae73e9ea72bc3d8aff22ae75fc622758a3
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Thu May 9 02:16:50 2024 +0000
|
||
|
||
Revert logging of martians
|
||
|
||
commit 4694268b8f779c1a0a56546dc6d12bf9f23a7cdd
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Sun May 5 12:52:51 2024 +0000
|
||
|
||
Remove a word
|
||
|
||
commit 8f7768ce96e32e3f1ec52118afffc2a44a160976
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Sun May 5 12:50:39 2024 +0000
|
||
|
||
Add vendor links
|
||
|
||
commit 0c031a29d33d13d9106746d61b87f9d98a80b5cd
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Wed May 1 13:55:09 2024 +1000
|
||
|
||
RFDS mitigation on Intel Atom CPUs (including E-cores)
|
||
|
||
commit 1122b3402c0856a087415d7ba1a313048b7e3eea
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Wed May 1 13:50:42 2024 +1000
|
||
|
||
GDS mitigation for CPUs
|
||
|
||
commit c002bd62e8584a19e73b3f42673a3f9bafba6a2c
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Wed May 1 13:49:34 2024 +1000
|
||
|
||
Clarify use of `mitigations=auto`
|
||
|
||
commit d89d7e8ef8ee3fd45456e82e8f649f7f28c93e80
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Wed May 1 13:49:00 2024 +1000
|
||
|
||
Add reference for RETBleed
|
||
|
||
commit 015dcc4212736417a2202ea0e0a92e5c2e58d6a5
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Wed May 1 13:48:13 2024 +1000
|
||
|
||
Add reference for SSB
|
||
|
||
commit de4f4be94762c9751ea62f744d7d6ede3ef30e88
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Wed May 1 13:47:40 2024 +1000
|
||
|
||
Merge spectre mitigations
|
||
|
||
commit 965c8641fd28e0ee592b50605edb7494fe9c3a28
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Wed May 1 13:47:02 2024 +1000
|
||
|
||
Update BHI mitigation reference
|
||
|
||
commit a9886a3119f9b662b15fc26d28a7fedf316b72c4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Apr 12 06:56:39 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 5cbdf3c1262d26ae03b28baee87b1d268329da40
|
||
Merge: 7fba04d ab8b6da
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Apr 12 02:54:17 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit ab8b6da484a90e9a62f8ba515c757aa3758baf48
|
||
Merge: 7fba04d 4935768
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Apr 12 02:53:08 2024 -0400
|
||
|
||
Merge pull request #216 from raja-grewal/spectre_bhi
|
||
|
||
BHI mitigation on Intel CPUs
|
||
|
||
commit 493576836c90653f9c3514fcd5b3bf816e56d689
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Fri Apr 12 00:17:06 2024 +1000
|
||
|
||
BHI mitigation on Intel CPUs
|
||
|
||
commit 7fba04d1485187fe648f3d3ab44cd834b0eb9791
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Apr 1 06:56:45 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 7dba3fb7bebd4fdc7f168df378c2d505971f2c04
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Apr 1 02:55:59 2024 -0400
|
||
|
||
no longer disable MSR by default
|
||
|
||
fixes https://github.com/Kicksecure/security-misc/issues/215
|
||
|
||
commit d9ac01ba5c26f9730feb17fe573d447e625e59f8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Mar 18 15:10:10 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit ecaa024f226f4f45ac9d2a4f38bcdb82a6e35a2f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Mar 18 11:01:56 2024 -0400
|
||
|
||
lower debugging
|
||
|
||
commit 357ea5deab85debb9dff5d9e4e80a972954249c8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Mar 11 15:07:50 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 0a018bdebca167d671d8bda81a2b0d929d396945
|
||
Merge: 57fc487 0b81316
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Mar 11 10:13:57 2024 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 0b8131630041dbd80f1aa61dcedde446208c06f7
|
||
Merge: 57fc487 03ed546
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Mar 11 10:12:46 2024 -0400
|
||
|
||
Merge pull request #211 from wryMitts/patch-1
|
||
|
||
Create proc group on install
|
||
|
||
commit 03ed546cd8992b29855ca1c2748ed988dd3c765d
|
||
Author: wryMitts <158655396+wryMitts@users.noreply.github.com>
|
||
Date: Sun Mar 10 16:55:10 2024 -0400
|
||
|
||
Create proc group on install
|
||
|
||
Fixes https://github.com/Kicksecure/security-misc/issues/210
|
||
|
||
commit 57fc487e5e5ffad765f1418236744319cc666871
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Mar 10 13:19:26 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit a5206bde336c159be065345e7dd5cb86b2b6a27f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Mar 10 08:44:53 2024 -0400
|
||
|
||
`proc-hidepid.service` add `gid=proc`
|
||
|
||
This allows users that are a member of the `proc` group to be excluded from `hidepid` protections.
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/208
|
||
|
||
commit 0f0d9ca2a42cf9fc04e405ae90f3d67bc0794e12
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Mar 4 11:48:30 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 6b76373395622bac0e701c6d15c6656658febced
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Mar 4 06:44:26 2024 -0500
|
||
|
||
fix panic-on-oops started every 10s in Qubes-Whonix
|
||
|
||
by changing from a /etc/profile.d etc. related mechanism to start to a systemd unit file based approach
|
||
|
||
Thanks to @marmarek for the bug report!
|
||
|
||
https://forums.whonix.org/t/panic-on-oops-started-every-10s/19450
|
||
|
||
commit af6c6971a741c69a584ba3f92dbfed12e40784dc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Mar 4 06:33:51 2024 -0500
|
||
|
||
comment
|
||
|
||
commit e013070e0bfc43d006e09ae1c5ae3533f7bebc5f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Mar 4 06:33:21 2024 -0500
|
||
|
||
newline
|
||
|
||
commit a5cc1774f2fbf6475e7b56601fbcd84a2a63fed0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Feb 26 13:32:44 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 808e72f24bf30b3476ab6b87f96eb636632c195c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Feb 26 08:11:26 2024 -0500
|
||
|
||
use long options
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/172
|
||
|
||
commit 2d1d1b246f3fe061d4f817da5cecf46010839e1d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Feb 26 08:07:29 2024 -0500
|
||
|
||
improve output
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/172
|
||
|
||
commit d8f5376c4f36f5deb734e6dead42a62566d13480
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Feb 26 07:58:06 2024 -0500
|
||
|
||
improve output
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/172
|
||
|
||
commit cf84762a3a84d2be3b9510dddb32bdc433170dfa
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Feb 26 07:52:41 2024 -0500
|
||
|
||
improve output
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/172
|
||
|
||
commit f2958bbfa5e67ee10380a25d996826233469080a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Feb 26 07:49:30 2024 -0500
|
||
|
||
comment
|
||
|
||
commit bc8f9edc3197e33e75ea1d691834d9abbdcdefd0
|
||
Merge: 02d6f67 b23d167
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Feb 26 07:48:19 2024 -0500
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit b23d167342ef242a1e9d4e91b6a4b945e80c3e7e
|
||
Merge: 02d6f67 ef44ece
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Feb 26 07:46:02 2024 -0500
|
||
|
||
Merge pull request #204 from DanWin/sysfs-mount
|
||
|
||
Make /sys hardening optional and allow access to /sys/fs to make polkit work
|
||
|
||
commit 02d6f67741ef93d9ab39e02ac56b27c551a19dca
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 20:08:17 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit d13d1aa7ec7e9ac9f1aa87e4b36228bfd3af6eb2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 15:07:53 2024 -0500
|
||
|
||
comments
|
||
|
||
commit a1f898e3b317f49a5bb9507c8b9d3bd3c4e23abf
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 19:58:01 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit c3dd178b19be8c078ed6a2f46a072bef3d144c06
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 14:57:50 2024 -0500
|
||
|
||
output
|
||
|
||
commit ef44ecea44ee516b1ba92175eb78b2e8143c4502
|
||
Author: Daniel Winzen <daniel@danwin1210.de>
|
||
Date: Thu Feb 22 16:51:23 2024 +0100
|
||
|
||
Add option to disabe /sys hardening
|
||
|
||
commit 3bc1765dbbd333a1d607ab6962281b4d0a5c4b60
|
||
Author: Daniel Winzen <daniel@danwin1210.de>
|
||
Date: Wed Feb 21 20:37:34 2024 +0100
|
||
|
||
Allow access to /sys/fs for polkit
|
||
|
||
commit 6b73e6c2a9ff1efe211e41e005e4ecaa63731d82
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 16:07:16 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 37a7abdf0c1e6d8179bd09d3c1bd0363e8bc0a96
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 11:07:01 2024 -0500
|
||
|
||
ConditionKernelCommandLine=!remountsecure=0
|
||
|
||
commit eb3e0b9292f71a5dba312500508f893779fb1b9c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 14:52:55 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit c0924321b84874ae7fc72c59fd58e4c4ae8bc6d9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 09:52:36 2024 -0500
|
||
|
||
fix systemd unit ExecStart
|
||
|
||
commit d148a769b7106831c0b27a7ad63d91ab42257678
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 14:50:05 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 6d7cf3c12a8a772fee1cd893d5504767690b3b77
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 09:49:48 2024 -0500
|
||
|
||
output
|
||
|
||
commit f7831db197b2fff33b66eeb44efd749e482315e0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 09:17:41 2024 -0500
|
||
|
||
do not exit non-zero if folder does not exist
|
||
|
||
commit 5bdd7b8475bdfde8dbee5318fb43d0c2a236e3b0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 09:14:52 2024 -0500
|
||
|
||
output
|
||
|
||
commit 44a15cd97da3066e39d2d7df1f456e703036a6e9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 09:13:56 2024 -0500
|
||
|
||
mount --make-private
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/172
|
||
|
||
commit c0f98b05b609c7c8ac6f86e123af9e0642d82697
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 06:03:59 2024 -0500
|
||
|
||
comment
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/202
|
||
|
||
commit 1e1613aa93dca1e7fe7f24dbd32028a0cadd21fd
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 06:02:28 2024 -0500
|
||
|
||
allow /opt exec as usually optional binaries are placed there such as firefox
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/202
|
||
|
||
commit 7c7b4b24b4959f3ef96ff7ef0b11fa4c0bd48c8e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 06:01:00 2024 -0500
|
||
|
||
fix home_noexec_maybe -> most_noexec_maybe
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/202
|
||
|
||
commit 38783faf60b85c4e855bf78c87e1c07765776b50
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 22 05:58:53 2024 -0500
|
||
|
||
add more bind mounts of mount options hardening
|
||
|
||
as suggested in https://github.com/Kicksecure/security-misc/pull/202
|
||
|
||
commit ad9d913902d7e696f1114da74d84f9cdcb22bc25
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Feb 3 18:28:27 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 02090da08cfd411314ffeeb6df95f73c701f06c6
|
||
Merge: 8037ce5 ba13657
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Feb 3 12:51:07 2024 -0500
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit ba13657d894f2f30d8deb7c08b85e5fbc1dcea21
|
||
Merge: 8037ce5 b16c99a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Feb 3 12:50:28 2024 -0500
|
||
|
||
Merge pull request #197 from raja-grewal/mitigations
|
||
|
||
Additional Explicit CPU Mitigations
|
||
|
||
commit b16c99ab62a902b1f61b9d4fe63273cd614e757c
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Mon Jan 29 13:39:40 2024 +0000
|
||
|
||
Remove hardcoded `spec_rstack_overflow` setting
|
||
|
||
commit 139b10a9aad85018f87bdc4bb227e938f7955235
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Mon Jan 29 12:59:13 2024 +0000
|
||
|
||
Control RAS overflow mitigation on AMD Zen CPUs
|
||
|
||
commit 6c54e35027e86ec045102cd1d95f84aa30bc55c9
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Mon Jan 29 12:58:51 2024 +0000
|
||
|
||
Enable mitigations for RETBleed vulnerability and disable SMT
|
||
|
||
commit 4509a5fc95204080f2855849d22c7e05393455d9
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Mon Jan 29 12:58:14 2024 +0000
|
||
|
||
Enable known mitigations for CPU vulnerabilities and disable SMT
|
||
|
||
commit 4231155efa0970d2456b67cc89c8828b0766cf7f
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Mon Jan 29 12:57:48 2024 +0000
|
||
|
||
Add reference for kernel parameters
|
||
|
||
commit 8037ce52f96dcc6f8007c1567daf38ff013352d6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jan 25 13:59:29 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 185bfe749787a8c6e93103ae8c6b0751a169e276
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jan 25 06:54:36 2024 -0500
|
||
|
||
use `interest-noawait` instead of `interest-await`
|
||
|
||
fixes https://github.com/Kicksecure/security-misc/issues/196
|
||
|
||
commit 64e41b113cae893d1f27f441f99340389ba8b9b3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jan 18 14:10:51 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 1855fa08b1386b1ea8697767104e7ad0f1521c9c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jan 18 08:54:39 2024 -0500
|
||
|
||
readme
|
||
|
||
commit f0e2a82b558f64611f037424c6f8f12de32737f6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 17 19:18:25 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 314e5b490c6864b745fbf5fd6d9bb2c724d478b8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 17 14:03:09 2024 -0500
|
||
|
||
use wildcards
|
||
|
||
instead of outdated, incomplete list
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/160
|
||
|
||
commit 08619d6a7307b6ab05a3ba7e71ea33b00db20b27
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 17 13:59:36 2024 -0500
|
||
|
||
minor RPM updates
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/160
|
||
|
||
commit 3048e0ac76e4eba1c53b43ba2424157505578cdd
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 17 13:54:07 2024 -0500
|
||
|
||
usrmerge
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/190
|
||
|
||
commit 5a6cd4c2abd243c91575e9477a921aa290c68ba5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 17 13:51:30 2024 -0500
|
||
|
||
remove now empty /bin from copying since it is empty after usrmerge
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/190
|
||
|
||
commit 071b984a1eaaa8a8ea6a40e4ee36eabcde2d630d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 17 13:49:05 2024 -0500
|
||
|
||
`sort -d`
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/190
|
||
|
||
commit 011e55e3e52485ccd728b4bb249efbc816f38806
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 17 13:45:17 2024 -0500
|
||
|
||
remove duplicates after usrmerge
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/190
|
||
|
||
commit 0efee2f50fd38feade7700c2f033cc3d4c200d34
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 17 13:39:56 2024 -0500
|
||
|
||
usrmerge
|
||
|
||
fixes https://github.com/Kicksecure/security-misc/issues/190
|
||
|
||
commit 18a06935e0cca3dc090643aad406d861e4583085
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 17 13:23:20 2024 -0500
|
||
|
||
run permission hardener when new packages are install files to /usr or /opt
|
||
|
||
(basically anywhere)
|
||
|
||
fixes https://github.com/Kicksecure/security-misc/issues/189
|
||
|
||
commit 66e6371221c3395a0523e30e8ef1a051d3e6cdd0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 16 14:26:34 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 0d78ecaee37536379ad2f230f45904f57425cb19
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 16 09:26:21 2024 -0500
|
||
|
||
README
|
||
|
||
commit 3ba8fe586e1abe133bd41076278f8663aba7e641
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 16 09:23:54 2024 -0500
|
||
|
||
update permission-hardener.service
|
||
|
||
Which is now only an additional opt-in systemd unit,
|
||
because permission-hardener is run by default at security-misc
|
||
package installation time.
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/181
|
||
|
||
commit 186f6015da7b3314c95c2833032c6fe953a71afd
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 16 14:14:18 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 6aa55698ab2a0f3771d28293d7ad14da2763a16f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 16 09:10:59 2024 -0500
|
||
|
||
delete legacy folder /etc/permission-hardening.d if empty
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/181
|
||
|
||
commit 9cafd78fe21baa3c2a36853f57e0638b2facfe5c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 16 09:05:09 2024 -0500
|
||
|
||
rm_conffile /etc/permission-hardening.d
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/181
|
||
|
||
commit fa53848b5cda135fbb8a3855e8508692084fc7e9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 16 13:58:55 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 4f7973bc5628cdc24f5224bd98858249307635d3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 16 08:56:26 2024 -0500
|
||
|
||
comment
|
||
|
||
commit ed7c09fc46b26440439adf748f597da277a3f1e4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 16 08:45:13 2024 -0500
|
||
|
||
permission-hardening -> permission-hardener migration
|
||
|
||
mv --verbose /var/lib/permission-hardening /var/lib/permission-hardener
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/181
|
||
|
||
commit a90cd43631216f28a18a1b3f066b9f6ef3301ac4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 16 08:32:52 2024 -0500
|
||
|
||
fix postinst for new permission-hardener
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/181
|
||
|
||
commit 862bf6b5ab29917138325023eb3507f5fbd5653c
|
||
Merge: dc8d9ee bc02c72
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 16 08:19:28 2024 -0500
|
||
|
||
Merge remote-tracking branch 'ben-grande/clean'
|
||
|
||
commit dc8d9eece32dec06e63c580c886a240019b3f33e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 9 05:52:49 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 1199871d7bbc7316a7e5822d77eee0666b55b203
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jan 7 06:37:34 2024 -0500
|
||
|
||
undo IPv6 privacy due to potential server issues
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/184
|
||
|
||
commit 128bb01b35d20e97351dfb53768f35482f9756a2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jan 7 06:36:25 2024 -0500
|
||
|
||
undo IPv6 privacy due to potential server issues
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/184
|
||
|
||
commit df0f9d3267644c4aea87add2dcade86044c496f0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 6 09:19:57 2024 -0500
|
||
|
||
README
|
||
|
||
commit 86f91e3030ef0b08000fc28a3a172e6a47918e4e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 6 09:10:45 2024 -0500
|
||
|
||
revert umask 027 by default
|
||
|
||
because broken because this also happens for root while it should not
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/185
|
||
|
||
commit 3f1304403fbf04f15dac01963c66f82cd84452d4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 6 08:15:31 2024 -0500
|
||
|
||
disable MAC randomization in Network Manager (NM) because it breaks VirtualBox DHCP
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/184
|
||
|
||
commit e8f8dcd0fb1c23a62974849f55516da9dce5948e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jan 4 02:03:26 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 70a86fa994c0a894643e876fc86226ad0443a741
|
||
Merge: db0503e 71060f1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 3 05:12:48 2024 -0500
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 71060f1f53ca7a275f10c4b6ab3e6c25585d5440
|
||
Merge: db0503e 74afcc9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 3 05:00:41 2024 -0500
|
||
|
||
Merge pull request #182 from raja-grewal/io_uring
|
||
|
||
Clarify validity of disabling io_uring
|
||
|
||
commit 74afcc9c63ad064f20778ad2870690925c3cee81
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jan 3 17:52:23 2024 +1100
|
||
|
||
Clarify validity of disabling io_uring
|
||
|
||
commit bc02c72018d6458d4c1852dd441287b277421514
|
||
Author: Ben Grande <ben.grande.b@gmail.com>
|
||
Date: Tue Jan 2 17:08:45 2024 +0100
|
||
|
||
Fix unbound variable
|
||
|
||
- Run messages preceded by INFO;
|
||
- Comment unknown unused variables;
|
||
- Remove unnecessary variables; and
|
||
- Deal with unbound variable due to subshell by writing to a file;
|
||
|
||
commit db0503e71d5c37865cbb0a01cb8fa00af2a4e574
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 2 14:55:13 2024 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit abf72c2ee4286ec069f75e66acf05a42f3645c89
|
||
Author: Ben Grande <ben.grande.b@gmail.com>
|
||
Date: Tue Jan 2 13:34:29 2024 +0100
|
||
|
||
Rename file permission hardening script
|
||
|
||
Hardener as the script is the agent that is hardening the file
|
||
permissions.
|
||
|
||
commit f138cf0f78c03e3952801d01d25d5f8065ff1457
|
||
Author: Ben Grande <ben.grande.b@gmail.com>
|
||
Date: Tue Jan 2 12:17:16 2024 +0100
|
||
|
||
Refactor permission-hardener
|
||
|
||
- Organize comments from default configuration;
|
||
- Apply and undo changes from a single file controlled by parameters;
|
||
- Arrays should be evaluated as arrays and not normal variables;
|
||
- Quote variables;
|
||
- Brackets around variables;
|
||
- Standardize test cases to "test" command;
|
||
- Test against empty or non-empty variables with "-z" and "-n";
|
||
- Show a usage message when necessary;
|
||
- Require root to run the script with informative message;
|
||
- Permit the user to see the help message without running as root;
|
||
- Do not create root directories without passing root check;
|
||
- Use long options for "set" command;
|
||
|
||
commit a94f2a3f4626a9292660bc7f98a6513f34d0f5b2
|
||
Merge: 94c0e26 8daf97a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 2 05:30:49 2024 -0500
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 8daf97ab0181a9cbb9e9dec57f1f00270dbb3a50
|
||
Merge: 94c0e26 f055fe5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 2 05:29:35 2024 -0500
|
||
|
||
Merge pull request #178 from raja-grewal/io_uring
|
||
|
||
Disable asynchronous I/O
|
||
|
||
commit 94c0e26a082f61f71e89b1fb7386a58166ffa411
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Dec 29 20:15:50 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 5b36599c0ce35857239c82459828db1ec4215411
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Dec 29 14:57:38 2023 -0500
|
||
|
||
/dev/, /dev/shm, /tmp
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157#issuecomment-1869073716
|
||
|
||
commit e15596e7af6fc645dd652c043397baaa91954915
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 16:28:10 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit f64a869bfdd4c746afd206367885851946deb692
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 11:03:22 2023 -0500
|
||
|
||
readme
|
||
|
||
commit c86c83cef760906a0d1c56ee8a8c744b2e07f212
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 10:31:58 2023 -0500
|
||
|
||
formatting
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157
|
||
|
||
commit 971ff687b1423499c54495a03e5e6fafcbfefb2a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 10:30:35 2023 -0500
|
||
|
||
do not mount /dev/cdrom by default
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157
|
||
|
||
commit 9fce67fcd942a7e3e0dd2e874226fcdab5e33ba3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 10:28:47 2023 -0500
|
||
|
||
remove superfluous, broken `remount` mount option
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157
|
||
|
||
commit 40fd8cb6081512e2bc0ef1a7a1ee17cd317024c2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 09:51:09 2023 -0500
|
||
|
||
no `nofail` mount option to avoid breaking the boot of a system
|
||
|
||
unit testing belongs elsewhere
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157
|
||
|
||
commit 4aa645f29ff741b6e5cdf629deade1923fdcc234
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 09:46:33 2023 -0500
|
||
|
||
comment
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157
|
||
|
||
commit 2b7aeedb4a543d0a43a35918999338097d13bb16
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 09:44:51 2023 -0500
|
||
|
||
mount /dev/cdrom to /mnt/cdrom (instead of /mnt/cdrom0) and
|
||
nodev,nosuid,noexec
|
||
|
||
as per:
|
||
https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157
|
||
|
||
commit 0d9e9780daca563a726470a3a5d6fa8c20487240
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 09:37:14 2023 -0500
|
||
|
||
formatting
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157
|
||
|
||
commit 00f9ab43947795c1144d797547968c7c149d6f21
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 09:36:05 2023 -0500
|
||
|
||
/dev devtmpfs
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157
|
||
|
||
commit 55709b3aa0acd6cad0c9fedb8782c49fbea79689
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 09:30:57 2023 -0500
|
||
|
||
/tmp tmpfs
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157
|
||
|
||
commit b0dd967611c27f5b8e2472bb74a664aead7a229e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 09:27:45 2023 -0500
|
||
|
||
usrmerge
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157
|
||
|
||
commit 269fada14a616c53d7421e88e662f6893eb1fd88
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 09:25:14 2023 -0500
|
||
|
||
combine bind lines
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157
|
||
|
||
commit 0810c1ce3c9e19c745b8f0d2cd9410353b172779
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 09:10:31 2023 -0500
|
||
|
||
fix bluetooth in readme
|
||
|
||
fixes https://github.com/Kicksecure/security-misc/issues/180
|
||
|
||
commit 37b4ab15a823134e616a2a0fe1dda18d5ebfa3c0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 09:04:10 2023 -0500
|
||
|
||
readme
|
||
|
||
commit 79f398d219b9c4cdf8ea0f9e3135a08fa32659a8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 08:45:20 2023 -0500
|
||
|
||
formatting
|
||
|
||
commit c90ada3c398205227d906e2b2108d36d92edcf3c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 08:37:23 2023 -0500
|
||
|
||
pandoc -f markdown -t markdown --wrap=auto --columns=80 README.md -o README.md
|
||
|
||
commit 34bf297bd17af2adf59804bd133a00b7dc1942b7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 08:32:34 2023 -0500
|
||
|
||
formatting
|
||
|
||
commit d5fc9f620169b6975c8d3ef685f47e62cb6b9262
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 25 08:26:03 2023 -0500
|
||
|
||
improve bluetooth in readme
|
||
|
||
as suggested by @monsieuremre
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/180
|
||
|
||
commit 7fa597deca7ff2b2932a5f5fad56be57bd78b6cf
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Dec 22 16:31:58 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit f70a034da2b4b615855504e7080baf1a7e7b461c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Dec 22 08:31:58 2023 -0500
|
||
|
||
exclude hardened malloc from SUID disabler
|
||
|
||
fixes https://github.com/Kicksecure/security-misc/issues/179
|
||
|
||
commit f055fe5da2219b68f46c3c577d79fcfd7e79cfc6
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Dec 15 08:33:36 2023 +0000
|
||
|
||
Disable asynchronous I/O
|
||
|
||
io_uring creation is disabled for all processes. io_uring_setup always fails with -EPERM. Existing io_uring instances can still be used.
|
||
|
||
commit 99f2edd4f685cdc9a47b32107125408e12a294c2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Dec 12 16:51:21 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 039de1dc9bd6f3cc6595d66f54d0d88d9b537b17
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Dec 12 11:50:11 2023 -0500
|
||
|
||
add hardened fstab `/usr/share/doc/security-misc/fstab-vm`
|
||
|
||
to the documentation folder as an example
|
||
|
||
not directly used by security-misc
|
||
|
||
will later be used by Kicksecure VM build process
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/157
|
||
|
||
commit dcaafa6c8bf380dd990942e9c10e280943b442a6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 4 17:06:45 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 5a73817a9575fe5bcaf3fd354e5f175db7d45ba4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 4 11:38:49 2023 -0500
|
||
|
||
move to `/usr/lib/issue.d/20_security-misc.issue`
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/167
|
||
|
||
commit dfaea492c76a277b9cbe84982a135cb4f03a557c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 4 11:37:02 2023 -0500
|
||
|
||
remove `etc/issue.net.d/20_security-misc`
|
||
|
||
since not mentioned on debian.org
|
||
|
||
commit 69c895af09f05000ace5f273f3e5032aabf8c64e
|
||
Merge: c9ea7a4 36850f8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 4 11:27:53 2023 -0500
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 36850f89fb07678ca24eb580a18247e593eac608
|
||
Merge: c9ea7a4 0d7af97
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 4 11:27:16 2023 -0500
|
||
|
||
Merge pull request #167 from monsieuremre/patch-4
|
||
|
||
Non-Identifiable and Generic Issue Banners that include the Recommended Keywords
|
||
|
||
commit c9ea7a4dca6e985c3a1044a3b4ddda83909fbc51
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 4 11:02:55 2023 -0500
|
||
|
||
use `amd_iommu=force_isolation` instead of `amd_iommu=force_enable`
|
||
|
||
because we set `iommu=force` already anyhow
|
||
|
||
fixes https://github.com/Kicksecure/security-misc/issues/175
|
||
|
||
commit e83c1d7ed662bb0533c670dd5b7a6745a75e9ca4
|
||
Merge: c4e21ca befd21e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 4 11:01:02 2023 -0500
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit befd21e0c0c38eaf91c7096e9f60120f533a5842
|
||
Merge: c4e21ca f2ad838
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 4 11:00:29 2023 -0500
|
||
|
||
Merge pull request #176 from monsieuremre/patch-1
|
||
|
||
Iommu Kernel Parameters
|
||
|
||
commit c4e21ca5f49fbc2d67853eebca647539acbca815
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 4 10:58:16 2023 -0500
|
||
|
||
added development philosophy
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/154
|
||
|
||
commit feab1432f9d0966118ca233c9f88270b98c3f120
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 4 10:48:27 2023 -0500
|
||
|
||
clarify scope
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/154
|
||
|
||
commit dc04040cb3644c9e3be9b44a34da4a5f7b61f2cc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 4 10:36:48 2023 -0500
|
||
|
||
typo
|
||
|
||
commit 2634dbff2bd9d7482e7b02be2b5b6fa1c58ef6c7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Dec 4 10:36:21 2023 -0500
|
||
|
||
shuffle
|
||
|
||
commit f2ad8383cfea4bba42e8b246b05b85101d707641
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Sun Dec 3 19:51:38 2023 +0000
|
||
|
||
fix
|
||
|
||
commit dd15823a97e953750d7a8288c7d3b8d5f554d6f9
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Sun Dec 3 19:50:07 2023 +0000
|
||
|
||
undo superfluousness
|
||
|
||
commit 83e13bb62d028cfeea7a4d3f3def3bff8d2b5eaa
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Sun Dec 3 19:42:34 2023 +0000
|
||
|
||
Update 40_enable_iommu.cfg
|
||
|
||
commit 0d7af9707f802fb600d9eb39bbe0b3bd4a65e3b0
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Sun Dec 3 19:31:12 2023 +0000
|
||
|
||
Update 20_security-misc
|
||
|
||
commit 04d27a10b0cd1c22cb166c9fccb93a09d5f388f0
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Sun Dec 3 19:30:55 2023 +0000
|
||
|
||
Update 20_security-misc
|
||
|
||
commit 7963f811e1bb6f5e0e2ba41e96b14e4a3a70f847
|
||
Merge: c8b9f5a 82bd913
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Sun Dec 3 19:30:22 2023 +0000
|
||
|
||
Merge branch 'Kicksecure:master' into patch-4
|
||
|
||
commit 82bd9138de750a3590be9c91c898cbd04c550e7e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 20 13:13:10 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit c2b3ff5243c69c4e1ba28e9966bf0ffd3ce550ce
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 20 04:40:28 2023 -0500
|
||
|
||
moved libpam-tmpdir dependency to kicksecure-meta-packages
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/147
|
||
|
||
commit c8b9f5a917e6c415575d6763a65930f1a91a7c78
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Sat Nov 18 10:03:19 2023 +0000
|
||
|
||
net
|
||
|
||
commit 3b614f3753608bd62ff6bc6e56e15f280994c646
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Sat Nov 18 10:02:16 2023 +0000
|
||
|
||
20_security-misc
|
||
|
||
commit 4e4df5dd7c6b5cf1deb179a2c3f8fe7a8844884d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Nov 11 22:29:57 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit a51674410cb8a7ac2119ea7c85f986223ce8fc25
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Nov 11 17:29:37 2023 -0500
|
||
|
||
fix
|
||
|
||
commit 8d58077d68e6363313cdc62f7fac14840f5d9a8e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Nov 11 20:22:34 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 5b85a0b34d30d191654158506e0209b34a8f9fe8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Nov 11 14:46:35 2023 -0500
|
||
|
||
license
|
||
|
||
commit 7757080519858492a7fcbf735ec854029b29d67a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Nov 11 13:41:28 2023 -0500
|
||
|
||
change license to AGPL-3+
|
||
|
||
https://forums.whonix.org/t/license-change-to-agplv3/17455
|
||
|
||
commit 20f804f19c046e3ef2b38c367de9d5c80cccccd9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 17:28:21 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit a1e00be0e09a7271a3fae9e9abdbe9a2279b7197
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:58:23 2023 -0500
|
||
|
||
update link
|
||
|
||
commit 5bb357cac02c7217f4e897a0625f531602ac69cf
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:55:00 2023 -0500
|
||
|
||
spice-client-glib-usb-acl-helper matchwhitelist
|
||
|
||
commit 7309445ee518c093ba3f9aec56197e391e0a194a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:52:27 2023 -0500
|
||
|
||
comment
|
||
|
||
commit f09d97fc9efc98d8b197a497e2ce4c5965be531a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:50:19 2023 -0500
|
||
|
||
whitelist VirtualBox
|
||
|
||
commit 64c8c7a8d5a42d2e3da9ce243bc708d1bcbe6039
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:47:31 2023 -0500
|
||
|
||
whitelist SSH
|
||
|
||
commit 9682b51d548396717867a0c336f1fb1677ccfe2b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:44:36 2023 -0500
|
||
|
||
whitelist virtualbox
|
||
|
||
commit a40b9bc095bb0f363911dacee050234b3a555744
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:40:22 2023 -0500
|
||
|
||
comments
|
||
|
||
commit 2c1a3da433b8dc96039caab17e81666896ade58c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:38:50 2023 -0500
|
||
|
||
VirtualBoxVM matchwhitelist
|
||
|
||
commit 4e96ffaabb7c2e73bf686e56bcaa220f4d2e9e93
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:37:19 2023 -0500
|
||
|
||
chrome-sandbox matchwhitelist
|
||
|
||
commit df5f3e80566da210ee5d807cc1b5dd53678fdae0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:36:22 2023 -0500
|
||
|
||
output
|
||
|
||
commit 72f6e6bb9c2426535bfc48175d88707331ec5346
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:28:23 2023 -0500
|
||
|
||
output
|
||
|
||
commit 3bc831a1f71a80a178601bdd5c7f06b22ada75ab
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:27:29 2023 -0500
|
||
|
||
lintian
|
||
|
||
commit fd1f38b2ebe31aec04b22d968b38305504f7f935
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 16:22:42 2023 -0500
|
||
|
||
remount-secure systemd unit
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/152
|
||
|
||
commit 79f9c1fb3adac319342a22c099401cb21af4429f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 15:48:09 2023 -0500
|
||
|
||
add sysinit-post.target
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/152
|
||
|
||
commit 2de5ab41201c561a2684f15196ce37b0f34038a9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Nov 6 13:47:30 2023 -0500
|
||
|
||
clarify scope of application specific hardening
|
||
|
||
fixes https://github.com/Kicksecure/security-misc/issues/154
|
||
|
||
commit 5a96616b39e7188903bd0d35c9812a02fddc02f9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 21:13:14 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit ad079ac5cc4d7ce2270e9abf21fa520fc9b2761f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 20:55:55 2023 -0500
|
||
|
||
readme
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/152
|
||
|
||
commit be023c77223c4ec0e26ffe2a88acd94653efee9a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 20:54:43 2023 -0500
|
||
|
||
readme
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/159
|
||
|
||
commit e1f413c1ee5107468cb2a9c4aa8bd061d0dc911b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 20:53:26 2023 -0500
|
||
|
||
disable harden-module-loading.service for now
|
||
|
||
due to issues
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/159
|
||
|
||
commit f2ea1abc9b3efc035f4d1381bece458de9b89ff3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 20:53:03 2023 -0500
|
||
|
||
comment
|
||
|
||
commit 95d1cfb4a03afc987cf89bb0f4cd6d2f1ad431b1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 20:49:36 2023 -0500
|
||
|
||
Revert "remove no longer required remount-service systemd unit"
|
||
|
||
This reverts commit 479ab61a1d0c91d26c2cd200d97b39b2b786e073.
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/152
|
||
|
||
commit 24b4d59ce41bc95e0b0aadf401223dc40b0f9c8f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 20:14:33 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 4482f1841cfc6caa063e2274db890cfa01944811
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 20:13:14 2023 -0500
|
||
|
||
newline
|
||
|
||
commit c5167c8f0d398946fdfae56fa78b32fade4cb451
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 20:12:03 2023 -0500
|
||
|
||
fix systemd unit
|
||
|
||
https://github.com/Kicksecure/security-misc/issues/159
|
||
|
||
commit 2571bbf315693f65f564ef4ad1b2ff4941f2ebc3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 18:42:25 2023 -0500
|
||
|
||
duplicate
|
||
|
||
commit aa170878838b2218da8295be8b6898bc86056cec
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 18:42:08 2023 -0500
|
||
|
||
update path
|
||
|
||
commit d203e539aa975b042cd6ec9608a0cc16b3314372
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 18:17:59 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 4ebab940c750154a396c4ffdbde61367e12c72f8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 17:56:35 2023 -0500
|
||
|
||
description too long, fixed
|
||
|
||
commit ad010ef5b4c90e4abbd1c88724f99450740fb2eb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 17:52:44 2023 -0500
|
||
|
||
debugging
|
||
|
||
commit 826e76d037f88636fdde7d4ef1eb72f29ac5f4a5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 17:43:33 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 3130a39d8c280d913fb632a40562438b82a499bb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 17:43:07 2023 -0500
|
||
|
||
set -e
|
||
|
||
commit 18a2d814cc0c477599b276bb319ed8bdd34499ea
|
||
Merge: 4fda9d2 36f3c30
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 17:42:28 2023 -0500
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 36f3c30440e73c8bf4946742095f0495994fed99
|
||
Merge: 4fda9d2 2e64d89
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 17:41:56 2023 -0500
|
||
|
||
Merge pull request #148 from monsieuremre/module-loading-hardening
|
||
|
||
Harden the loading of new modules to the kernel after install
|
||
|
||
commit 4fda9d2e8459c043ec27178ceb87483229b45d5f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 16:46:18 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 4219347f0a739ed1ea93a596968295ddcd3a940f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 16:43:44 2023 -0500
|
||
|
||
fix permission-hardener config parsing issue
|
||
|
||
commit e72f79236b7b704c60c6920b51c86832f4fda9e3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 16:41:41 2023 -0500
|
||
|
||
refactoring
|
||
|
||
commit dea0d9a78a99c441a1738f88cef2cd3c5f433454
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 16:40:49 2023 -0500
|
||
|
||
fix permission-hardener config parsing issue
|
||
|
||
commit 017ae18ad7a757a18c5a7a92677f24053280e8b5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 16:39:10 2023 -0500
|
||
|
||
fix permission-hardener config parsing issue
|
||
|
||
commit 65e3c14643ca2b5167e0f5bc30a6bbc45cb4f645
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 16:35:11 2023 -0500
|
||
|
||
fix permission-hardener config parsing issue
|
||
|
||
commit 40e536a9beb48f1938e67ae2010fc34f80e3bd1f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 16:04:03 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 51decff2fd48c2437b08136e97d4211e5eaccd89
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 16:03:36 2023 -0500
|
||
|
||
exclude qfile-unpacker from permission hardener
|
||
|
||
commit 52b6e92e002987952c908eeb05a293dd401ee9be
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 15:58:21 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 1900c1ab07e4d55577815b942b34457596a1d703
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 15:57:49 2023 -0500
|
||
|
||
pam exclude from permission-hardener
|
||
|
||
commit 76e3a3c5f9fa5e95b90e4ea3f3ba7019615a3d1a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 15:29:38 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit d4494fd3c341796081dd8c114c8cc97e627c236c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 15:27:09 2023 -0500
|
||
|
||
disable remount-secure dracut modules
|
||
|
||
pending new systemd based implementation
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/152
|
||
|
||
commit 949c1633701ac168e908794d4dd74c5a9b09a437
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 15:14:43 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 4a19fbae0be2ab99c1f21826eca2ec3cef605a0e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 15:13:01 2023 -0500
|
||
|
||
move permission-hardening to /usr/bin to make it more easily accessible
|
||
|
||
commit c75f80b29f2fee3f2ead579390b8d3a8ff86b9d2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 15:09:29 2023 -0500
|
||
|
||
lower verbosity of permission hardener
|
||
|
||
fixes https://github.com/Kicksecure/security-misc/issues/158
|
||
|
||
commit 0544657123100b333211a91ef32054dc7e14c7db
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:56:06 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 42be6310237bdb663f38982b221327a337251e0a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:54:05 2023 -0500
|
||
|
||
readme
|
||
|
||
commit 55ba5d48321ec4224bcbf03cf2bf51226cf34e50
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:51:31 2023 -0500
|
||
|
||
renamed: usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf -> usr/lib/NetworkManager/conf.d/80_ipv6-privacy.conf
|
||
renamed: usr/lib/NetworkManager/conf.d/99_randomize-mac.conf -> usr/lib/NetworkManager/conf.d/80_randomize-mac.conf
|
||
renamed: usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf -> usr/lib/systemd/networkd.conf.d/80_ipv6-privacy-extensions.conf
|
||
|
||
commit eab5d7d4ec58baaf7eedc777e250ad9f00e4b71b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:50:13 2023 -0500
|
||
|
||
cleanup
|
||
|
||
commit 811d1cd0dd0dcb9021d2f72638dd6c12b734964c
|
||
Merge: 9343795 5a75bcf
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:49:43 2023 -0500
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 5a75bcfb19ac6c555a52cb1600e4efd13a8cfc06
|
||
Merge: 9343795 229032d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:49:00 2023 -0500
|
||
|
||
Merge pull request #145 from monsieuremre/wifi-and-bluetooth
|
||
|
||
Wifi and Bluetooth Patch | Security and Privacy
|
||
|
||
commit 93437952b4f64866dfe6067d8caf19415112418d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:41:01 2023 -0500
|
||
|
||
readme
|
||
|
||
commit f32b5438872ad0b9e10cb7b0519f1f18fce1913e
|
||
Merge: 56b90ee 4946f85
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:38:20 2023 -0500
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 4946f85d43083c64bc3f8f02e26b08f79b622bfe
|
||
Merge: 817ca11 1abac79
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:37:47 2023 -0500
|
||
|
||
Merge pull request #146 from monsieuremre/thunderbird
|
||
|
||
Thunderbird Hardening
|
||
|
||
commit 56b90eecbfb21e546d52d1f41ce9361f2843cd71
|
||
Merge: 3178677 817ca11
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:35:23 2023 -0500
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 817ca116f693893e6dcb69254ee91815d200b8a1
|
||
Merge: d9b5d77 fbd9e5d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:34:13 2023 -0500
|
||
|
||
Merge pull request #153 from monsieuremre/readme
|
||
|
||
Updated Readme
|
||
|
||
commit 317867758478619fe1df4ebdb5e22240c40104c0
|
||
Merge: dcead44 d9b5d77
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:32:21 2023 -0500
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit d9b5d770cfd5f7747f1d606f3136a93034928f30
|
||
Merge: dcead44 ac224b2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 14:31:26 2023 -0500
|
||
|
||
Merge pull request #150 from monsieuremre/sysreq
|
||
|
||
Disable SysRq by default
|
||
|
||
commit dcead44cc6d4272b0966562046f9dab1792845b6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 11:32:46 2023 -0500
|
||
|
||
output
|
||
|
||
commit f6bf69b41fa3e1168c2c49884197770e1a78b888
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Nov 5 11:31:09 2023 -0500
|
||
|
||
update link
|
||
|
||
commit 2e64d89b042227fe5f38bb6d6a859deb4c5183b7
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Sat Nov 4 21:18:45 2023 +0000
|
||
|
||
undo unnecessary manual activation
|
||
|
||
commit 19eceaa8108879ee5477b157fb2175993c487959
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Sat Nov 4 20:56:46 2023 +0000
|
||
|
||
more fix
|
||
|
||
commit a187d23c4187fd08611e5cba85d09666dfd9f735
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Sat Nov 4 20:56:08 2023 +0000
|
||
|
||
big fix
|
||
|
||
commit fbd9e5d017c4b00d838e9f225c7748c4b362f023
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Sat Nov 4 14:33:35 2023 +0000
|
||
|
||
README.md
|
||
|
||
commit 97054b2b1076d6d428996967304b29620923eff4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 15:55:17 2023 -0400
|
||
|
||
revert enabling kernel module signature enforcement
|
||
|
||
due to issues
|
||
|
||
https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/63
|
||
|
||
https://github.com/dell/dkms/issues/359
|
||
|
||
commit 978e3e4abd8f55a877dfe0d6e39b45ee9f58ba6d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 14:53:40 2023 -0400
|
||
|
||
readme
|
||
|
||
commit 0242c04dc26638dc1250e3f681b46d15459cf8aa
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 14:51:14 2023 -0400
|
||
|
||
port to DKMS drop-in folder
|
||
|
||
undisplace /etc/dkms/framework.conf.security-misc
|
||
moved to /etc/dkms/framework.conf.d/30_security-misc.conf
|
||
|
||
commit d1b5a3ffd525ec92554ffc9c666f8007c8522aac
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 12:55:34 2023 -0400
|
||
|
||
/usr/sbin/pam-tmpdir-helper exactwhitelist
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/147
|
||
|
||
commit 48adb44c6fd157673cdf7fab3b86ecf7c6b31966
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 12:17:24 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit b6d53f698d0ad21a31da6bf74a44577a0c8869fc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 12:17:00 2023 -0400
|
||
|
||
Revert "allow loading unsigned modules due to issues"
|
||
|
||
This reverts commit 661bcd8603425934188cf139f33e20675ff4b765.
|
||
|
||
commit 04b210ee88589ef9e6e214d3a5a614780244abc9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 12:10:48 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 5e73f78ed9282bf0895b01d44d9c261ea0050cce
|
||
Merge: ceffd2b 8e66a41
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 12:10:33 2023 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 8e66a4177868ee7b51dafdb06062b0cb7cbc7415
|
||
Merge: ceffd2b 7dc99d5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 12:10:00 2023 -0400
|
||
|
||
Merge pull request #147 from monsieuremre/PAM-tmp-files-hardening
|
||
|
||
Depend on libpam-tmpdir for very solid extra security
|
||
|
||
commit 7dc99d54c0358842745ee48c7cc24f589fd63d14
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 12:09:39 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 2a602e78d6ca0f87f11de9a30ae2114468243075
|
||
Merge: 3ee4be6 ceffd2b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 12:08:50 2023 -0400
|
||
|
||
Merge branch 'master' into PAM-tmp-files-hardening
|
||
|
||
commit ceffd2b3ee453122e66f594ec31dde6ec3bb7187
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 12:06:43 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit cdd66ee3762c441843d421a9e6b11a20580ed7ac
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 10:48:46 2023 -0400
|
||
|
||
wrap-and-sort
|
||
|
||
commit c33a3d9aadcc4c0ff90f330239eff4b7c905a022
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 10:44:48 2023 -0400
|
||
|
||
readme
|
||
|
||
commit d71ac03d96c9861513ff56c68aec9090ef5c50bb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 10:36:15 2023 -0400
|
||
|
||
comment
|
||
|
||
commit 8326aecdb460fffa450bbf3ec0b051010f87ee2a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 10:33:02 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit b85d48eb83005da8fd9edc658c71493f407e3670
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 10:31:59 2023 -0400
|
||
|
||
do not change default umask for root
|
||
|
||
since this causes permission issues in `/etc/`
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/151
|
||
|
||
commit 07540db90d60b10cbd10881b0024d8e8871330de
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 09:45:12 2023 -0400
|
||
|
||
Revert "Revert "set default umask to 027""
|
||
|
||
This reverts commit f8913ceb2e2fdd274011377c41b5d08e7459e4af.
|
||
|
||
commit f8913ceb2e2fdd274011377c41b5d08e7459e4af
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 09:43:44 2023 -0400
|
||
|
||
Revert "set default umask to 027"
|
||
|
||
This reverts commit cd216095eb8d9387437e653d7764ec765ce42a10.
|
||
|
||
commit 43bd789c30a562aa60349d019107277a428aece8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 09:28:08 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit cd216095eb8d9387437e653d7764ec765ce42a10
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Nov 3 09:12:24 2023 -0400
|
||
|
||
set default umask to 027
|
||
|
||
using package libpam-umask
|
||
|
||
https://www.debian.org/doc/manuals/securing-debian-manual/ch04s11.en.html#id-1.5.14.19
|
||
|
||
https://github.com/Kicksecure/security-misc/pull/151
|
||
|
||
commit ac224b270a3a0945d187202f8cca89af0e71a166
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Nov 2 13:01:55 2023 +0000
|
||
|
||
disable sysrq
|
||
|
||
commit 07882f61a8003026a9e4c135a6e18a8fd204060f
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Nov 2 10:44:19 2023 +0000
|
||
|
||
enable service on install
|
||
|
||
not sure if this would be the right way to do it
|
||
|
||
commit 9f063584c1f96267b04f8f7fe0eee773f9345370
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Nov 2 10:28:41 2023 +0000
|
||
|
||
disable-kernel-module-loading
|
||
|
||
commit 3e604618a8ba2531553af4f9af00470bd9629615
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Nov 2 10:24:35 2023 +0000
|
||
|
||
harden-module-loading.service
|
||
|
||
commit 3ee4be652b28201ba208757ce5144e51c453ad70
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Nov 2 09:36:58 2023 +0000
|
||
|
||
depend on libpam-tmpdir
|
||
|
||
commit 1abac794b564d178df37a385cf0d25bac5842c3c
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Nov 2 09:15:20 2023 +0000
|
||
|
||
very secure and private defaults
|
||
|
||
commit 5a583ca48ce608fee4fe55c1d6948505e83a98d8
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Nov 2 08:30:26 2023 +0000
|
||
|
||
typo in file name
|
||
|
||
commit 229032d691c614a926cf3cf96b44752364e4e087
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Wed Nov 1 17:54:05 2023 +0000
|
||
|
||
Rename etc/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf to usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf
|
||
|
||
commit 1049298e7bfa4ca0e8f02b4086f8aa086d51c725
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Wed Nov 1 17:52:40 2023 +0000
|
||
|
||
Update and rename etc/NetworkManager/conf.d/99_randomize-mac.conf to usr/lib/NetworkManager/conf.d/99_randomize-mac.conf
|
||
|
||
commit 76e684cc0ac0544219d200eeefae1356864fe702
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Wed Nov 1 17:51:27 2023 +0000
|
||
|
||
Update and rename etc/NetworkManager/conf.d/99_ipv6-privacy.conf to usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf
|
||
|
||
commit a768f1f1ebfc29b0c0105f2965a4290f8dfd8e63
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Nov 1 12:26:21 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit bb14a058520b13e242fea9f3022c439c4677bd1d
|
||
Merge: 5ed2a5c 44906e8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Nov 1 11:11:54 2023 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 44906e8f398aae6e9565b131b82124e738e2d0d1
|
||
Merge: 5ed2a5c f2c23a2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Nov 1 11:11:27 2023 -0400
|
||
|
||
Merge pull request #142 from monsieuremre/patch-5
|
||
|
||
ssh config
|
||
|
||
commit 5ed2a5ce4a24a1a9c3e722a30aa9c6af1dc5d78a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Nov 1 11:10:36 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit bb1161986b6d108c4fc5a16a48cdac55f98ab35d
|
||
Merge: 7d57684 b7cddd6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Nov 1 10:31:04 2023 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit b7cddd6e552cb5f5139de91ef2aeae6fde691136
|
||
Merge: 7d57684 c975c3c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Nov 1 10:30:26 2023 -0400
|
||
|
||
Merge pull request #143 from monsieuremre/patch-6
|
||
|
||
new lines 990-security-misc.conf
|
||
|
||
commit fc8e201e84e4c777c087fd113c539ca368fd3a31
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Fri Oct 27 14:49:24 2023 +0000
|
||
|
||
rename
|
||
|
||
commit 90a88225a4fde2f09cc14b24f8467bb1ded90c9d
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Fri Oct 27 14:38:31 2023 +0000
|
||
|
||
security-misc.maintscript
|
||
|
||
commit 13b4ddbb627d2279b41d1dcbe5c8ce1ac384b088
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Fri Oct 27 14:34:21 2023 +0000
|
||
|
||
30_security-misc.conf
|
||
|
||
commit b298d152fc10c66892698d9dcae769a44a32037b
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Fri Oct 27 14:32:08 2023 +0000
|
||
|
||
30_security-misc.conf
|
||
|
||
commit 3d4b04fddc16067ed345074683281e74f41eeadf
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Fri Oct 27 12:35:39 2023 +0000
|
||
|
||
99_ipv6-privacy.conf
|
||
|
||
commit e90f62eaabfeee7483af573ef8e9d015ba1977dc
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Fri Oct 27 12:34:15 2023 +0000
|
||
|
||
99_randomize_mac.conf
|
||
|
||
commit 604d839537c409604ed2c4c88992ea1a31368f6f
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Fri Oct 27 12:30:26 2023 +0000
|
||
|
||
99_ipv6-privacy-extensions.conf
|
||
|
||
commit c975c3c0ff7cc5a1e29b651c2db6c27e3f952870
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Fri Oct 27 11:07:53 2023 +0000
|
||
|
||
new lines 990-security-misc.conf
|
||
|
||
added new recommended hardening settings with comments
|
||
|
||
commit f2c23a28319e359c642da2dde424456a1064763f
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Fri Oct 27 10:53:45 2023 +0000
|
||
|
||
ssh config
|
||
|
||
commit 7d576842fb6f3c124db2b6deb5abfc095974a67f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 26 20:08:41 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 7cff267002485fd0abca98d12b0024e061f4ba51
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 26 19:31:14 2023 -0400
|
||
|
||
remove duplicates
|
||
|
||
commit 928cdb81d43dfd337c82917182d2914d9c9d0915
|
||
Merge: a330a9f 39fed05
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 26 19:29:55 2023 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 39fed058f4734029b303fac4ea9a1b11f652fab4
|
||
Merge: 92a6ecc 99355c6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 26 19:27:41 2023 -0400
|
||
|
||
Merge pull request #140 from monsieuremre/patch-3
|
||
|
||
New lines in default permission config
|
||
|
||
commit a330a9fd75314931639e7e873adc31c5cc65d555
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 26 19:20:21 2023 -0400
|
||
|
||
refactor permission-lockdown
|
||
|
||
commit 8bf5ff82be706599f33228ecd6df42be0dc29f39
|
||
Merge: 1123d23 92a6ecc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 26 19:15:04 2023 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 92a6ecc40a4d3bd4d8f3cec7dd9b1334c72399dc
|
||
Merge: ca9603a 91c4452
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 26 19:13:34 2023 -0400
|
||
|
||
Merge pull request #141 from monsieuremre/patch-4
|
||
|
||
New permission-lockdown
|
||
|
||
commit 1123d23114201988ac3f5f50ab6e74a5307d3d52
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 26 18:45:07 2023 -0400
|
||
|
||
remount-secure: disable debugging to save space in initrd
|
||
|
||
commit 91c445244c47c163e2466f8c4dff710eda20c337
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Oct 26 19:41:07 2023 +0000
|
||
|
||
actually we do it once indeed
|
||
|
||
commit 88f396264ca9d072e4e5de4e1acaee54f3b39749
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Oct 26 19:35:59 2023 +0000
|
||
|
||
avoiding /etc/passwd
|
||
|
||
commit b5ba03247a5b5bb1f4e010130e4a575ad1397117
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Oct 26 19:31:25 2023 +0000
|
||
|
||
readability
|
||
|
||
commit f487752ba1b469eb0b2f85657e2ee0860f58496b
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Oct 26 19:30:58 2023 +0000
|
||
|
||
not limiting ourselves. we do not do this not just once.
|
||
|
||
commit 88cd5a905d8aa0f6033ac4ba72903fbad4a90b4b
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Oct 26 19:25:24 2023 +0000
|
||
|
||
strip unnecessary
|
||
|
||
commit d9f10c221a2b6794f0a3c5bcd1c15e2a4f352751
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Oct 26 18:17:50 2023 +0000
|
||
|
||
new permission-lockdown
|
||
|
||
commit 99355c616974d167e3a5424d63cd56b1f64f0eaf
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Thu Oct 26 17:45:28 2023 +0000
|
||
|
||
new lines 30_default.conf
|
||
|
||
commit ca9603af1713ff37392662c9d1b4251052e7b983
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 26 12:23:48 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 5f4222c1c3d7fa057b31bba7b0b5c2e83c92a7be
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 26 12:20:48 2023 -0400
|
||
|
||
enable SUID Disabler and Permission Hardener by default
|
||
|
||
https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener
|
||
|
||
https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706
|
||
|
||
commit e5d989af5ac2899985c48d60311856fb86e0ddeb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 26 12:04:13 2023 -0400
|
||
|
||
comment
|
||
|
||
commit 8557e0963ed6159f7f6c816ad4e009cc7323a760
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Oct 25 17:55:37 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit b7e2d49f5f3f49fab2e1c0647f10bda1921e0a80
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Oct 25 17:41:05 2023 -0400
|
||
|
||
comment
|
||
|
||
commit 5d71217e597aa3366658524ec5395c9f76dd527b
|
||
Merge: 6a22351 a2f811a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Oct 25 17:40:13 2023 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 6a22351d298e475ecae22bb99249a308b294ff9a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Oct 25 17:30:07 2023 -0400
|
||
|
||
renamed: usr/lib/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/990-security-misc.conf
|
||
|
||
commit b7c52800f4c16b1573e372089704a68fd47c5906
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Oct 25 17:28:43 2023 -0400
|
||
|
||
renamed: etc/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/30_security-misc.conf
|
||
renamed: etc/sysctl.d/30_security-misc_kexec-disable.conf -> usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
|
||
renamed: etc/sysctl.d/30_silent-kernel-printk.conf -> usr/lib/sysctl.d/30_silent-kernel-printk.conf
|
||
|
||
commit a2f811aff0cb4e73c3975093012c223127495707
|
||
Merge: 3317332 ee6716e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Oct 25 17:26:46 2023 -0400
|
||
|
||
Merge pull request #135 from monsieuremre/kernel-fix
|
||
|
||
Kernel hardening fix
|
||
|
||
commit ee6716e178806912da08b671ae31504ed2f3ac56
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Tue Oct 24 20:43:10 2023 +0000
|
||
|
||
security-misc.maintscript
|
||
|
||
commit 3317332cb431115f81d832ba974181c74427c884
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Oct 24 05:51:11 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 42c802cd1eca3d2586abde871e4842cdf83490c4
|
||
Merge: f3b40f1 5320c11
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Oct 24 05:30:15 2023 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 5320c11f3f92b66b7dcab7ca1f67fcba2de5deba
|
||
Merge: f3b40f1 f0857fd
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Oct 24 05:22:33 2023 -0400
|
||
|
||
Merge pull request #134 from monsieuremre/patch-1
|
||
|
||
Fix double mount issue for /var/log and /var/tmp
|
||
|
||
commit 1f489719efb37492b9c040ba4e332e8dd70fde1f
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Mon Oct 23 16:38:58 2023 +0000
|
||
|
||
rename
|
||
|
||
commit 9dda6f69a7df792966005f9c6feb057483cd9ea4
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Mon Oct 23 16:38:40 2023 +0000
|
||
|
||
more rename
|
||
|
||
commit 89381fe7abcc2f4418b95c3eb290c975bf6d612c
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Mon Oct 23 16:38:23 2023 +0000
|
||
|
||
rename
|
||
|
||
commit f0857fd5608525115bd8a96c2f75368263f6f830
|
||
Author: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
|
||
Date: Mon Oct 23 15:33:05 2023 +0000
|
||
|
||
Fix double mount issue for /var/log and /var/tmp
|
||
|
||
Mounting var with bind and mounting a subdirectory causes /var/tmp and /var/log bind mounted twice each. can be checked with lsblk. When we bind mount var only after having mounted the subdirectories, everything is mounted only one.
|
||
|
||
commit f3b40f12cb4bad0f2f00d4ba2dec59fb315c0798
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 19:23:22 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit d2e8a6dad3b94d574cb9c043303160b06893ab97
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 19:21:51 2023 -0400
|
||
|
||
debugging
|
||
|
||
commit e7aafd64d4418d43426b310653861f9024a54255
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 19:16:12 2023 -0400
|
||
|
||
refactoring
|
||
|
||
commit ee15f749bb4e68350498e52e8505bed43c98cbaf
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 16:54:58 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit d521662d04892fb6d5477fa4450fb5488892a87a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 16:49:36 2023 -0400
|
||
|
||
comment
|
||
|
||
commit 0e80acf38d430784fbb779f4f10c81bfe8a3813f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 16:45:10 2023 -0400
|
||
|
||
fix
|
||
|
||
commit a1c3b87fcee07496af4b42e387b46488b58b73a0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 16:29:08 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit f6d1346e2bde51cd70bc60246c0bfba923c00c3d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 16:22:08 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 9a649ddd091b116c9091f3fa582d411b5186375a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 16:16:40 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 11382881b56556741fad5f0291ccb57a24e9c617
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 16:12:26 2023 -0400
|
||
|
||
comments
|
||
|
||
commit 5182d7502b34a95fd751c69c4bc3f01d5f5e02b9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 16:08:21 2023 -0400
|
||
|
||
improve remount-secure
|
||
|
||
commit 555d83792df9aa599ae9e0e7c41af49b0601c1c1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:44:47 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit a88c0a3ad2d83fe72612faf97866e255c5527384
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:44:30 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 316282952f7d2470c89f268beea01b8bac9bb4bb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:40:59 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit a7629b98cf4e7f86bab07c2b75fa712adcd63ee5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:40:49 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 7112eac3be014938f757e0c0def74bb04dc72d2f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:37:21 2023 -0400
|
||
|
||
output
|
||
|
||
commit f80b5fe3767502f6890bdfb7bc32a602c94828d6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:36:16 2023 -0400
|
||
|
||
fix
|
||
|
||
commit ce0babce215dc4ec08101cff5e0d25ad6ec87e70
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:35:03 2023 -0400
|
||
|
||
comment
|
||
|
||
commit fa0804b7ae46ecfc1e9e82ca83342c9d456aa9c3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:33:21 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 70cbe4daaa5cd857c49f2f9b9241f24e2867ab5a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:33:11 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 36f2acb93f65958b27bae030f1d2bd66a278e073
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:28:04 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 9b9e9ce1c0feb4ca854189754c47ca826eef1c32
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:27:01 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 3731716a497c233127bff3febbe22d5cf088aad8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:14:22 2023 -0400
|
||
|
||
fix
|
||
|
||
commit eec87a0508a6242430a1f0b8ad341f4c3ea43059
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:11:26 2023 -0400
|
||
|
||
fix
|
||
|
||
commit f3286cf440992661ba85b5c7e41b92ffaca62cf3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:10:21 2023 -0400
|
||
|
||
fix
|
||
|
||
commit eb90d38d8ca6d6292dbb8013bb9bca8ec26f4792
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 15:05:33 2023 -0400
|
||
|
||
fix
|
||
|
||
commit f44020973897d98fdc21ced748ad64106979829e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 14:46:42 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 7f03c2b13742e583e426c91ff4e111b6c0e7da43
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 14:45:45 2023 -0400
|
||
|
||
fix
|
||
|
||
commit c85db586cadbe781704e62405a76e43650046d2c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 14:44:58 2023 -0400
|
||
|
||
improve
|
||
|
||
commit 7c0ea4324aa1713f365f7352a3e4db1b703d9750
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 14:39:52 2023 -0400
|
||
|
||
fix
|
||
|
||
commit b29b626b41545fd49b67631820ae40d0fe000f22
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 14:30:28 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 6198ae317c4d8cbd06d95d5e2a585892f455cab6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 14:29:02 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 245fad09868c2d84bee66d65ecca32704786919b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 14:00:06 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 619f1705e13232680f38bc630f19f2ace32f48ad
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 13:58:55 2023 -0400
|
||
|
||
output
|
||
|
||
commit 52fa7db0874be85a3db296499ab76f84a5f518db
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 13:57:38 2023 -0400
|
||
|
||
output
|
||
|
||
commit 8a592c2e371de1136d566e707ba56ce89309230a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 13:56:17 2023 -0400
|
||
|
||
fix remountsecure kernel parameter logic
|
||
|
||
commit 3c183294cd8a402418eafc1e657c6524be49c487
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 13:31:55 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit e689f38ad0ba9727d482dbab25ea5d88e67a8edf
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 13:31:44 2023 -0400
|
||
|
||
todo
|
||
|
||
commit 6675a2e93194ea15daeb22bee707cf49563f69fe
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 13:30:50 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 4288e10554f854d6dd9be092ddbf6a62686b1549
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 13:25:31 2023 -0400
|
||
|
||
fix, rework remount-secure kernel parameters parsing
|
||
|
||
commit b0181af099a2bc20a6d8cc20e6e27371ecc50bf1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 13:12:25 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 28cb53341d48ece9e042caea03e7159b0f93c2ee
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 13:11:44 2023 -0400
|
||
|
||
remount-secure dracut module: improve output
|
||
|
||
commit f70f36e6cfead0038075d715e430e15aedae459f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 12:55:41 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 479ab61a1d0c91d26c2cd200d97b39b2b786e073
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 12:55:20 2023 -0400
|
||
|
||
remove no longer required remount-service systemd unit
|
||
|
||
commit 84ca0ac8a0b6a72a28e030081299b402749b9348
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 12:54:25 2023 -0400
|
||
|
||
improve remount-secure
|
||
|
||
commit 1696c37251fe6158118ac3a694c2e11439de5c46
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 11:28:18 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit e7d30955e88b0a052e9159c11f4c1e1a47dadb49
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 11:28:08 2023 -0400
|
||
|
||
debugging
|
||
|
||
commit 975a017dec26f671b7869ba4ad94b3a4d2faf999
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 11:13:05 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 8eb4607a0e8c3db10f64e4ed5a02e87fd3ee8903
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 11:12:54 2023 -0400
|
||
|
||
improve
|
||
|
||
commit f1da0ce7461fab2eeb421daa886ddd9856c9fd52
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 11:11:10 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 26826e8398c4d3feed07e8e3e095a87bbde9907a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 11:06:34 2023 -0400
|
||
|
||
fix
|
||
|
||
commit a423b85f81e0c066271ad7db78902ccddbeabb5a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:50:30 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 233fa4625bb60ef65c707d28e7c8a51ef5a1d66e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:49:53 2023 -0400
|
||
|
||
output
|
||
|
||
commit 3ebe8cf4de5c77f26f93ac40bdc596c0c38451f5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:41:42 2023 -0400
|
||
|
||
refactoring
|
||
|
||
commit 24d2e26397e8f1e8e350fb60206ab1c5b597cbe6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:40:19 2023 -0400
|
||
|
||
no longer reproducible
|
||
|
||
commit fcba70df2e4e6c71fd29852d6f0b20f80e2e2d5e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:38:48 2023 -0400
|
||
|
||
refactoring
|
||
|
||
commit a05bd3dd0e7319807fa7ea523407ec82ce8aa39c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:37:02 2023 -0400
|
||
|
||
/home last because most likely to fail
|
||
|
||
commit 41077c94fbc1a0c90ee870292fe82e16a70b52f1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:32:24 2023 -0400
|
||
|
||
improve remount-secure
|
||
|
||
commit ef69e512bd2e2eba0e292470bfef6336216e2605
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:25:57 2023 -0400
|
||
|
||
refactoring
|
||
|
||
commit d5cb7ecec9d10069e2e37a2f88680dff6d3f6eb6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:22:21 2023 -0400
|
||
|
||
use findmnt
|
||
|
||
commit 1120d0652ddead556801958973d61502b75f9fc7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:16:53 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 45ce0ff74d8f42d6a424e0742989008403891f8a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:16:43 2023 -0400
|
||
|
||
debugging
|
||
|
||
commit b81a991731e912fa0f7d4ca59b0531bafb02a25a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:15:11 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 292a5c3a8a37bc9dd807913bd76826e57e978b67
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:11:31 2023 -0400
|
||
|
||
fix
|
||
|
||
commit bb57b1a289cc64cc5b2ab5518c151df5355a9f29
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:10:51 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 4f6f45fb3902f6c49d01b5ccb33a4e24804cd02a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:01:54 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 181a6424796b1cafc87a8d74aad197135381a389
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 10:01:38 2023 -0400
|
||
|
||
root check
|
||
|
||
commit 84fd41931ce3ba4d6e3785dc8052ee14ce62b80e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 09:44:17 2023 -0400
|
||
|
||
/var/run -> /run
|
||
|
||
commit 33d97a2560fe4aaab24f90057e825802541a408b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 09:39:54 2023 -0400
|
||
|
||
improve output of remount-secure dracut module
|
||
|
||
commit c409e3221e179437ed0b162dde1e72cd116ba795
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 09:36:03 2023 -0400
|
||
|
||
implement remount-secure
|
||
|
||
commit f472ce690ae350085d40cfd5ec46084dc559a51d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 08:57:35 2023 -0400
|
||
|
||
comments
|
||
|
||
commit 90f2b5e11c341c38bb0b11db603ceeba28e14b1c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 08:51:37 2023 -0400
|
||
|
||
code simplification
|
||
|
||
commit 167683ce763e97838e62950f00313b63d7c968b0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 08:50:57 2023 -0400
|
||
|
||
code simplification
|
||
|
||
commit 05e9accf64a3a6bfa24aac7aaa62620f814b05d1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 08:12:30 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit e065f85c8809d04a9a4c041dd8b9b81bacd04e24
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 08:10:48 2023 -0400
|
||
|
||
add remount-secure dracut module
|
||
|
||
commit f0ee470ecd0fc37125165dd6a5cefb47339b14b4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 07:51:05 2023 -0400
|
||
|
||
comment
|
||
|
||
commit e257f2a3806ba7013e8e47005fde1385044bc8d9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 07:50:14 2023 -0400
|
||
|
||
remount-secure:
|
||
no longer use /usr/libexec/helper-scripts/pre.bsh as not simple with dracut
|
||
|
||
commit 27b3ba8bdf2556066a4be02cd1be9a4451a591b2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 07:06:00 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit ed11c68ac64c1ec4eaa590dbb56734d450c89b04
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 06:51:52 2023 -0400
|
||
|
||
move remount-secure to /usr/bin/remount-secure to make it easier to manually run
|
||
|
||
commit 6f4bf57ff2bc878f03a50d91a5db0afaf897d70e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 06:48:56 2023 -0400
|
||
|
||
`remount-secure`: add support for `--force`; output
|
||
|
||
commit 6dec5cb1d6b841bc6ea92986d6567902109f5ed0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 06:32:19 2023 -0400
|
||
|
||
debugging
|
||
|
||
commit bc768aa196a08218aac0b6ef1c4ca013f2034122
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 06:31:57 2023 -0400
|
||
|
||
output
|
||
|
||
commit c069c73109b45fbb8fa230ad4f90f4252db730f2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 06:29:38 2023 -0400
|
||
|
||
refactoring
|
||
|
||
commit abc35927345e14bbe4b9f13d205a648ce7a8bd8d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 06:23:48 2023 -0400
|
||
|
||
remount-secure: stricter error handling
|
||
|
||
commit 59a5fea25d0b0c39a6e7b3b11f9242ebe5eaa462
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 05:41:56 2023 -0400
|
||
|
||
documentation
|
||
|
||
commit ac63b0eb3db3d168908459fecd6b3275cce015bc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Oct 22 05:41:11 2023 -0400
|
||
|
||
remove duplicate
|
||
|
||
commit ef3f1575733c668f652326cdb4f4fba8c71bf0ed
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Oct 21 14:19:24 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit ae2c1c5a7a02a5f3f6a8bcd4a90fdc9e3b512e62
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Oct 21 14:18:50 2023 -0400
|
||
|
||
fix xession environment variable
|
||
|
||
commit 43375fa1f4d32f04907edf1297fef737342b49ea
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Oct 21 12:34:59 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit d543825d85a5d84274c21cd85db6df777948606e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Oct 21 12:24:59 2023 -0400
|
||
|
||
comments
|
||
|
||
commit dd43ab634d9ab0a59234798e1b14ba99099c65c9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Oct 13 15:22:58 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 645ee814e4f3dc330dd6fb24ec4fac0e278c4f42
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Oct 13 15:22:48 2023 -0400
|
||
|
||
fix
|
||
|
||
commit 13a4f37e50805a0e51b8f63808e166318e39a074
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 12 12:51:37 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 2d4524108445829d7ac80e828e9a1442cf038a6b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 12 11:37:01 2023 -0400
|
||
|
||
avoid duplicate environment variables
|
||
|
||
commit e96e6aa38e29888a64fa35f85becc1596118a812
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 12 10:43:40 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit fa820e897895eda93011a0f2bbd915ffffcb1459
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Oct 12 10:40:27 2023 -0400
|
||
|
||
refactoring environment variables loading mechanism
|
||
|
||
commit 358e4226f1b3db32e560e4bbe1c663828eac7059
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jul 17 11:48:35 2023 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 81ad786dfcdd416056c6ae8a9d02231bda6fcbde
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jul 17 11:19:07 2023 -0400
|
||
|
||
Kicksecure
|
||
|
||
commit ab56b7ca0cf1a2cb6bc19514750ca618f4ebb7fe
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jul 17 11:10:05 2023 -0400
|
||
|
||
Kicksecure
|
||
|
||
commit 29aaf13c13ec1023d33e84442db0f5afeaa4436d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jun 23 08:18:12 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 8a6baea99017fd971ae4a5e89599b87bc945b276
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jun 22 16:16:15 2023 +0000
|
||
|
||
comment
|
||
|
||
commit 609c8c0697ecf3414e38de9d32dc367a25172802
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 21 09:36:44 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 94a326ec7ff8704be224e76b2f3f9c2a12cbd4a7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 21 09:11:31 2023 +0000
|
||
|
||
bookworm
|
||
|
||
commit b610cdcbcd85ee4c433a3df0662e225b52b592cd
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jun 16 11:09:02 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 0c56d3d9d2dd1b40b07226b70d3d1b9343757d1a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jun 16 10:49:05 2023 +0000
|
||
|
||
readme
|
||
|
||
commit 63599a09d795d82b0f069f88d73fd607129af0ef
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 14 09:59:20 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 25760f70246dd07376465d9a4222098fd24b8516
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jun 13 08:34:41 2023 +0000
|
||
|
||
bookworm
|
||
|
||
commit be990188f56f059585cf70589de03afb992b9ea2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jun 12 18:01:55 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 07b3ce0bcdb6ddb72c7064f527ff4d6250b54ad2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jun 12 16:22:32 2023 +0000
|
||
|
||
Standards-Version: 4.6.1.0
|
||
|
||
commit 4e28ace103e11373d1b5cf5de8be6b1f94c567ce
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon May 15 17:31:59 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit b11a336b4ff6c748d20aade6e98b25c251bd8c8e
|
||
Merge: c921d4e b0b73db
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon May 15 16:58:11 2023 +0000
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit b0b73db3c84f8cc7594b6b181e0e495cd7e92571
|
||
Merge: c921d4e cf003df
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon May 15 12:57:46 2023 -0400
|
||
|
||
Merge pull request #126 from raja-grewal/Comment
|
||
|
||
Update comments
|
||
|
||
commit cf003dfad85434f5a52524fdd97a7f619ba82429
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue May 16 02:11:44 2023 +1000
|
||
|
||
Update comments
|
||
|
||
commit c921d4e915af50dd1773016b0015be584e1e3f5f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon May 15 11:56:30 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 39676395f814007f74ce1edb0aee0ada4d4fa478
|
||
Merge: 6511dac 1f38fcf
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon May 15 11:34:57 2023 +0000
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 1f38fcfefa1ccd732e4500522cc0978bda69ab0b
|
||
Merge: d66a9ba 6ab400c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon May 15 07:34:16 2023 -0400
|
||
|
||
Merge pull request #125 from JeremyRand/typo
|
||
|
||
mmap-rnd-bits: Fix typo in error message
|
||
|
||
commit d66a9bac551e7544eed592a69f576d27880e2bf3
|
||
Merge: 6511dac 9d23717
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon May 15 07:34:00 2023 -0400
|
||
|
||
Merge pull request #124 from JeremyRand/doc-aslr
|
||
|
||
README: Document mmap-rnd-bits
|
||
|
||
commit 6ab400c9d982bde16271052f181c87255046037e
|
||
Author: Jeremy Rand <jeremyrand@danwin1210.de>
|
||
Date: Tue May 9 10:55:31 2023 +0000
|
||
|
||
mmap-rnd-bits: Fix typo in error message
|
||
|
||
commit 9d23717b6d3f94d8fad5ab00628dcbf41fa2cab5
|
||
Author: Jeremy Rand <jeremyrand@danwin1210.de>
|
||
Date: Mon May 8 13:45:18 2023 +0000
|
||
|
||
README: Document mmap-rnd-bits
|
||
|
||
commit 6511dac1d4aea1800ce8e51d1f6cdbae4d31e10c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat May 6 12:00:12 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 0c10b3f0383d69c2d504b3e346da68b056d1dca8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat May 6 11:59:59 2023 +0000
|
||
|
||
output
|
||
|
||
commit a815c9b9867b0ec56737e60eb1dfeec6a57af6f1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat May 6 11:54:31 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 5d4d04a2ebeeea7e096c1680779f2897a03838c6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat May 6 11:54:00 2023 +0000
|
||
|
||
output
|
||
|
||
commit 2d465c624975cc2ca308878e0ef1508316d3316e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat May 6 11:51:25 2023 +0000
|
||
|
||
refactoring
|
||
|
||
commit b756314eb894dde4d017e0aec5876b56f0178de4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 5 15:09:32 2023 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 014a28ba07406e5d69f86e90ddb8a27b3778c3a8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 5 15:04:21 2023 +0000
|
||
|
||
comment
|
||
|
||
commit ec01c1a99630f44a73763b019a1bad6dc52bbf4e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 5 15:02:31 2023 +0000
|
||
|
||
minor mmap-rnd-bits improvements
|
||
|
||
commit 3dc406f138ee3dc81b54db2c8c4b795fc6b7c9d5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 5 15:01:22 2023 +0000
|
||
|
||
minor
|
||
|
||
commit 40e940ec58928049bb38b85d15beaead80740192
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 5 14:54:24 2023 +0000
|
||
|
||
minor mmap-rnd-bits improvements
|
||
|
||
commit f4fd0f90120e8983b37bc5822cf98a215d25990e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 5 14:53:07 2023 +0000
|
||
|
||
minor mmap-rnd-bits improvements
|
||
|
||
commit a8e4121befe19bb7d2f74582655a14bded23a37d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 5 14:52:07 2023 +0000
|
||
|
||
minor mmap-rnd-bits improvements
|
||
|
||
commit 9184e6bb921a9c7356e8d2c7216a1da91f963304
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 5 14:51:19 2023 +0000
|
||
|
||
fix
|
||
|
||
commit 89168ef40ce713b27974e4e38f6e3e63646d78bc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 5 14:49:56 2023 +0000
|
||
|
||
minor mmap-rnd-bits improvements
|
||
|
||
commit d6d79e96c9a3f25b75d92a46dc97d6191d6ac691
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 5 14:44:29 2023 +0000
|
||
|
||
minor mmap-rnd-bits improvements
|
||
|
||
commit 15d0ee100834e01e3f17ee179c3120f37eb3cae5
|
||
Merge: 1137e6c 2d40bbc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 5 14:37:34 2023 +0000
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 2d40bbc8fec7ceea47b64fdebc9e751b26e0cf27
|
||
Merge: 5c6db28 48a68ba
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 5 10:14:43 2023 -0400
|
||
|
||
Merge pull request #120 from JeremyRand/aslr-ppc64le
|
||
|
||
vm.mmap_rnd_bits: Fix ppc64le
|
||
|
||
commit 48a68ba237895c0c6c24ebd256ae6a9adec2628f
|
||
Author: Jeremy Rand <jeremyrand@danwin1210.de>
|
||
Date: Sat Apr 22 04:43:41 2023 +0000
|
||
|
||
mmap-rnd-bits: Handle unwritable /etc/sysctl.d/
|
||
|
||
commit 434cfb427f739258bd3280ce148cdbe85c800f8a
|
||
Author: Jeremy Rand <jeremyrand@danwin1210.de>
|
||
Date: Sat Apr 22 04:36:05 2023 +0000
|
||
|
||
mmap-rnd-bits: Check that configs are valid integers
|
||
|
||
commit 76ca8a27f94d89ed783b900257934c0749e631ce
|
||
Author: Jeremy Rand <jeremyrand@danwin1210.de>
|
||
Date: Sat Apr 22 04:29:14 2023 +0000
|
||
|
||
mmap-rnd-bits: Handle missing kernel config file
|
||
|
||
commit 2cf105700a98297f65026e43b435fe017a04ba07
|
||
Author: Jeremy Rand <jeremyrand@danwin1210.de>
|
||
Date: Sat Apr 22 04:08:20 2023 +0000
|
||
|
||
postinst: Don't fail if mmap-rnd-bits fails
|
||
|
||
commit 61f63255acdf942e52af35d7f6d1c271a671e6f7
|
||
Author: Jeremy Rand <jeremyrand@danwin1210.de>
|
||
Date: Fri Mar 24 12:32:58 2023 +0000
|
||
|
||
vm.mmap_rnd_bits: Fix ppc64le
|
||
|
||
Probably fixes a bunch of other non-x86_64 arches too.
|
||
|
||
commit 5c6db28881463e8c764872a8cd268c23ac64b8f1
|
||
Merge: 8a34d6c ed5f8be
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Mar 31 04:52:55 2023 -0400
|
||
|
||
Merge pull request #122 from raja-grewal/tcp
|
||
|
||
Remove outdated comment about SACK, DSACK, and FACK
|
||
|
||
commit 8a34d6c067bdebc513f34cd3c434b0675f118e10
|
||
Merge: 1137e6c 7a4212d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Mar 31 04:52:18 2023 -0400
|
||
|
||
Merge pull request #121 from raja-grewal/copyright
|
||
|
||
Update Copyright
|
||
|
||
commit ed5f8be9ebd4f34c8b8de78abe0a8df0775b80aa
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Mar 30 19:17:43 2023 +1100
|
||
|
||
Remove outdated comment about SACK, DSACK, and FACK
|
||
|
||
commit 7a4212dd76c866e1db4dd4875e51c0d49bb3574d
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Thu Mar 30 17:08:47 2023 +1100
|
||
|
||
Update copyright
|
||
|
||
commit 1137e6c9104565b8f7546a9a5450ec2c2330efb7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jan 30 05:58:47 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 8c3204a5e42b0c4dc6ff9c66568ac78abc4dbd47
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 25 15:20:30 2023 -0500
|
||
|
||
comment
|
||
|
||
commit 65c29f493b56798bc67de7ea451f8f65d99d3093
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jan 25 15:13:19 2023 -0500
|
||
|
||
move kexec disabling to dedicated file `/etc/sysctl.d/30_security-misc_kexec-disable.conf`
|
||
|
||
so ram-wipe can `config-package-dev` `hide` this config file
|
||
|
||
commit 56c7c57b3a3929f57c9173f9156b2b9f7f7f854e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 24 07:09:40 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit b87d9eb86544a7f06772a0db803711b49ec3f554
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 24 07:08:13 2023 -0500
|
||
|
||
lintian
|
||
|
||
commit a4820086508a64156aa222d61d5f0f88bf56fb3e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 24 07:05:53 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 7bda2ad3e8f30668428e054f57613d7c2ed2a4d6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jan 24 06:34:17 2023 -0500
|
||
|
||
move ram-wipe scripts to dedicated ram-wipe package
|
||
|
||
commit 11d0bb2c006eb7add5f9b0e70a199098972af25e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jan 9 07:05:18 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit c50665218776733919845044b39466c57117542d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jan 9 07:05:06 2023 -0500
|
||
|
||
fix
|
||
|
||
commit b3d85f115cf486f4a2805d954ba6dd741817dd71
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jan 9 07:02:01 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 6faa050dd8d26bd6436688b32bbc7a6515f9cb14
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jan 9 06:54:04 2023 -0500
|
||
|
||
migrate ram-wipe to dedicated package
|
||
|
||
commit ad5d0d4b12e73b74166aafb5c34252f1e1af1854
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jan 9 06:37:45 2023 -0500
|
||
|
||
disable kexec (revert enabling kexec)
|
||
|
||
remove kexec-utils for ram-wipe since moved to its own package
|
||
|
||
commit 87c4e77c017aba7d57ae1fc7cf41a1f3143f1a04
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jan 9 06:23:00 2023 -0500
|
||
|
||
migrate to ram-wipe package
|
||
|
||
commit 3867acf723f26416a047260010518829adcefc03
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jan 9 05:34:48 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit d769099db1dbf90350838430cda2de7196076c5d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jan 9 05:34:07 2023 -0500
|
||
|
||
use warn instead of info for now
|
||
|
||
because dracut does not show info messages when kernel parameter quiet is set
|
||
|
||
commit 7fa6946694a997e04b17ecb3a167d767543093a2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jan 8 07:17:02 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit f3b84e15be40ef64969b70bc62ab4bf8d40352b6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jan 8 07:16:18 2023 -0500
|
||
|
||
refactoring
|
||
|
||
commit 96d6ca7ae01d537ab972798417b9453d57c03cd7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jan 8 07:09:09 2023 -0500
|
||
|
||
improve kernel and initrd file detection
|
||
|
||
commit 8367b27a0df2e6ea5bc2d57d1520cfdd2f4d35e2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jan 8 07:08:18 2023 -0500
|
||
|
||
output
|
||
|
||
commit da0fc9f5bd5d1551f46fb5625010b317d30274b3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jan 8 07:07:43 2023 -0500
|
||
|
||
improve kernel and initrd file detection
|
||
|
||
commit 5b11eecaecdec7487224b90708da82c10ccc4d63
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jan 8 06:45:10 2023 -0500
|
||
|
||
refactoring
|
||
|
||
commit e81dd6cd25f58871c1f6b4a082f81eec34a518b5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 18:13:57 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 938b87d26c195b6804796d4fa6050a453278700c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 18:06:10 2023 -0500
|
||
|
||
comment
|
||
|
||
commit 0b1310a21944939d94de18d8ac6d494446d23d0c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 18:05:47 2023 -0500
|
||
|
||
output
|
||
|
||
commit 2fd302f580509842d290b2b0a27079dca445d5cd
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 18:02:21 2023 -0500
|
||
|
||
output
|
||
|
||
commit 921bc3e867411e5a96ca3e4641a7501038cf5139
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 17:49:24 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 080abe574ba10b8365587a1c89085efe88f210ee
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 17:48:21 2023 -0500
|
||
|
||
output
|
||
|
||
commit 5689c07f97d2775b9445f75a10554e70875a5636
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 17:37:46 2023 -0500
|
||
|
||
comment
|
||
|
||
commit 8e2db269b01e5d3c28346dd7713074a346fa3e72
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 17:36:51 2023 -0500
|
||
|
||
cleanup
|
||
|
||
commit a07af631559e9c9312c263826969b5b028509a2e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 17:35:56 2023 -0500
|
||
|
||
output
|
||
|
||
commit 1d22ebde08984968deb143dab244a2b6e30d45e9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 17:23:35 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 539156c0dad74c584adb02beacdcf7a3a9b8b982
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 17:23:25 2023 -0500
|
||
|
||
drop_caches
|
||
|
||
commit 02f44459ad194444122e98a9f743c2725edb4e43
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 17:22:45 2023 -0500
|
||
|
||
DRACUT_QUIET=no
|
||
|
||
commit abbaea582de898e48a852a0a153fe336341afe17
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 17:16:23 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit ab89d0e06e68fa47fa4058416a6c8700551f1b9a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 16:59:00 2023 -0500
|
||
|
||
cleanup
|
||
|
||
commit 2e833b40a1af1f194ec392ff0c05b0060bb27fe8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 16:43:09 2023 -0500
|
||
|
||
prevent "wait: pid 55 is not a child of this shell"
|
||
|
||
commit 3777ecba8568cf5458b05b3eeedf98f0ba51cd69
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 16:34:19 2023 -0500
|
||
|
||
comment
|
||
|
||
commit e0ded5e69d38a02f9896277a67c0d209e4ee4ad4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 16:34:04 2023 -0500
|
||
|
||
comment
|
||
|
||
commit 996c6af2d84cf23f323ca80c04fab26beea2aa1b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 16:31:23 2023 -0500
|
||
|
||
lower debugging
|
||
|
||
commit 4fca8f4225f134316e734d5f85d12b9e39b99b0f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 16:28:11 2023 -0500
|
||
|
||
comment
|
||
|
||
commit fa579cad8980c8d9231a9e2682267910544be175
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 16:20:48 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit c9107bb044e3038d837e371aa7467edcedbbdb16
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 16:11:48 2023 -0500
|
||
|
||
debugging
|
||
|
||
commit b7bb24f984cb5669d9cc9b3522ee57a05070cef9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 16:09:11 2023 -0500
|
||
|
||
description
|
||
|
||
commit 2bd9cc5bc1ac94d039a7e515d3a839af820fb4be
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 16:08:12 2023 -0500
|
||
|
||
output
|
||
|
||
commit 2456fed3614268abfb238f3a0783719adb45b711
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 16:00:42 2023 -0500
|
||
|
||
output
|
||
|
||
commit c0b5fea6806ea07b667a341b2400aacb7191b27f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:59:52 2023 -0500
|
||
|
||
protect against wipe RAM reboot loop
|
||
|
||
commit c1b87d250c4e5decd726e7fd67b482ff1eaecbf1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:37:47 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 91aedb234aa7c516dca8016f6b82536cfe25f410
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:36:36 2023 -0500
|
||
|
||
output
|
||
|
||
commit 368ad8e636ae30eb60c8f2c6ce7117970a77c021
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:36:05 2023 -0500
|
||
|
||
cleanup
|
||
|
||
commit d8bf40f7a28f53f2f51c41b77663e5a40a5d8fb4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:35:45 2023 -0500
|
||
|
||
refactoring
|
||
|
||
commit 166a6863a1c249e68e3f38109b115503bc5663ec
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:35:15 2023 -0500
|
||
|
||
output
|
||
|
||
commit 20596488be39f92f069523a3d86c0e6b6ec15399
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:34:20 2023 -0500
|
||
|
||
long options
|
||
|
||
commit 1e19c2cbad8cdf97f6bb460c90cfa330492b8019
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:32:25 2023 -0500
|
||
|
||
Depends: kexec-tools
|
||
|
||
required for cold boot attack defense second RAM wipe after reboot
|
||
|
||
commit b0630f58c136d6c7a964447806ec8ee603a73aa8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:24:05 2023 -0500
|
||
|
||
debugging
|
||
|
||
commit dde01f36634337a24d0cd37cfe5a456ff77e8b0e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:23:23 2023 -0500
|
||
|
||
long options
|
||
|
||
commit 6e0926eece54a55502fa67c2abedf5b718e306e6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:22:58 2023 -0500
|
||
|
||
long options
|
||
|
||
commit 51a5f68c7654774d37986916029607da588189ab
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:22:25 2023 -0500
|
||
|
||
refactoring
|
||
|
||
commit 83800fcb4fd365aab58a5f70f78f39af7d9371dc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:18:58 2023 -0500
|
||
|
||
--no-legend
|
||
|
||
commit 822cf646182f8ff649ea08da2fd4365022871a61
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:13:36 2023 -0500
|
||
|
||
output
|
||
|
||
commit bb2f0a3c4421e3686477a6dff81bb87d5dcd836f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:12:15 2023 -0500
|
||
|
||
minor
|
||
|
||
commit c3a822af0e9c8bb6c9b34b732ba48710e3ee1974
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:09:25 2023 -0500
|
||
|
||
test if readable
|
||
|
||
commit 227871c12c57ecc5ff6d4075ea59a7dc9eca3dd3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:07:34 2023 -0500
|
||
|
||
output
|
||
|
||
commit c09f4da1922f40f666dae0570295b5ab5c02e8a9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:06:56 2023 -0500
|
||
|
||
code simplification
|
||
|
||
commit 01fee8a7b4a12c8c2be4173337decc37ec3e6019
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:06:31 2023 -0500
|
||
|
||
refactoring
|
||
|
||
commit f675f8da0d33ab18efa782ee155a8632e9a3dc0f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:05:58 2023 -0500
|
||
|
||
quotes
|
||
|
||
commit d0daf75db3529e206565604a63e11ee1268ed39b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:05:24 2023 -0500
|
||
|
||
quotes
|
||
|
||
commit 8bcf7e3c235c1193f3a6d43a7c8b23b50e972de7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:04:57 2023 -0500
|
||
|
||
minor
|
||
|
||
commit 2cc3c6c59ca88cf44751bc2e9bb7055b46102284
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:04:42 2023 -0500
|
||
|
||
lower debugging
|
||
|
||
commit 10932bb5d83c469f556b46f42ee517e882d87a4f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:04:23 2023 -0500
|
||
|
||
minor
|
||
|
||
commit c88e95ce33f30f67726ac086c1b8d020b1024ebc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:04:07 2023 -0500
|
||
|
||
output
|
||
|
||
commit 06034d2e4f97712fc84ad75e3fa8ba6bf4fccfee
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 15:03:06 2023 -0500
|
||
|
||
fix
|
||
|
||
commit 059ebb212d03f5d01d46362530702dbeaefdce5e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 14:35:30 2023 -0500
|
||
|
||
comment
|
||
|
||
commit c0304ec029198665aaf63c843f5b7d5567f95208
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 14:35:09 2023 -0500
|
||
|
||
minor
|
||
|
||
commit d5271d6250f0f6ea5adf7bc71fc48fddab1a9af4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 14:31:40 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit d31c17ea047fbbd698ad9f074a00d6fba2aaf283
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 14:31:14 2023 -0500
|
||
|
||
fix
|
||
|
||
commit 41d116aa2f6d5ab33a1d5889f6ae251e5b8b5538
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 14:30:12 2023 -0500
|
||
|
||
lintian
|
||
|
||
commit e83ba18553832134b2f6da6ce98b0ee0c852961e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 14:29:12 2023 -0500
|
||
|
||
minor
|
||
|
||
commit 53ab93d8f6553eab1682290d42faf0d466f06219
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 14:27:42 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit bb121e52bbab151b2104f1a333cabc3889ef47b0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 14:27:22 2023 -0500
|
||
|
||
chmod +x
|
||
|
||
commit 42ab341a58de4c54b20b8f6dc4e048ce61068cf4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 12:57:36 2023 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit d37b19fb6bb3cadbb74d011be026fd8d2653ac17
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 12:55:05 2023 -0500
|
||
|
||
comment
|
||
|
||
commit 0367250dc74f9e6ec38f9da5809ff661493134a8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 12:54:35 2023 -0500
|
||
|
||
comment
|
||
|
||
commit c1df2fd601f3445a0a811a679efa7d2176026558
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 12:52:14 2023 -0500
|
||
|
||
comment
|
||
|
||
commit c2b20603fdd62a3f82c842c7ebeaad0f70e005d0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 12:49:18 2023 -0500
|
||
|
||
output
|
||
|
||
commit 999a82ed946c8fd57654a0a90e2a2e53ef98a788
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 12:46:21 2023 -0500
|
||
|
||
output
|
||
|
||
commit 2860560edb7951a8ac9de1c23c9655c655b40f23
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 12:43:07 2023 -0500
|
||
|
||
minor
|
||
|
||
commit 450ff378b067070618e4a972f8131acac5b292e0
|
||
Merge: 929f49f b8e82ff
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jan 7 12:38:14 2023 -0500
|
||
|
||
Merge remote-tracking branch 'friedy10/master'
|
||
|
||
commit b8e82fffca0138afaf20e1b2faf755ce1533af45
|
||
Author: Friedrich Doku <friedrichdoku@gmail.com>
|
||
Date: Sat Jan 7 11:31:02 2023 -0500
|
||
|
||
Get rid of /dev/kmsg
|
||
|
||
commit 78a4fad6674bb11fa682b908e0d3bc63705e7d20
|
||
Author: Friedrich Doku <friedrichdoku@gmail.com>
|
||
Date: Sat Jan 7 11:14:31 2023 -0500
|
||
|
||
Change echo to info. Included more reliable way of getting initrd and kernel. Allow user custom kexec
|
||
|
||
commit 8da3b9c40c6ee073addcc06d5227b3043438b768
|
||
Author: Friedrich Doku <friedrichdoku@gmail.com>
|
||
Date: Fri Jan 6 21:40:17 2023 -0500
|
||
|
||
fix last line
|
||
|
||
commit 7cf51a1b433bfb2ccf4fa14b7807184e9e3681c5
|
||
Author: Friedrich Doku <friedrichdoku@gmail.com>
|
||
Date: Fri Jan 6 21:32:57 2023 -0500
|
||
|
||
Checking job queue instead of dbus
|
||
|
||
commit 4b7053a6353cf0e092a6ef712e955b4318671bfc
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:53:28 2023 -0500
|
||
|
||
Update wipe-ram.sh
|
||
|
||
commit 779ad24b573b83c08e89569e5213e018377d1535
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:53:18 2023 -0500
|
||
|
||
Update wipe-ram-needshutdown.sh
|
||
|
||
commit d45ba826bca6f5efef846de01a34a0a8c7936442
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:53:10 2023 -0500
|
||
|
||
Update module-setup.sh
|
||
|
||
commit b3d4314a069a608380ca9dd01d76c653bdb87078
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:52:51 2023 -0500
|
||
|
||
Update wipe-ram.sh
|
||
|
||
commit 33877250172349cccb2c776c1fa7aed2e8ad716f
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:52:42 2023 -0500
|
||
|
||
Update wipe-ram-needshutdown.sh
|
||
|
||
commit ec68ee6ded7294c161b3d0793bf8874b12262190
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:52:32 2023 -0500
|
||
|
||
Update module-setup.sh
|
||
|
||
commit 014d10b9778907a9282ec337023f8c2b01b0ca6b
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:52:09 2023 -0500
|
||
|
||
Update cold-boot-attack-defense-kexec-prepare.service
|
||
|
||
commit 62dcdcf7649175e0587a84708e8f0aa318a45d30
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:51:45 2023 -0500
|
||
|
||
Update cold-boot-attack-defense-kexec-prepare
|
||
|
||
commit f4637509205c11eddaa13151b93c961e9d345be6
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:48:22 2023 -0500
|
||
|
||
Update cold-boot-attack-defense-kexec-prepare.service
|
||
|
||
commit 14abfbfccdd3403d90a16dd5b2a1057ccf4da3d5
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:48:03 2023 -0500
|
||
|
||
Update cold-boot-attack-defense-kexec-prepare
|
||
|
||
commit 37a5264696797c0807570606361e04cb8dcb2395
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:47:34 2023 -0500
|
||
|
||
Update wipe-ram.sh
|
||
|
||
commit 7ac45acd0f3e3e0a68e3fc4036787e8e7d4ebe9f
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:47:23 2023 -0500
|
||
|
||
Update wipe-ram-needshutdown.sh
|
||
|
||
commit 114a37fcd39ff20ddd9e8cca829763a9b96a8115
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:47:14 2023 -0500
|
||
|
||
Update module-setup.sh
|
||
|
||
commit 1eeb32b7b96ab1df63d808b6715fef7a6e1a9482
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:47:01 2023 -0500
|
||
|
||
Update wipe-ram.sh
|
||
|
||
commit c5accc5ad191fe54a96e12cd1f1286508da8243c
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:46:51 2023 -0500
|
||
|
||
Update wipe-ram-needshutdown.sh
|
||
|
||
commit f9ebc3cfa86674025ccd65c22cde2427ea2f4ae3
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 13:46:40 2023 -0500
|
||
|
||
Update module-setup.sh
|
||
|
||
commit 28687092ef4f57afab5e8d32f68492799694a379
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 12:52:36 2023 -0500
|
||
|
||
Update cold-boot-attack-defense-kexec-prepare
|
||
|
||
commit d67d3c1d7d788fff589806457ff140e8f82089a0
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 12:51:18 2023 -0500
|
||
|
||
Update wipe-ram.sh
|
||
|
||
commit 7fa64d68423d24668e44eb0d7e19ccf4845ee711
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 12:50:58 2023 -0500
|
||
|
||
Update wipe-ram-needshutdown.sh
|
||
|
||
commit 14c7239681300edc4f715bc96c5235cddf677c60
|
||
Author: Friedrich Doku <frd20@pitt.edu>
|
||
Date: Fri Jan 6 12:50:42 2023 -0500
|
||
|
||
Update module-setup.sh
|
||
|
||
commit 73913ea5afef8354f433f7cf87c7cd64c16be0a0
|
||
Author: Friedrich Doku <friedrichdoku@gmail.com>
|
||
Date: Fri Jan 6 12:49:34 2023 -0500
|
||
|
||
Added checks
|
||
|
||
commit a7015f4ddff892cab17f96713ddb0a720ebb7901
|
||
Author: Friedrich Doku <friedrichdoku@gmail.com>
|
||
Date: Fri Jan 6 10:50:34 2023 -0500
|
||
|
||
added files
|
||
|
||
commit 929f49f333fc88d91ed4cef849921b0b4a69bfea
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Dec 18 14:37:51 2022 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 75beb52bd5b7cee4a48eead53dbbe7fac9f6cc9e
|
||
Merge: 98f753d 58b622f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Dec 18 06:24:41 2022 -0500
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 58b622f0fe373b6e2fb30b9564b22f1064f690b0
|
||
Merge: 98f753d f81714b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Dec 18 06:23:26 2022 -0500
|
||
|
||
Merge pull request #114 from raja-grewal/framebuffer
|
||
|
||
Add some framebuffer drivers into blacklist
|
||
|
||
commit f81714be506d1b15c0e79cbe8378bf8a18a2256f
|
||
Merge: d67845f 98f753d
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Dec 13 05:14:56 2022 +0000
|
||
|
||
Merge branch 'Kicksecure:master' into framebuffer
|
||
|
||
commit d67845fea89f4a74ed4b0a6eefbf2bf228b13a1b
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Dec 13 16:11:24 2022 +1100
|
||
|
||
Typo
|
||
|
||
commit 98f753d8ffcf6673a3130d45c23b84a4c35917b1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 07:21:58 2022 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 6d7a78262464c054c46df155605a480f1b32f22c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 07:21:46 2022 -0500
|
||
|
||
fix
|
||
|
||
commit 421f03ae9e648d366146415532d4dd9dda106980
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 07:20:56 2022 -0500
|
||
|
||
fix
|
||
|
||
commit ad1e722879ef049ef421f0062ee383770d66bfee
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 07:00:33 2022 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit a806c782d78d691617dd650808a0403ce72d4a1a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 07:00:23 2022 -0500
|
||
|
||
fix
|
||
|
||
commit 4601e106c4823f2cb0dc7a8ba601670395c96326
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 06:49:26 2022 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 39b35ef9ac7489685df5486334a0acf5936e9b47
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 06:49:15 2022 -0500
|
||
|
||
fix
|
||
|
||
commit 73963a9e6847fd8099093da1253267d79db7d261
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 06:31:37 2022 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit d05c10172178d04781976026243297fa153125a0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 06:31:24 2022 -0500
|
||
|
||
debugging
|
||
|
||
commit 36454c2dbf43de4805f2f156b05d263c37b9615a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 06:25:47 2022 -0500
|
||
|
||
debugging
|
||
|
||
commit e06b173a1be8c0e3e47a9c4bab2d94fe88d422e0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 06:24:14 2022 -0500
|
||
|
||
debugging
|
||
|
||
commit 97722d1926bc106a0645783fcb55b7d5691c873b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 06:14:15 2022 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 497b5b45442b1293b130fef63de1b84d091d27eb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 24 06:14:04 2022 -0500
|
||
|
||
fix
|
||
|
||
commit 6f695902fb70cbbc95b71f827216ab84edcfeb83
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Nov 23 23:53:40 2022 +1100
|
||
|
||
Add comment about legacy Apple fiesystems
|
||
|
||
commit d7222b5678aa182866c389d8a88f55b6488e74e0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Nov 22 06:03:13 2022 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit e5255a630ad3c9c99b6b7ffa4c7be43a44dffba9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Nov 22 05:57:30 2022 -0500
|
||
|
||
pam-info: support non-root environments (such as during graphical display manager login and xscreensaver)
|
||
|
||
commit d419898ee494fb159ed6811a719dbb4a5ffb469a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Nov 17 10:15:36 2022 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 09e6af5c080f776d56d7e2390f88c4ae7e01bdb7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Nov 16 02:01:23 2022 -0500
|
||
|
||
pam-info refactoring
|
||
|
||
commit caf0099064747a2048363e3600a53af51df549ad
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Nov 16 02:00:32 2022 -0500
|
||
|
||
pam-info refactoring
|
||
|
||
commit 487f63bb01c6dfc71d0e4efef2c70dae94093dce
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Nov 16 01:56:01 2022 -0500
|
||
|
||
comment
|
||
|
||
commit f59f959a8d43ebd80a4037e65ec26df7143bcaf5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Nov 16 01:55:14 2022 -0500
|
||
|
||
pam-info fix
|
||
|
||
commit ae113442a162969561a24fcf17718ceb6a11d928
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Nov 16 01:49:45 2022 -0500
|
||
|
||
pam-info refactoring
|
||
|
||
commit bb6b509d06a1ae34ee407cb309c530e5dddfedfd
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Nov 16 01:44:21 2022 -0500
|
||
|
||
pam-info refactoring
|
||
|
||
commit e5d7ab7082908e64596ccd1da835a781cae22456
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Nov 15 12:44:12 2022 -0500
|
||
|
||
comment
|
||
|
||
commit 23b936b573c8989222a50d1ef8c35dc95589bb0e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Nov 15 12:31:14 2022 -0500
|
||
|
||
also support /usr/local/etc/pam-info-debug
|
||
|
||
commit 95487346dbb18c4ac9133fc21b4abed12dc346b3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Nov 15 12:29:41 2022 -0500
|
||
|
||
pam-info: create debug log file ~/pam-info-debug.txt
|
||
|
||
when file /etc/pam-info-debug exists
|
||
|
||
commit 2872c2ab52ae9a1eaa25ea8b9852401e82d5616a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Nov 15 12:00:59 2022 -0500
|
||
|
||
comments
|
||
|
||
commit 6033de78152cb5d7a9659f58aa8035ae2a7d6532
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Nov 15 11:58:50 2022 -0500
|
||
|
||
debugging
|
||
|
||
commit daa30d4e7830ba38ed52f83e6ac93c3a4e03ee33
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Nov 9 20:43:59 2022 +1100
|
||
|
||
Include several framebuffer drivers into blacklist
|
||
|
||
These were previously commented out to test for compatibility issues.
|
||
|
||
commit 2319458e9f1a0ae2b60cf5786122c19459bbaea1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Aug 24 18:28:39 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit cdfc175953a8ab358bb8e6db2610df11733ba258
|
||
Merge: ff84514 ae4d498
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Aug 22 06:09:30 2022 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit ae4d4989b0e8ea79b5661f098e9814379ff9401e
|
||
Merge: ff84514 d500205
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Aug 22 06:09:40 2022 -0400
|
||
|
||
Merge pull request #113 from raja-grewal/master
|
||
|
||
Comment out machine check exception
|
||
|
||
commit d500205f556ba896417eb0bae1df0144b00ef7b9
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Aug 21 23:03:13 2022 +1000
|
||
|
||
Update README.md
|
||
|
||
commit 92669dba186c6ac40ff601fd39639945cd7633c6
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Aug 21 23:02:44 2022 +1000
|
||
|
||
Comment out machine check exception
|
||
|
||
commit ff8451469ad3b9cbd101ca4b93d72a2ac6cebe37
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Aug 13 11:40:04 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 272a33fe2c3c7666de96f9037094db8e9ab8e09e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Aug 13 11:35:25 2022 -0400
|
||
|
||
addgroup -> adduser fix
|
||
|
||
commit 7d5246693c5c07f76e3f2e29c3ed39d4910673ff
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Aug 12 07:52:26 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 82da4ed18f5682c0cc76cd435b6de2459c7b5f83
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 28 09:56:24 2022 -0400
|
||
|
||
comments
|
||
|
||
commit a6bee1493d4113ab63f8d0671f97989b00d23544
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 28 09:55:12 2022 -0400
|
||
|
||
cold-boot-attack-defense wait longer to make messages readable by user
|
||
|
||
commit 109594952335f94c2a21f22d6a517ecc8b864d81
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jul 26 10:00:53 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 053142cdb57f23172fd0155dde4ff4c0183c4f65
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jul 26 10:00:21 2022 -0400
|
||
|
||
fix
|
||
|
||
commit 73f6523e09f12fc56da0ed3555d050686ff441f3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 23 08:07:37 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 0c5b1e9f577d52e2c056e786e32c14ff37db344b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 23 07:49:56 2022 -0400
|
||
|
||
undo `"force kernel to panic on "oopses"`
|
||
|
||
because implemented differently already
|
||
|
||
https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713
|
||
|
||
commit c1c04b4619eea4c79a0dbb5cced3ebb77482877c
|
||
Merge: 465775c bfe6b88
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 23 07:43:19 2022 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit bfe6b888395abf554623a9e530fe7e6605047e12
|
||
Merge: 465775c ca764d8
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 23 07:27:24 2022 -0400
|
||
|
||
Merge pull request #111 from raja-grewal/harden
|
||
|
||
Increased kernel hardening at boot
|
||
|
||
commit ca764d8de0f17bb7e6d44e3d79ea1805276fc521
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 20 04:06:35 2022 +1000
|
||
|
||
force kernel to panic on "oopses"
|
||
|
||
commit 1660aaa6dd1013ede105baebbb8ff3e1afc7b268
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 19 03:38:41 2022 +1000
|
||
|
||
update details around disabling SMT
|
||
|
||
commit bfd78a2c06153ebadfee39190055edf0a13958f4
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 19 03:16:08 2022 +1000
|
||
|
||
update SRBDS mitigation
|
||
|
||
commit c3ebb9160ffbbd2972cc898e3c1c0055d89beb5c
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 19 02:33:16 2022 +1000
|
||
|
||
CPU mitigation - MMIO Stale Data
|
||
|
||
commit 59e90ff1226bd6330d85244cf7c73ecf7fd5fdf1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 19 02:32:41 2022 +1000
|
||
|
||
CPU mitigation - L1D FLushing
|
||
|
||
commit 8531fbf99dea1b4cd806babd6072a8a1f0506eb3
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 19 02:30:49 2022 +1000
|
||
|
||
CPU mitigation - SRBDS
|
||
|
||
commit 73f1e233327cc0edec83eac322b7f03bcb7fba22
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 19 02:29:46 2022 +1000
|
||
|
||
shuffle and rewording
|
||
|
||
commit 39314b291263a93fcb11756ce12bd8691a1fa0f6
|
||
Merge: bb831d5 c4a1094
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 19 00:49:08 2022 +1000
|
||
|
||
Merge branch 'harden' of https://github.com/raja-grewal/security-misc into harden
|
||
|
||
commit bb831d57bcdcc8195a4b8169a4ddc25fb0c61173
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 19 00:38:32 2022 +1000
|
||
|
||
delete repeated commands
|
||
|
||
commit c77a2a78bc48df2af7653a306bd1b046a8f99a6b
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 19 00:37:31 2022 +1000
|
||
|
||
enforce default net.ipv6.icmp_ignore_bogus_error_responses
|
||
|
||
commit c4a10947608b0d5508ef5b18e0ab34a2ee4f35de
|
||
Merge: 2b23703 465775c
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Mon Jul 18 13:36:23 2022 +0000
|
||
|
||
Merge branch 'Kicksecure:master' into harden
|
||
|
||
commit 465775c9dc1b97c98a5470acaffabb103ea7239f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 16 08:00:16 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 1fafb5f53bbec57812f535e79bfb475628cc58e3
|
||
Merge: 24d6a93 27aa523
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 15 08:09:16 2022 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 27aa5231e2d1dafd89ba19c8d6becf461e781605
|
||
Merge: 24d6a93 a72bbb1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri Jul 15 08:06:08 2022 -0400
|
||
|
||
Merge pull request #112 from raja-grewal/blacklist
|
||
|
||
Corrected kernel module disabling
|
||
|
||
commit a72bbb1883613ee56be29949c153e0edb2d72a29
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 13 23:42:13 2022 +1000
|
||
|
||
Corrected kerenl module disabling
|
||
|
||
commit 24d6a93eacf5b41cfb9133471049776a16a07b03
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 13 08:28:34 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 2b237039cf1db66100f7f0bb4880981ee0489abf
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 13 22:25:53 2022 +1000
|
||
|
||
Update README.md
|
||
|
||
commit 8f31e5d1d172eb117bde63702f63081da182d5c5
|
||
Merge: 6aa9a94 c410890
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 13 07:26:58 2022 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit c410890a8ade6d4be13dc99a7003f03ebded8153
|
||
Merge: 6aa9a94 fe0cc10
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jul 13 07:24:12 2022 -0400
|
||
|
||
Merge pull request #110 from raja-grewal/master
|
||
|
||
Incorporated Ubuntu’s kernel module blacklists and more verbose errors
|
||
|
||
commit 4e93b4d37e4c6d23a0ac76ddb2144c6504a66ad1
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 13 21:10:39 2022 +1000
|
||
|
||
Revert "enforce defualt net.ipv4.ip_forward"
|
||
|
||
This reverts commit 57b5b2145c4e6779f0b879ee4199d46938f20965.
|
||
|
||
commit a47922ad28fc9ebba93615a6ffdaaeb4887cc140
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 13 04:47:07 2022 +1000
|
||
|
||
enforce of IOMMU TLB invalidation
|
||
|
||
commit 33df16af805597057c7aad0d5a4fb135ed9e286b
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 13 04:37:03 2022 +1000
|
||
|
||
disables random.trust_bootloader
|
||
|
||
commit d0779a96fc054df925523a76510c1aae5d672f96
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 13 04:36:34 2022 +1000
|
||
|
||
add reference
|
||
|
||
commit 74858d257b8de40f082ce21241e680a5eeaf4053
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 13 04:34:35 2022 +1000
|
||
|
||
enable randomize_kstack_offset
|
||
|
||
commit f572332108c06eb77d24e776910463e69d49acd3
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 13 04:32:03 2022 +1000
|
||
|
||
disable slub_debug
|
||
|
||
commit 57b5b2145c4e6779f0b879ee4199d46938f20965
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 13 04:30:43 2022 +1000
|
||
|
||
enforce defualt net.ipv4.ip_forward
|
||
|
||
commit 79156262c9e3fe92344847b627afc64b2c7f7717
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 13 04:29:42 2022 +1000
|
||
|
||
enforce default net.ipv4.icmp_ignore_bogus_error_responses
|
||
|
||
commit dabcaf22e1006cc60297c55e3e254f080562d552
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Wed Jul 13 04:28:03 2022 +1000
|
||
|
||
enforce default kernel.randomize_va_space
|
||
|
||
commit fe0cc1089086273794bd6b54df3528ff78c10f6a
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 12 17:18:47 2022 +1000
|
||
|
||
Updated README.md
|
||
|
||
commit 48089e5ba43b0b72449f888b98b63119ed57e2fd
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 12 17:02:12 2022 +1000
|
||
|
||
More verbose kernel module blocking error logs
|
||
|
||
commit 40ec791774f2a6ae7d42ccf2bfbe4a98a9963f08
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Tue Jul 12 16:58:16 2022 +1000
|
||
|
||
Updated comments
|
||
|
||
commit ef1ef9917d896f1cd837f399def6a75704e9bfd2
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Jul 10 04:53:25 2022 +1000
|
||
|
||
Blacklist automatic loading of CD-ROM modules
|
||
|
||
commit 61ef9bd59f9ff39c140f782ff5b41d0a3c6d97bc
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Sun Jul 10 04:52:00 2022 +1000
|
||
|
||
Incorporated Ubuntu’s kernel module blacklists
|
||
|
||
commit 6aa9a9472f10d4d6270dd59fbcd94d9001aca9e6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 9 11:42:24 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 3b844eaab25fecf90292c88291be77abf0be694c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 9 11:42:11 2022 -0400
|
||
|
||
output
|
||
|
||
commit 73d2c9d921c5c75ef3cca5461acc350c648f26d2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 9 11:40:15 2022 -0400
|
||
|
||
output
|
||
|
||
commit adfdac6dea0e8f971c59557b383d116cd51619fd
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 9 11:40:01 2022 -0400
|
||
|
||
output
|
||
|
||
commit 1df2cfd1add8b2277cb37499ced4fbb713c17668
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 9 11:38:37 2022 -0400
|
||
|
||
comment
|
||
|
||
commit fede41e6e03c33f2f6569f03593f76edb9969e6a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 9 11:38:04 2022 -0400
|
||
|
||
fix
|
||
|
||
commit 52c46e4706d5799d452f260616a3909c9a3bc78f
|
||
Merge: 1b8500c dc41a58
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 9 11:37:41 2022 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit dc41a58102a114e21209aabeef9ad6b851365898
|
||
Merge: 1b8500c e5f8004
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 9 11:37:57 2022 -0400
|
||
|
||
Merge pull request #108 from Krish-sysadmin/master
|
||
|
||
Continue for loop if unable to change one directory's permission
|
||
|
||
commit 1b8500cc22fdd6a51ec66ae1b04abccb9a529150
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 7 17:41:13 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 277749f27b2da8d33b70fb6f88c6757fab77e636
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 7 15:49:08 2022 -0400
|
||
|
||
genmkfile debinstfile
|
||
|
||
commit eb8535fe870e79a5c818a38c414147819d32346d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 7 15:48:39 2022 -0400
|
||
|
||
renamed: usr/bin/disabled-by-security-misc -> bin/disabled-by-security-misc
|
||
|
||
commit 26b2c9727f5ba6f78f5cd10c28c3561a97c81be9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 7 15:39:40 2022 -0400
|
||
|
||
not blacklist CD-ROM / DVD yet
|
||
|
||
https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
|
||
|
||
commit d5c16503411bee4199c35a51226fc59924d6e142
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 7 15:28:09 2022 -0400
|
||
|
||
shuffle
|
||
|
||
commit ca19d78d48ca88f5b00dcceb18ac4803c7893ca4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 7 15:27:15 2022 -0400
|
||
|
||
shuffle
|
||
|
||
commit d018bdaf73e109a61c0687a171af843c890729e0
|
||
Merge: 1b287a6 780dc8e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jul 7 15:26:08 2022 -0400
|
||
|
||
Merge remote-tracking branch 'raja-gerwal/master'
|
||
|
||
commit 780dc8eec99915a7466249e219ad59c5db5f0364
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Jul 8 04:11:25 2022 +1000
|
||
|
||
replace /bin/false -> /bin/disabled-by-security-misc
|
||
|
||
commit fa2e30f5125e438250acfdc52107a936ecb7b1b4
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Jul 8 03:04:37 2022 +1000
|
||
|
||
Updated descriptions of disabled modules
|
||
|
||
commit da389d6682f6eb1d0c0172c50a4b529152384415
|
||
Author: Raja Grewal <rg_public@proton.me>
|
||
Date: Fri Jul 8 02:12:04 2022 +1000
|
||
|
||
Revert "replace /bin/false -> /bin/true"
|
||
|
||
This reverts commit f0511635a9725f79863c41a7b8d9f8a077ba8788.
|
||
|
||
commit 28381e81d4a57c59929a37745fa8ba5f3e0b25cb
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Thu Jul 7 09:28:30 2022 +0000
|
||
|
||
Update README.md
|
||
|
||
commit f0511635a9725f79863c41a7b8d9f8a077ba8788
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Thu Jul 7 09:27:53 2022 +0000
|
||
|
||
replace /bin/false -> /bin/true
|
||
|
||
commit 18d67dbc5309a2403bece92881e671f46dc27f86
|
||
Author: raja-grewal <rg_public@proton.me>
|
||
Date: Thu Jul 7 09:26:55 2022 +0000
|
||
|
||
Blacklist more modules
|
||
|
||
commit 1b287a6430527c762f9bf909bcda58ab52041668
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jul 5 11:16:33 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 92ff868ecefed4377c5f1e99eb5e5eecbb021564
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jul 5 11:05:36 2022 -0400
|
||
|
||
readme
|
||
|
||
commit b8ba6085357631fb1f346a613d7e354aaf780560
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jul 5 10:57:28 2022 -0400
|
||
|
||
readme
|
||
|
||
commit 949edf3e1753fcd403015c2d0dc8f3503a7f62d2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jul 5 10:48:58 2022 -0400
|
||
|
||
readme
|
||
|
||
commit 1c0e0719483c68ce04b5c14159ad09a87c386deb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jul 5 10:45:55 2022 -0400
|
||
|
||
comments
|
||
|
||
commit 5d47f5f74cc9f5e186de8db5305a44029ebbb362
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jul 5 10:45:09 2022 -0400
|
||
|
||
comments
|
||
|
||
commit 435c689cf9ee9e94dec42ab3c45bc02beb8f9c40
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jul 5 10:44:28 2022 -0400
|
||
|
||
comments
|
||
|
||
commit c20d588d7871bce1b8a02d46e6f658844a014572
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jul 5 10:42:37 2022 -0400
|
||
|
||
comments
|
||
|
||
commit 8f03ce049a1f48bb088cf92f4f39cceb2e3a5ae6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jul 5 10:41:55 2022 -0400
|
||
|
||
readme
|
||
|
||
commit b342ce930ea14a365ba23f37642cc9c098470362
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jul 5 10:28:22 2022 -0400
|
||
|
||
add `/etc/default/grub.d/40_cold_boot_attack_defense.cfg`
|
||
|
||
commit e5f8004a9401727f1be2db492ea756bc19090866
|
||
Author: Krish-sysadmin <kjain@fedoraproject.org>
|
||
Date: Tue Jul 5 03:37:40 2022 +0200
|
||
|
||
Update hide-hardware-info
|
||
|
||
commit 69af8be7b80dcc30e3a5d1b0a1d1aa198528b876
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 19:10:55 2022 -0400
|
||
|
||
drop_caches before and after sdmem
|
||
|
||
commit 67bdd58bf2a8090a29e35b85fb4a25d42a8f8a1a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 19:07:06 2022 -0400
|
||
|
||
sync
|
||
|
||
commit 01b82bf0f0b96b3e08e272b8b2e69c1b3f0dcc16
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 18:30:06 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 973f117aa6a7418ea29125753f6c6b6f7e7986a4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 18:12:36 2022 -0400
|
||
|
||
wipe RAM at shutdown: Ensure any remaining disk cache is erased by Linux' memory poisoning
|
||
|
||
by running:
|
||
`echo 3 > /proc/sys/vm/drop_caches`
|
||
|
||
Inspired by Tails:
|
||
https://gitlab.tails.boum.org/tails/tails/-/blob/master/config/chroot_local-includes/usr/local/lib/initramfs-pre-shutdown-hook
|
||
|
||
commit e783ddc71e5e528051e1bd0fda3f60decc0af9bf
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 17:37:16 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 95187bd357e6f2f855afbf546da42c6229a8394e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 17:21:33 2022 -0400
|
||
|
||
fix
|
||
|
||
commit 3bd87d019fb08644578d2ee73d2ac7185687f115
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 16:03:52 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 148a050468658c254b67de2de61cad3e147e2178
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 16:03:45 2022 -0400
|
||
|
||
fix
|
||
|
||
commit 82e7863d5b1efff2c558204bfdf04812af10660b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 16:02:28 2022 -0400
|
||
|
||
improvement
|
||
|
||
commit aebca1b3dce026bbccefa38381e62f30904e5a6d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 15:52:08 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 1144b39e5efcb318ad92413f623b6f039fd7a5fa
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 15:50:59 2022 -0400
|
||
|
||
debugging
|
||
|
||
commit c29b21c08a839d8dafe2c9654a58f2b178055935
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 15:45:19 2022 -0400
|
||
|
||
output
|
||
|
||
commit ed8ce9a7d0869d62eecea7ffc59c176bec061d08
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 15:32:51 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit d34fe21963442c6025b56209d0ba10479cde09a6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 15:32:42 2022 -0400
|
||
|
||
fix
|
||
|
||
commit 7a448e01a1f2be432c763678742301b64739b920
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 2 14:27:04 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 32fdcf522be994e693f39c347ab1063ccd94255b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jun 30 14:47:45 2022 -0400
|
||
|
||
- introduce `wiperam=skip` kernel parameter to skip wipe ram
|
||
- introduce `wiperam=force` kernel parameter to force wipe ram inside VMs
|
||
|
||
commit 036f518ddc067461979f5b61a576b7f74b7c6e65
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jun 30 13:56:29 2022 -0400
|
||
|
||
improvement
|
||
|
||
commit 0e2fae2b693d6c45344cfdf592bac0adf3338d58
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Jun 30 13:50:18 2022 -0400
|
||
|
||
skip ram wipe inside VMs
|
||
|
||
https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596/40
|
||
|
||
commit e06405c7be683450e6c6f737171b4f10513254e7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 16:56:16 2022 -0400
|
||
|
||
undo
|
||
|
||
commit 1b97d9cb766b00914769e5add699a8bdbcf1e7aa
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 16:30:31 2022 -0400
|
||
|
||
fix
|
||
|
||
commit 26be74bfe5c51a8ae41bb736847d3e93e7ae27d7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 16:25:07 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 92c543e71ff5386f4458102e1795132399292328
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 16:24:52 2022 -0400
|
||
|
||
output
|
||
|
||
commit d4161b2748665ca3b67e5ced5ae576acb93cda46
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 16:23:42 2022 -0400
|
||
|
||
output
|
||
|
||
commit 1ce7b27297bce446fb5726eba1cbb0cd3746fa85
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 16:23:12 2022 -0400
|
||
|
||
improvement
|
||
|
||
commit aae4fdcffd0e3ed168975bc84db149843ffdfe47
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 16:06:33 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 8b584c570af5d9ada8083af9bd80f3f992e3dceb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 16:06:22 2022 -0400
|
||
|
||
lintian
|
||
|
||
commit a1f752ad00563b61a62a2dd33058365f1b6027de
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 16:03:58 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit f5e0c1742abc009b1af95f0d106a5e1cd90d1ef4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 16:02:05 2022 -0400
|
||
|
||
credits
|
||
|
||
commit 42e24f3c241471d91af6f16b74b5bf85dfad85d7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:54:49 2022 -0400
|
||
|
||
update file names
|
||
|
||
commit 52aaac9b6d3a9611317e919d78840554bfce9778
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:53:52 2022 -0400
|
||
|
||
rename
|
||
|
||
commit 619bb3cf4d347c1575c58c74adbbede94d60f79b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:53:24 2022 -0400
|
||
|
||
rename
|
||
|
||
commit 2a8504cf1bd2a4d7e373bde3f34f6f22e3d5ebc4
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:51:14 2022 -0400
|
||
|
||
move
|
||
|
||
commit af8b211c238f6fe83db5990dc0984d1c532456ae
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:50:20 2022 -0400
|
||
|
||
improvements
|
||
|
||
commit 0b0cda8f8f2ff1da256473115df37456273cdcdd
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:24:40 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit e9cd5d934b04f7d06a14616ef52a914198f03b97
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:24:27 2022 -0400
|
||
|
||
copyright
|
||
|
||
commit 1c51d156494e743c7ad89f76510209a97eef5e45
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:23:53 2022 -0400
|
||
|
||
lintian
|
||
|
||
commit 4b0cd53fee691f68dd6292869b6f6870bc0b6cbe
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:22:41 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 9ab81d45810b71374520603c32812e22685f59cb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:22:00 2022 -0400
|
||
|
||
do not power off too fast so wipe ram messages can be read
|
||
|
||
commit 19439033de840ed39039f04db7b13f6e168a627e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:19:56 2022 -0400
|
||
|
||
copyright
|
||
|
||
commit fc202ede16ee41aceeec356ba35ba71cc7fc821d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:18:28 2022 -0400
|
||
|
||
delete no longer required `usr/lib/dracut/modules.d/40sdmem-security-misc/README.md`
|
||
|
||
commit 6d3a08a9365207923edd2f0b6f8aebdc635d3b33
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 15:17:40 2022 -0400
|
||
|
||
improvements
|
||
|
||
commit 87e5f49f8dc72f14e96cc06b924566668991037f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 14:18:02 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 6eba53767f3af2436fd00b807e71a94dff813dfc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 14:17:52 2022 -0400
|
||
|
||
lintian
|
||
|
||
commit 81c15e88afd11d3359ae748d5c43e7bcc8b9a855
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 14:15:48 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 8a072437cc6478757a8f21f3a6a0ea51a97b978b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 14:13:30 2022 -0400
|
||
|
||
ram wipe on shutdown: fix, added `need_shutdown` hook
|
||
|
||
Otherwise dracut does not run on shutdown.
|
||
|
||
Without `need_shutdown` file `/run/initramfs/.need_shutdown` does not get created.
|
||
And without that file `/usr/lib/dracut/dracut-initramfs-restore`,
|
||
which itself is started by `/lib/systemd/system/dracut-shutdown.service` does nothing.
|
||
|
||
commit 4d937f551f6cccf40f933576a7fa210066f1fc8a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 13:03:35 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 924077e04cd0d5b06a410b2a9289047286500e8a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 13:02:53 2022 -0400
|
||
|
||
verbose
|
||
|
||
commit db301dfd7feb07799a00871f0e1f8fdccef0b777
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 13:02:39 2022 -0400
|
||
|
||
comment
|
||
|
||
commit 73d2ada0deb98064979ea1feedb01c6312c4b4d5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 13:02:01 2022 -0400
|
||
|
||
comment
|
||
|
||
commit 67eaf8c9167da545189390b6f0f58b0b5b20976c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 11:40:38 2022 -0400
|
||
|
||
comments
|
||
|
||
commit 72908d6b0dd65d6c9691977047b2bfdaa16ba147
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 11:34:55 2022 -0400
|
||
|
||
comments
|
||
|
||
commit 43ea4dbb8363c511270fd704b138633da9ad088a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 11:18:59 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 295811a88f9505687447ebf605fa108bc795da46
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 11:14:52 2022 -0400
|
||
|
||
improvements
|
||
|
||
commit e5d85d69efefdfcee63c8c7d4ced1ed1bf1aeee7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 10:02:18 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit af8ff65f8404ac1d423ad3c28342d8fe7bc3a018
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 10:01:51 2022 -0400
|
||
|
||
comment
|
||
|
||
commit cfae7de6a842b77e50f9e6f5cb1eed0eac63ff2f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 09:58:37 2022 -0400
|
||
|
||
lintian
|
||
|
||
commit 83519a58c7c1eccee7544fbc3ec0cf67bda976a7
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 09:54:27 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 024d52a67ebb6028d5df890e469fec5dc42be00a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 09:52:53 2022 -0400
|
||
|
||
improve usr/lib/dracut/modules.d/40sdmem-security-misc/module-setup.sh
|
||
|
||
commit 29253004b6be7c7d2b3fce6cceff2df3e845f15a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 09:38:18 2022 -0400
|
||
|
||
minor
|
||
|
||
commit 6f19af1542d3b6d2d6af89136ce909f7f7335ff1
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 09:35:08 2022 -0400
|
||
|
||
add shebang /bin/sh
|
||
|
||
to fix lintian warning
|
||
security-misc: executable-not-elf-or-script usr/lib/dracut/modules.d/40sdmem-security-misc/wipe.sh
|
||
|
||
commit 38cdf2722bc0aa224e1ec253e77728d4e00b9be0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 29 09:32:55 2022 -0400
|
||
|
||
- Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks
|
||
- Confirm in console output if encrypted mounts (root disk) is unmounted. (Because that is a pre-condition for wiping the LUKS full disk encryption key from RAM.)
|
||
|
||
Thanks to @friedy10!
|
||
|
||
https://github.com/friedy10/dracut/tree/master/modules.d/40sdmem
|
||
|
||
https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596
|
||
|
||
commit adca1ebdf6c83c5c1c846cdb29f3e16ea9cdf32f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 8 11:05:07 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit d7dd188651a5227be6b1d95e7ae9a97e0cbb34f0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 8 09:27:02 2022 -0400
|
||
|
||
remove unicode
|
||
|
||
commit 55d16e1602c0221dbe00996a206d0691ef93ae71
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 8 09:04:03 2022 -0400
|
||
|
||
remove unicode
|
||
|
||
commit fcaec49675ce7e240bdd049aab184fbee0945c7d
|
||
Merge: 5c43197 995e4ba
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 8 08:20:24 2022 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 995e4ba7fafc1bf4f691b83dde415c57cebed63d
|
||
Merge: 616fe85 6e8f584
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 8 08:19:03 2022 -0400
|
||
|
||
Merge pull request #104 from ntninja/patch-1
|
||
|
||
Fix issues found with permission-hardening on my system
|
||
|
||
commit 5c43197f10df3a49704a66ef3e3d56f122be4775
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 8 08:11:28 2022 -0400
|
||
|
||
minor
|
||
|
||
commit 6e8f584d88333d3a6fec1318ba92f76e328bf7ce
|
||
Author: Kuri Schlarb <246386+ntninja@users.noreply.github.com>
|
||
Date: Wed Jun 8 05:29:42 2022 +0000
|
||
|
||
permission-hardening: Keep `pam_unix.so` password checking helper SetGID shadow
|
||
|
||
commit 2bdda9d0a0a289dafb260c926d29df274c9a67da
|
||
Author: Kuri Schlarb <246386+ntninja@users.noreply.github.com>
|
||
Date: Tue Jun 7 08:18:05 2022 +0000
|
||
|
||
permssion-hardening: Do not skip config file lines without trailing newline (ancient bash bug)
|
||
|
||
commit 3910e4ee159d8b5f80c5086915583e4e20ecd6fe
|
||
Author: Kuri Schlarb <246386+ntninja@users.noreply.github.com>
|
||
Date: Tue Jun 7 08:11:51 2022 +0000
|
||
|
||
permission-hardening: Keep `passwd` executable but non-SetUID
|
||
|
||
commit 9fd8e1c9b0250c9e00b555838bd381f162dfd8c4
|
||
Author: Kuri Schlarb <246386+ntninja@users.noreply.github.com>
|
||
Date: Tue Jun 7 08:03:56 2022 +0000
|
||
|
||
permission-hardening: Fix issue with pipelining failures causing incorrect user/group lookup results
|
||
|
||
commit 616fe857f7a5cde1f4ad0d31e03876dcd2ab7f0f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed May 25 06:07:17 2022 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 7e2efe0155b97955428e64181c9a6b32402ee9db
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 20 15:27:10 2022 -0400
|
||
|
||
readme
|
||
|
||
commit 2d37e3a1af3739eedd9191a0f0c78a2762c5fa38
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Fri May 20 14:46:38 2022 -0400
|
||
|
||
copyright
|
||
|
||
commit 78a9956b73498bad471ee1cb0fa0993f2e5ce3c0
|
||
Merge: 4a3ed17 7651308
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu May 19 19:41:33 2022 -0400
|
||
|
||
Merge remote-tracking branch 'github-kicksecure/master'
|
||
|
||
commit 76513087872943442df32451de5af158c2bbe944
|
||
Merge: 4a3ed17 93efa50
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu May 19 19:39:42 2022 -0400
|
||
|
||
Merge pull request #103 from 0xC0ncord/bugfix/selinuxfs_restrictions
|
||
|
||
hide-hardware-info: re-enable restrictions on sysfs when using SELinux
|
||
|
||
commit 4a3ed17160c14ba7122d770665b53bde96038307
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu May 19 17:25:58 2022 -0400
|
||
|
||
readme
|
||
|
||
commit bb0307290b59d0273f9ad585e881c91071e3edea
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Apr 16 14:18:35 2022 -0400
|
||
|
||
update link
|
||
|
||
commit 2677db34baeb120a402b684d4a62ccf616b5528c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Apr 10 12:40:16 2022 -0400
|
||
|
||
readme
|
||
|
||
commit 93efa506dac6135f1a5c260ec95d985e7fedc53d
|
||
Author: 0xC0ncord <me@concord.sh>
|
||
Date: Thu Mar 17 11:41:57 2022 -0400
|
||
|
||
hide-hardware-info: disable selinux whitelist by default
|
||
|
||
commit 0051a6935acd2f452a9189d1581ccac7377dd23d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 10 14:06:54 2022 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit b0a0004a85387a4f7520a688f6d2a9826d8e68fb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 10 13:47:10 2022 -0500
|
||
|
||
output
|
||
|
||
commit 4f6f588fb53d2756d867ac7e29fb42f4f8fdb335
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Feb 10 13:44:55 2022 -0500
|
||
|
||
fix, skip deletion of system.map files on read-only filesystems
|
||
|
||
This is required for Qubes /lib/modules read-only implementation at time of writing.
|
||
|
||
Thanks to @marmarek for the bug report!
|
||
|
||
https://forums.whonix.org/t/remove-system-map-cannot-work-lib-modules-is-mounted-read-only/13324
|
||
|
||
commit 356232677a036cd1a673d805caa4d74a327ea096
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Nov 9 14:32:33 2021 -0500
|
||
|
||
readme
|
||
|
||
commit 4172232eb75aaca301e51529e49df76ca86b93b3
|
||
Author: 0xC0ncord <me@concord.sh>
|
||
Date: Fri Oct 8 22:17:12 2021 -0400
|
||
|
||
hide-hardware-info: make indentation consistent
|
||
|
||
commit 060d7d890a0292addaa1e85bb1b2ff7eece23378
|
||
Author: 0xC0ncord <me@concord.sh>
|
||
Date: Fri Oct 8 22:11:58 2021 -0400
|
||
|
||
hide-hardware-info: re-enable restrictions on sysfs when using SELinux
|
||
|
||
When using SELinux, restrict the parts of sysfs explicitly to ensure
|
||
restrictions are working as expected.
|
||
|
||
commit 96026a5e90a56cade2dff5f3dfc3687687e92c56
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Sep 14 14:18:52 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit c72567dbd215fcd60c4719fe1ebc9a0f350a2b97
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Sep 14 14:18:44 2021 -0400
|
||
|
||
fix
|
||
|
||
commit 03276fbec502df9e9fc228a0c05f3c85fd1483af
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Sep 12 11:57:20 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit d62bbaab82a33a485a82d42d8db5674d200a1c3d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Sep 12 11:40:58 2021 -0400
|
||
|
||
fix, unduplicate kernel command line
|
||
|
||
commit fb0540650c26689165b2fd0558b87ef7c3154a6e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Sep 11 16:33:14 2021 -0400
|
||
|
||
readme
|
||
|
||
commit 64e9f0016aa5804740a099890a5ef648dde07883
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Sep 9 12:35:37 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit bd31b4085c853d8b182e3a13534827a695f5493a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Sep 9 12:16:18 2021 -0400
|
||
|
||
remove Debian buster support in /etc/default/grub.d
|
||
|
||
commit d16d9a545502af1ec25a165a27bdbc1033b97d59
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Sep 6 09:46:20 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit ac0c492663b9d90f99e5969193b35b53d4175d1d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Sep 6 08:22:55 2021 -0400
|
||
|
||
do not set kernel parameter `quiet loglevel=0` for recovery boot option
|
||
|
||
for easier debugging
|
||
|
||
commit 49902b8c56512c3ee8b3d16b0ca513e44349c66d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Sep 6 08:19:41 2021 -0400
|
||
|
||
move grub quiet to separate config file /etc/default/grub.d/41_quiet.cfg
|
||
|
||
commit bb3a3178f17d1b882f38ba18db7835833f758805
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Sep 6 04:55:23 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit f5b0e4b5b856ba6fa0dea7fa18c38221d972e8a3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Sep 6 04:55:16 2021 -0400
|
||
|
||
debugging
|
||
|
||
commit a67d1754d459a221930cb92754b51bec348f8035
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Sep 5 16:04:28 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 6257bfa926f960b3b772dd528fe6004f81d990ea
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Sep 5 15:54:20 2021 -0400
|
||
|
||
debugging
|
||
|
||
commit 1b09d5671829c51bd17f44410d4122b6de7aa6e9
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Sep 4 18:29:00 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit a4e18a2ae8c19a664bb1be5bc4ec43f10a876969
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Sep 4 18:28:37 2021 -0400
|
||
|
||
`dracut` `reproducible=yes`
|
||
|
||
commit 1a10293b0408a4197620ce78cffb62cb8c00908c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Sep 4 12:00:55 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit e2810f348b413bb307449a911c12a46924686a9f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Sep 4 11:50:31 2021 -0400
|
||
|
||
Depends: libpam-modules-bin
|
||
|
||
commit 3c64ec8f917ed1237454d1526647a84bf00c9e83
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Sep 2 14:36:53 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit be8c10496f26d33378deb2427e56892771456ee5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Sep 1 15:55:53 2021 -0400
|
||
|
||
fix faillock implementation
|
||
|
||
dovecot / ssh are exempted
|
||
|
||
commit 8b104f544a9e4e8da1691659fefa4999a4f6f085
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Sep 1 15:45:36 2021 -0400
|
||
|
||
fix, add sshd to pam_service_exclusion_list
|
||
|
||
to avoid faillock
|
||
|
||
commit 224ae730c13f4add672fffaf58206eeb7ae24090
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 22 05:32:18 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit db43cedcfdf918556ae3989209a4d984527a6416
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 22 05:23:24 2021 -0400
|
||
|
||
LANG=C str_replace
|
||
|
||
commit ef2b067c0385dbae7b16bc79a10582995d8ba5fe
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 17 15:24:12 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 08adf4a07d97940ef924f53863ec4aa62f88fb04
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 17 15:23:49 2021 -0400
|
||
|
||
readme
|
||
|
||
commit 7d73b3ffa0bf13ba78debfb7f099758b0d0fbef3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 17 15:21:26 2021 -0400
|
||
|
||
add hardened malloc compatibility for haveged workaround
|
||
|
||
`/lib/systemd/system/haveged.service.d/30_security-misc.conf`
|
||
|
||
`SystemCallFilter=getrandom`
|
||
|
||
Otherwise haveged will exit with a core dump.
|
||
|
||
commit 8676beef90040bdf0782e0a9c683c6463ddb48b5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 10 18:26:32 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 582492d6d8c5f756be4d809898707cb196c5c765
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 10 17:13:00 2021 -0400
|
||
|
||
port from pam_tally2 to pam_faillock
|
||
|
||
since pam_tally2 was deprecated upstream
|
||
|
||
commit 2bf0e7471cbd3b813ce385d994e43e48636f7a0b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 10 15:11:01 2021 -0400
|
||
|
||
port from pam_tally2 to pam_faillock
|
||
|
||
since pam_tally2 was deprecated upstream
|
||
|
||
commit 2aea74bd715d865f44f91aaab6ca1bf0a00a2b0b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 10 15:06:04 2021 -0400
|
||
|
||
renamed: usr/libexec/security-misc/pam_tally2-info -> usr/libexec/security-misc/pam-info
|
||
renamed: usr/libexec/security-misc/pam_tally2_not_if_x -> usr/libexec/security-misc/pam_faillock_not_if_x
|
||
renamed: usr/share/pam-configs/tally2-security-misc -> usr/share/pam-configs/faillock-security-misc
|
||
|
||
commit 6376bbff801f79dbb154611c3ad330b4cd863f69
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Aug 5 17:03:43 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 3756016f42d97c6bf32c9bf5fed02904a63f4a5c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 3 13:04:34 2021 -0400
|
||
|
||
`lintian --suppress-tags obsolete-command-in-modprobe.d-file`
|
||
|
||
https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/24
|
||
|
||
commit 50bdd097df4c87cd4507311df9c0b14d237c534b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 3 12:56:31 2021 -0400
|
||
|
||
move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS
|
||
|
||
commit 4fadaad8c0a79df5996372c05db635d500e41fee
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 3 12:52:10 2021 -0400
|
||
|
||
lintian FHS
|
||
|
||
commit 6607c1e4bd085ee952952e6db17714326df4b7f6
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 3 12:48:57 2021 -0400
|
||
|
||
move /usr/lib/helper-scripts and /usr/lib/curl-scripts to /usr/libexec/helper-scripts as per lintian FHS
|
||
|
||
commit 0492f28aa10dc93063ff3b46107fa705c5ee0d7e
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 3 12:37:39 2021 -0400
|
||
|
||
enable "`apt-get --error-on=any`" by default
|
||
|
||
makes apt exit non-zero for transient failures
|
||
|
||
`/etc/apt/apt.conf.d/40error-on-any`
|
||
|
||
https://forums.whonix.org/t/debian-bullseye-apt-get-error-on-any/12068
|
||
|
||
commit 240ec7672a4d513e7e6cca280aca3d67c265d1cc
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 3 12:19:26 2021 -0400
|
||
|
||
replace no longer required `/usr/lib/security-misc/apt-get-wrapper` with `apt-get --error-on=any`
|
||
|
||
commit 8eae6356684052415f8bc494db077e033653d971
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 3 11:51:31 2021 -0400
|
||
|
||
update lintian tag name
|
||
|
||
commit 5e3338f8d3ff799a2da4257e24b57bd55541187f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 3 05:48:25 2021 -0400
|
||
|
||
bullseye
|
||
|
||
commit bb3e65f7a80770238bda3733bed89c15a9c76852
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Aug 3 03:25:35 2021 -0400
|
||
|
||
bullseye
|
||
|
||
commit c94281121e20289b718f24c13e399e5e8cac0ebd
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 1 16:37:02 2021 -0400
|
||
|
||
comment
|
||
|
||
commit 3599e8e2dabf13ad76901a9c282469f23d4d1308
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 1 16:24:41 2021 -0400
|
||
|
||
readme
|
||
|
||
commit 82f3961a7165cc1e778be785950f1a255af43b4f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 1 13:12:08 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 5a65c35479f267b026c03e195658ef9d98ee519c
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Aug 1 13:11:18 2021 -0400
|
||
|
||
port LKRG compatibility settings automation for VirtualBox hosts from systemd to dpkg trigger
|
||
|
||
commit f03c7978c7c12eb0efed1d9298f52149a8149cb3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jul 25 11:31:45 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit b3e34f7f43346c123d20e9a1606b1023b535f669
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jul 25 11:27:07 2021 -0400
|
||
|
||
comment
|
||
|
||
commit 7e128636b3a4ea7fe5dfa12018685ab7b5dda706
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jul 25 11:26:20 2021 -0400
|
||
|
||
improve LKRG VirtualBox host configuration
|
||
|
||
as per https://github.com/openwall/lkrg/issues/82#issuecomment-886188999
|
||
|
||
commit 3ebe9e7c530b39f1b0429a97eab2627f2bbd1635
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 24 18:10:06 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 257cef24baa038b21ef511e9d95c4229a5e16f68
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jul 24 18:03:40 2021 -0400
|
||
|
||
add LKRG compatibility settings automation for VirtualBox hosts
|
||
|
||
https://github.com/openwall/lkrg/issues/82
|
||
|
||
commit 0f86ffef04e533be1c88584b6419c276d176fc05
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Jun 23 11:20:39 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 74e39cbf690dae2bf72bd9f152ea91c364f5feff
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jun 20 11:18:56 2021 -0400
|
||
|
||
pam-abort-on-locked-password: more descriptive error handling
|
||
|
||
https://forums.whonix.org/t/restrict-root-access/7658/1
|
||
|
||
commit 0f3dbfc4a1fb08b5542e265dfbeab4e7f401549d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jun 20 10:16:57 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit eff5af03184f52181894884b90a8d867a1f10956
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sun Jun 20 10:16:33 2021 -0400
|
||
|
||
https://forums.whonix.org/t/restrict-root-access/7658/116
|
||
|
||
commit 419f1d89c25ca833ac63f2e174beeb9afb0cce00
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jun 7 12:13:37 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 30d1ce36af7835d47e0b53af475f3a7e99617b77
|
||
Merge: 0305baf 70a1eb2
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Jun 7 12:11:58 2021 -0400
|
||
|
||
Merge remote-tracking branch 'github-whonix/master'
|
||
|
||
commit 70a1eb25a5976e0461056ff2c56bd82ab5df6c2c
|
||
Merge: 0305baf 97d8db3
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Jun 5 15:55:41 2021 -0400
|
||
|
||
Merge pull request #101 from madaidan/sudo
|
||
|
||
Restrict sudo's file permissions
|
||
|
||
commit 97d8db3f74b9fc00c8f4416cb72966e62c7de88e
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Jun 5 19:16:42 2021 +0000
|
||
|
||
Restrict sudo's file permissions
|
||
|
||
commit 0305baf21173f0ee292986200f1242ca0395c74d
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jun 1 07:36:59 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit d87bee37f788fb7605626cd4a8d61ed9e6fee252
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jun 1 07:21:18 2021 -0400
|
||
|
||
comment
|
||
|
||
commit 809930c0212aa41d60b1a498bd4ce85f06668bae
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Tue Jun 1 05:36:01 2021 -0400
|
||
|
||
comment
|
||
|
||
commit 5bd59991cbf72ba9ebd8feadd4da397bbcd9d469
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed May 5 08:37:56 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 6e759f9196412b1742db1e4c68a70867e1ad8629
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Apr 29 11:17:30 2021 -0400
|
||
|
||
config-package-dev displace /etc/dkms/framework.conf
|
||
|
||
https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58
|
||
|
||
commit e2afd00627b097f75467cd0e2fe7e15977141026
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Apr 29 11:14:30 2021 -0400
|
||
|
||
modify DKMS configuration file `/etc/dkms/framework.conf`
|
||
|
||
Lower parallel compilation jobs to 1 if less than 2 GB RAM to avoid freezing of virtual machines.
|
||
|
||
`parallel_jobs=1`
|
||
|
||
This does not necessarily belong into security-misc, however likely
|
||
security-misc will need to modify `/etc/dkms/framework.conf` in the future to
|
||
enable kernel module signing.
|
||
|
||
https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477/26
|
||
|
||
https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58
|
||
|
||
commit 3ba3b371873d221db6845fb0fe52191b8b349b0a
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Apr 29 11:08:30 2021 -0400
|
||
|
||
add `/etc/dkms/framework.conf.security-misc`
|
||
|
||
original, from
|
||
- https://github.com/dell/dkms/blob/master/dkms_framework.conf
|
||
- https://raw.githubusercontent.com/dell/dkms/master/dkms_framework.conf
|
||
|
||
https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58
|
||
|
||
commit 1d35bdf2912d1dfd0b49ce727338f86d17decd72
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Apr 5 11:58:47 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 41734ec523eb3cd233fe4651b9807222c8ccb1d5
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Apr 3 11:44:13 2021 -0400
|
||
|
||
systemd RemainAfterExit=yes
|
||
|
||
for better usability
|
||
|
||
https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618/33
|
||
|
||
commit e8ea94325b1df7bc0c47eabdfbd7c24b2fe51539
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Mar 17 12:31:34 2021 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit a67007f4b7b7763a0b131acb246cfe84ac65540f
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Wed Mar 17 09:45:21 2021 -0400
|
||
|
||
copyright
|
||
|
||
commit 0c4a7207e46933a504badfb9c1ce26a9ef82d370
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Thu Mar 4 07:09:01 2021 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit a1819e8cabc45ea197da7e3a4a94ffbab1376423
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Mar 1 09:15:44 2021 -0500
|
||
|
||
comment
|
||
|
||
commit 3382192b89de3891d45261f138652bdb48c5674b
|
||
Merge: 7f30d70 2e8e3c0
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Mar 1 09:12:18 2021 -0500
|
||
|
||
Merge remote-tracking branch 'github/master'
|
||
|
||
commit 2e8e3c07c4dda7f8500237dfa7a1d2bc7aecef5d
|
||
Merge: 7f30d70 4db7d6b
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Mon Mar 1 14:11:28 2021 +0000
|
||
|
||
Merge pull request #100 from 0xC0ncord/bugfix/selinuxfs_restrictions
|
||
|
||
hide-hardware-info: allow unrestricting selinuxfs
|
||
|
||
commit 7f30d702953b2e46255e3e8e71ee47af3f5a5725
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Feb 6 06:31:45 2021 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 83c0be5177929b67e3c9eba18c02904498d378cb
|
||
Author: Patrick Schleizer <adrelanos@whonix.org>
|
||
Date: Sat Feb 6 06:27:54 2021 -0500
|
||
|
||
readme
|
||
|
||
commit 4db7d6be643f9e7c9c3b81d3945b8d2c3e4c5269
|
||
Author: Kenton Groombridge <me@concord.sh>
|
||
Date: Sat Feb 6 03:02:08 2021 -0500
|
||
|
||
hide-hardware-info: allow unrestricting selinuxfs
|
||
|
||
On SELinux systems, the /sys/fs/selinux directory must be visible to
|
||
userspace utilities in order to function properly.
|
||
|
||
commit 3120ff3ec98edecdc2855261d3ba26cad8803c74
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 29 23:37:03 2021 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit af3244741dba7425148378aacf853e82deddee1f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 29 23:15:52 2021 -0500
|
||
|
||
comment
|
||
|
||
commit d9aaf5910553b04b965ea729476b586d72043aea
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jan 28 02:15:46 2021 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit b0b7f569ee7da1101c9100c1b053b910f8660436
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jan 28 02:11:54 2021 -0500
|
||
|
||
comment
|
||
|
||
commit f2595cc2542b326a74d4c651897160c04bd1e162
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 27 05:50:16 2021 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 9622f28e255a101ee7239e3ffd42d8d80637654a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 27 05:49:34 2021 -0500
|
||
|
||
skip counting failed login attempts from dovecot
|
||
|
||
Failed dovecot logins should not result in account getting locked.
|
||
|
||
revert "use pam_tally2 only for login"
|
||
|
||
commit 480f74cab6d79886fe29eeecc5b7ebc1f138f8dd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jan 24 05:10:36 2021 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 6757104aa4d1e661b046e71f7bda511d73e83d61
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jan 24 05:04:48 2021 -0500
|
||
|
||
use pam_tally2 only for login
|
||
|
||
to skip counting failed login attempts over ssh and mail login
|
||
|
||
commit 126c31c37d17a55b0980dcae8c546aeed4282a99
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 19 19:41:43 2021 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 14d13fb03ed627cfb378873ad46f4d3ac795a9f6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 19 19:41:42 2021 -0500
|
||
|
||
readme
|
||
|
||
commit 611fbe2c619d9b5fab748faf2b0f59274a914187
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jan 18 05:39:34 2021 -0500
|
||
|
||
description
|
||
|
||
commit 0e8ea5eb727d609d70e8f639dde62583a3ff47f3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jan 14 02:36:49 2021 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit ddd62c1eef031c2befc626acbe4d48d8cdbea1d0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 12 03:24:11 2021 -0500
|
||
|
||
readme
|
||
|
||
commit 468d8b600dda7cce87bbdf972244ef2f610935d5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 12 03:20:58 2021 -0500
|
||
|
||
readme
|
||
|
||
commit b5cee63999a7277b32f3850a5d8821c73ed05933
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 12 03:19:31 2021 -0500
|
||
|
||
new file: README_generic.md
|
||
|
||
commit 94627f0875e69c9314faab8b0dc2dbe22af5c88f
|
||
Merge: 353e74f 79876f7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 12 03:18:41 2021 -0500
|
||
|
||
Merge remote-tracking branch 'github/master'
|
||
|
||
commit 79876f7b1261006885a713dbfda97609c8e81f3f
|
||
Merge: 353e74f 3066b5a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 12 08:17:04 2021 +0000
|
||
|
||
Merge pull request #99 from madaidan/docs
|
||
|
||
Overhaul documentation
|
||
|
||
commit 3066b5ad972f16069361999afbca0978986db862
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Jan 12 02:17:13 2021 +0000
|
||
|
||
Overhaul documentation
|
||
|
||
commit 353e74fb5f0c150b9de3554b88619480c338ef59
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 5 08:30:37 2021 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit a258f35f385aff7b6fef71e23b94c4681e52bed2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 5 02:11:08 2021 -0500
|
||
|
||
comment
|
||
|
||
commit a4d7e4614174e6f0357a068af0b7fd46e963a89f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Dec 10 05:20:57 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit c5097ed599078091aef1fcb63b237d9835040c34
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 6 04:23:09 2020 -0500
|
||
|
||
comment
|
||
|
||
commit b2b614ed2a1a62ff4c917aba80eeef505810dbf8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 6 04:15:52 2020 -0500
|
||
|
||
cover more folders in /usr/local
|
||
|
||
commit 5bd267d7747521fa5bb053da19dc79991e2c4bb5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 6 04:10:50 2020 -0500
|
||
|
||
refactoring
|
||
|
||
commit 11cdce02a048b323c6f56cb15f98e6060aab8346
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 6 04:10:10 2020 -0500
|
||
|
||
refactoring
|
||
|
||
commit f73c55f16c10ee2cd0532f4032cec56c484bd4d5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 6 04:08:58 2020 -0500
|
||
|
||
/opt
|
||
|
||
https://forums.whonix.org/t/suid-disabler-and-permission-hardener/7706/68
|
||
|
||
commit 261ef85c14ff9c13d3d7734d8c9eba5a54497187
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 1 05:53:06 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit c031f22995a1e073bd81189ee97a3de32a2b278f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 1 05:14:48 2020 -0500
|
||
|
||
SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists
|
||
|
||
`whitelists_disable_all=true`
|
||
|
||
commit b09cc0de6af2d7e12110a0f3030234539288abad
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 1 05:10:26 2020 -0500
|
||
|
||
Revert "SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists"
|
||
|
||
This reverts commit 36a471ebce883f7a1660977f486b21ece320d0c2.
|
||
|
||
commit 704f0500ba4e23a1e5b33688db02e03b1169046d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 1 05:03:16 2020 -0500
|
||
|
||
fix, rename 40_default_whitelist_[...].conf to 25_default_whitelist_[...].conf
|
||
|
||
since whitelist needs to be defined before SUID removal commands
|
||
|
||
commit 36a471ebce883f7a1660977f486b21ece320d0c2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 1 05:02:34 2020 -0500
|
||
|
||
SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists
|
||
|
||
`whitelists_disable_all=true`
|
||
|
||
commit 318ab570aacd48b7f163331dc2ba8b012e0d2336
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 1 04:28:15 2020 -0500
|
||
|
||
simplify disabling of SUID Disabler and Permission Hardener whitelist
|
||
|
||
split `/etc/permission-hardening.d/30_default.conf` into multiple files
|
||
|
||
`/etc/permission-hardening.d/40_default_whitelist_[...].conf`
|
||
|
||
therefore make it easier to delete any whitelisted SUID binaries
|
||
|
||
commit cf07e977bd6697af7a4326d7705447d500d35593
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Nov 29 09:09:42 2020 -0500
|
||
|
||
add `/bin/pkexec exactwhitelist` for consistency
|
||
|
||
since there is already `/usr/bin/pkexec exactwhitelist`
|
||
|
||
commit fe274838861ada125eccdca11ba044123fdae663
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Nov 28 06:08:10 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 28a326a8a14f56d588ed6f2b4d7d748d53120109
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Nov 28 05:31:12 2020 -0500
|
||
|
||
add feature `/usr/lib/security-misc/permission-hardening-undo /path/to/filename`
|
||
|
||
to allow removing 1 SUID
|
||
|
||
fix, show INFO message if file does not exist during removal rather than ERROR
|
||
|
||
commit 0ef35f877066ddac21737e707829c4571bb76abd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Nov 6 10:18:09 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit abae787186d48b2cccf220cbf7b553f8478e60be
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 5 06:47:16 2020 -0500
|
||
|
||
usability: pam abort when attempting to login to root when root password is locked
|
||
|
||
commit 581e31af81015fb85ee1bdd81586dbea13804955
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 5 06:46:57 2020 -0500
|
||
|
||
comment
|
||
|
||
commit dfe9b0f6c7364e4d3cc3bf13ad7c0fccc2cb7e10
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 5 06:42:47 2020 -0500
|
||
|
||
fix, no longer unconditionally abort pam for user accounts with locked passwords
|
||
|
||
as locked user accounts might have valid sudoers exceptions
|
||
|
||
Thanks to @mimp for the bug report!
|
||
|
||
https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521
|
||
|
||
commit 211769dc65a5c98cbdb55ce62e83c9e2a9fa1540
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 5 06:41:51 2020 -0500
|
||
|
||
comment
|
||
|
||
commit 79521397310f5e4e200291b2e2380e8e58953f18
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 5 06:39:32 2020 -0500
|
||
|
||
comment
|
||
|
||
commit bb72c1278dd02a48a631d8e798cd78100576a1a8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 5 06:36:39 2020 -0500
|
||
|
||
copyright
|
||
|
||
commit f4843b1deb95948f9fe2a2870ecbe61c1cab798a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 31 06:29:25 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit c1e0bb831025854afbd88e5c353a000c4dadaede
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 31 06:11:49 2020 -0400
|
||
|
||
shebang
|
||
|
||
commit b06d4ca29983938fa81acfc379366e6c1516c69a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 31 06:09:22 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 3f656be5746ec4d219371fb0d67c222df7fe52d1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 31 05:48:10 2020 -0400
|
||
|
||
chmod +x /etc/X11/Xsession.d/50panic_on_oops
|
||
chmod +x /etc/X11/Xsession.d/50security-misc
|
||
|
||
commit 881d695bff7d65c66bbf8e0973f883c75a3d1ebb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 5 07:03:37 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 3adb2c92d9551f649b177753fede18da3cc4b0eb
|
||
Merge: feb7cea 5856013
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 3 14:10:32 2020 -0400
|
||
|
||
Merge remote-tracking branch 'github/master'
|
||
|
||
commit 58560138cdc36fa5f6142f75f0fed53bcad96363
|
||
Merge: feb7cea 06ffd5d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 3 18:09:07 2020 +0000
|
||
|
||
Merge pull request #77 from madaidan/debugfs
|
||
|
||
Restrict access to debugfs
|
||
|
||
commit 06ffd5d2201152c60eb4309860b8c42be386dccb
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Sep 28 19:21:20 2020 +0000
|
||
|
||
Restrict access to debugfs
|
||
|
||
commit feb7cea4c508a94d1140bc08856d0fe586da694e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 28 10:30:42 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit da1ac48cde8ea5057d1606a2fba42ea179677378
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 28 10:29:50 2020 -0400
|
||
|
||
unblacklist squashfs as this would likely break Whonix-Host ISO
|
||
|
||
https://github.com/Whonix/security-misc/pull/75#issuecomment-700044182
|
||
|
||
commit 4070133ed65af409adeb6f8c7970d3bc7074b02b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 28 10:25:57 2020 -0400
|
||
|
||
unblacklist vfat
|
||
|
||
https://github.com/Whonix/security-misc/pull/75#issuecomment-695201068
|
||
|
||
commit 77d461ec08ffdf0eb6a5d124927d9f9748c0dd3c
|
||
Merge: 5fc7b79 3684ab5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 28 10:24:59 2020 -0400
|
||
|
||
Merge remote-tracking branch 'github/master'
|
||
|
||
commit 3684ab585eeab46ff17a1d410ce1bcff1a63968c
|
||
Merge: ae90107 a813e7d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 28 14:24:15 2020 +0000
|
||
|
||
Merge pull request #75 from flawedworld/patch-1
|
||
|
||
Blacklist more modules (based on OpenSCAP for RHEL 8)
|
||
|
||
commit ae90107e6df4d312a6734985df38b8533d1283c8
|
||
Merge: 5fc7b79 8f7727e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 28 14:23:42 2020 +0000
|
||
|
||
Merge pull request #76 from flawedworld/patch-2
|
||
|
||
Add IPv6 sysctl options and enforce kernel.perf_event_paranoid=3
|
||
|
||
commit a813e7da07a39e96e0cd7937aee7568307a00287
|
||
Author: flawedworld <38294951+flawedworld@users.noreply.github.com>
|
||
Date: Sat Sep 19 20:46:19 2020 +0100
|
||
|
||
Blacklist more modules
|
||
|
||
commit 5fc7b791db473c22ea43ff899e2dbe232c42a2b7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Sep 19 09:28:27 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit bff6ce7abb920d55edc49b19340a1e9251a4cd8c
|
||
Merge: 98c0dec 9239c8b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Sep 19 06:54:50 2020 -0400
|
||
|
||
Merge remote-tracking branch 'github/master'
|
||
|
||
commit 9239c8b8074018090d4fa1381aa06e66a99359cc
|
||
Merge: 98c0dec 8dfdec1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Sep 19 10:54:21 2020 +0000
|
||
|
||
Merge pull request #71 from onions-knight/patch-1
|
||
|
||
Update thunar.xml
|
||
|
||
commit 8f7727e823a86a1826686d5c95d0070721c7acba
|
||
Author: flawedworld <38294951+flawedworld@users.noreply.github.com>
|
||
Date: Fri Sep 18 23:36:30 2020 +0100
|
||
|
||
Add some IPv6 options
|
||
|
||
commit 944fed3c459dd55820cb1eca68f86816bdf8469f
|
||
Author: flawedworld <38294951+flawedworld@users.noreply.github.com>
|
||
Date: Fri Sep 18 23:29:04 2020 +0100
|
||
|
||
Disallow kernel profiling by users without CAP_SYS_ADMIN
|
||
|
||
It's the default on a lot of stuff, but still nice to have.
|
||
|
||
commit 98c0decaa46c6fb839062ff9af0556d821c254e6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 3 09:43:43 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 7e267ab49850362c02374a15fdba2409a5487a0f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 3 08:12:19 2020 -0400
|
||
|
||
fix, allow group `sudo` and `console` to use consoles
|
||
|
||
fix /etc/security/access-security-misc.conf syntax error
|
||
|
||
Thanks to @81a989 for the bug report!
|
||
|
||
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/31
|
||
|
||
commit b09f5ddc154d6561fd97b436feeb6a6225f89206
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 29 08:33:07 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit ac8bc4f006dbc1583e35ba033e38dac8392127e9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 29 06:30:07 2020 -0400
|
||
|
||
readme
|
||
|
||
commit 861f9d1022e61766c7474d9eb79489ba64ac2055
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu May 14 13:57:32 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 3cd7b144bba1a92ca771b16fc5215073c7561a1a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu May 14 13:47:58 2020 -0400
|
||
|
||
move "kernel.printk = 3 3 3 3" to separate file /etc/sysctl.d/30_silent-kernel-printk.conf
|
||
|
||
so package debug-misc can easily disable it
|
||
|
||
https://phabricator.whonix.org/T950
|
||
|
||
commit 81cb6ad2462a900f9c5193278de70ada62a5585b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 23 12:27:25 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 6485df8126b52a2072824fa442e8d1dd5cb18981
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 23 12:26:31 2020 -0400
|
||
|
||
Prevent kernel info leaks in console during boot.
|
||
|
||
add kernel parameter `quiet loglevel=0`
|
||
|
||
https://phabricator.whonix.org/T950
|
||
|
||
commit aa5631b02b0127b4681ae08c973b08b23befd701
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 16 08:43:40 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 8d2e4b68dcae87b27f519196488e0ed7e8b95ef2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 16 08:00:31 2020 -0400
|
||
|
||
Prevent kernel info leaks in console during boot.
|
||
|
||
By setting `kernel.printk = 3 3 3 3`.
|
||
|
||
https://phabricator.whonix.org/T950
|
||
|
||
Thanks to @madaidan for the suggestion!
|
||
|
||
commit 4898a9e753e9399e83e4a39d8fa340e1ad9d4f6d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 16 07:54:33 2020 -0400
|
||
|
||
fix, sysctl-initramfs: switch log to /run/initramfs/sysctl-initramfs-error.log
|
||
|
||
since ephemeral, in RAM, not written to disk, no conflict with grub-live
|
||
|
||
https://forums.whonix.org/t/kernel-hardening/7296/435
|
||
|
||
commit 701da5f6cc911e3946904c152078dc6c637e5070
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 16 07:24:44 2020 -0400
|
||
|
||
formatting
|
||
|
||
commit cb51847085c1b62c99ab160373c52a388bdfe300
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 15 14:05:37 2020 -0400
|
||
|
||
readme
|
||
|
||
commit df218ad6582ab88be16e66cf13951d0a5271411b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Apr 14 12:40:31 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 8851c9ed29e79d2ef5df9c7b7086878e69b90bd4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Apr 14 12:39:34 2020 -0400
|
||
|
||
fix: disable proc-hidepid.service
|
||
|
||
commit b6dde34bfb696218cc14ac89d169ec0e37814bff
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Apr 13 06:56:34 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit e0b8640fb9d03feb6b01fed4469d901e3f9a5dc0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Apr 13 06:56:34 2020 -0400
|
||
|
||
readme
|
||
|
||
commit 253578afdf9a4aeb8c5495ca815d0326086dc986
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Apr 13 06:50:32 2020 -0400
|
||
|
||
/etc/security/access-security-misc.conf white list ttyS0 etc.
|
||
|
||
ttyS0 ttyS1 ttyS2 ttyS3 ttyS4 ttyS5 ttyS6 ttyS7 ttyS8 ttyS9
|
||
|
||
Thanks to @subpar_marlin for the bug report and helping to fix this!
|
||
|
||
https://forums.whonix.org/t/how-do-i-enter-the-whonix-shell-from-cli/7271/43
|
||
|
||
https://forums.whonix.org/t/etc-security-hardening/8592
|
||
|
||
commit b3ce18f0f9f1da0552a4a1bd882a5b5dda13626e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Apr 12 16:54:10 2020 -0400
|
||
|
||
disable proc-hidepid by default because incompatible with pkexec
|
||
|
||
and undo pkexec wrapper
|
||
|
||
commit 442931529121e9e402e7ac56e27df3dcec43167b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Apr 12 16:52:55 2020 -0400
|
||
|
||
disable proc-hidepid by default because incompatible with pkexec
|
||
|
||
and undo pkexec wrapper
|
||
|
||
commit 72be31e870057b035651c1b5a7e9a9db149e9d25
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Apr 12 16:48:13 2020 -0400
|
||
|
||
disable proc-hidepid by default because incompatible with pkexec
|
||
|
||
and undo pkexec wrapper
|
||
|
||
commit 938e929f39ff68296ab01a4b619f963ad3bdf535
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Apr 12 16:37:51 2020 -0400
|
||
|
||
add pkexec to suid default whitelist
|
||
|
||
/usr/bin/pkexec exactwhitelist
|
||
/usr/bin/pkexec.security-misc-orig exactwhitelist
|
||
|
||
commit 695ad5b83d0e89b1c3b8a5f09f2d7d0a17d8e72f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 9 09:45:30 2020 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 67b9d06b25a651b89e35abdd227a1740871395cd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 9 09:45:29 2020 +0000
|
||
|
||
readme
|
||
|
||
commit 565ff136e5f1e714b4094fcd9cfdf99a0fb99850
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 8 21:04:02 2020 +0000
|
||
|
||
vm.swappiness=1
|
||
|
||
import from swappiness-lowest
|
||
|
||
https://forums.whonix.org/t/vm-swappiness-1-set-swapiness-to-lowest-setting-still-useful-swappiness-lowest/9278
|
||
|
||
commit 642d4d8d939f33c19564dcc5a0ed46d85feb80aa
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 8 17:13:21 2020 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit a9d0baffe600b9ac5bb7d6ee4e7c5c5830bc60ba
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 8 16:57:32 2020 +0000
|
||
|
||
python -> python3
|
||
|
||
commit 4153d8d08874256647d3200333d6754baac2ea63
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 8 16:51:22 2020 +0000
|
||
|
||
apparmor-profile-anondist -> apparmor-profile-dist
|
||
|
||
commit 72228946dca93b5c8257ac5a6ad59e54b7b14d11
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 8 16:46:11 2020 +0000
|
||
|
||
fix etc/default/grub.d/40_kernel_hardening.cfg
|
||
|
||
in Qubes if no kernel package is installed
|
||
|
||
commit bfd6018d8d108ee8691556529121fe2a679de1d2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 8 12:51:11 2020 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 0441f2ed7ad01585c11c9fb6a05cd3884408c9d6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 8 12:30:05 2020 +0000
|
||
|
||
readme
|
||
|
||
commit 663811a8192d7d08769eaf5e9c057b9dcca34562
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 8 12:04:13 2020 +0000
|
||
|
||
anon-base-files -> dist-base-files
|
||
|
||
commit cc8489df2ff655276be31073ec2fff57a9e8b448
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Apr 6 13:29:23 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 350a15dfbf9186c4bd81159b7656b5707a95c5db
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Apr 6 13:22:32 2020 -0400
|
||
|
||
readme
|
||
|
||
commit 5c81e1f23fa07a0e3c96d15dc3cc24d41332fe3c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Apr 6 09:25:45 2020 -0400
|
||
|
||
import from anon-gpg-conf
|
||
|
||
commit 1b2a34ea80fa9efeb02acaa8595e3c38fd9d06ca
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Apr 4 16:51:42 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 1188a44f47602248911d81f4dc3af08b830b65b9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Apr 4 16:49:30 2020 -0400
|
||
|
||
port to python 3.7
|
||
|
||
commit a2c932aa5a354798ce1383e988519f9a2cb69374
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 2 07:58:51 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit ae8c5fff3c70c00931b95cd04b8729d2c1bd2a60
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 2 07:22:47 2020 -0400
|
||
|
||
readme
|
||
|
||
commit a7f2a2a3b6b408a0545f55b8fed9cc17fbd8f843
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 2 06:04:45 2020 -0400
|
||
|
||
console lockdown: allow members of group `sudo` to use console
|
||
|
||
https://forums.whonix.org/t/etc-security-hardening/8592
|
||
|
||
https://github.com/Whonix/security-misc/pull/74#issuecomment-607748407
|
||
|
||
https://www.whonix.org/wiki/Dev/Strong_Linux_User_Account_Isolation#Console_Lockdown
|
||
|
||
commit 7764ee0d202193dc67f5805fc23be2b804962186
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 2 05:58:16 2020 -0400
|
||
|
||
comments
|
||
|
||
commit d9f2a0e4a1837ef1604e4cd17ce8ae60996c9782
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 1 17:34:59 2020 -0400
|
||
|
||
remove 'Build-Depends: ronn' since no longer required
|
||
|
||
commit eda9c57a628ebf1083f87789842d5403c6e05122
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 1 16:57:33 2020 -0400
|
||
|
||
remove genmkfile
|
||
|
||
commit 2609fe9c3efff611dc5bce20d62580dace02757b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 1 16:33:29 2020 -0400
|
||
|
||
add debian install file
|
||
|
||
commit d4b2baa9b66d480d5e45c628f8bc4ff11fab765f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 1 10:58:16 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 2ceea8d1fe9f2425488c6696f75f2ecfd9ff2235
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 1 08:49:59 2020 -0400
|
||
|
||
update copyright year
|
||
|
||
commit b6de867dec85efb03cf38aa85494607edb4500f4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 1 08:26:44 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit ad022fc0b703f28f24665d28b072f1a993978370
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 1 08:21:06 2020 -0400
|
||
|
||
fix
|
||
|
||
commit 354af7085be7e266913c3ae79701cd1abc729d06
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Mar 31 07:41:45 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 814f613a2fac12b892dfb6dcf53ee628e340c7b2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Mar 31 07:08:25 2020 -0400
|
||
|
||
When using systemd-nspawn (chroot) then `login` requires console 'console' to be permitted.
|
||
|
||
commit a369a0a94dca7fff68234e4f75d74a4e9d63df5b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Mar 30 18:42:02 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit c22adbd92fcab45fb3b1d3e98528c4790bb20a6a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Mar 30 18:39:23 2020 -0400
|
||
|
||
notify if security-misc installation is forced
|
||
|
||
commit 7ee5fc1b760dff0f86d8cf07a77cbd42d40f7a53
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Mar 30 17:16:46 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit f663b5eff8a6f2fa406039ced4441c5a4a9c1477
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Mar 30 17:15:02 2020 -0400
|
||
|
||
skip check if any non-root user is a member of group sudo and console if
|
||
environment variable `SECURITY_MISC_INSTALL` is set to `force`
|
||
|
||
commit bc22fc9fdba834d0a2d8fdc75b86934e56b317c9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Mar 30 17:12:43 2020 -0400
|
||
|
||
skip check if any non-root user is a member of group sudo and console if file
|
||
/var/lib/security-misc/skip_install_check exists
|
||
|
||
commit d7a69628b1def631b04219da7aee764eebea37df
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Mar 21 14:56:48 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 5f0dd8270ba6311018e654cca3b8b86818af5a82
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Mar 21 14:14:35 2020 -0400
|
||
|
||
consistent use of quotes
|
||
|
||
commit 66ea1a3a127642c5515ac6fd80952a56568620bc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Mar 21 14:14:15 2020 -0400
|
||
|
||
minor
|
||
|
||
commit 23bd7ead59c0bdd793a955aaa613552b37a38dab
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Mar 21 14:12:42 2020 -0400
|
||
|
||
remove trailing space
|
||
|
||
commit 7c25fc517e6f42d4364a55407f6bf0c84d130c8e
|
||
Merge: 20f0c57 1cbc7f6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Mar 21 14:12:25 2020 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 1cbc7f6bed8acc112b610e05f527cffc6e9e1e87
|
||
Merge: 20f0c57 89ada11
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Mar 21 18:11:57 2020 +0000
|
||
|
||
Merge pull request #73 from madaidan/sysctl-initramfs
|
||
|
||
Only remount in sysctl-initramfs if already mounted read-only
|
||
|
||
commit 89ada11cf9a76cf02b3d5f92fd5c66194fe40ff0
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Mar 21 17:49:07 2020 +0000
|
||
|
||
Only remount if already mounted read-only
|
||
|
||
commit 20f0c574d5424c78ab6b4d3829a6662615967ba5
|
||
Merge: e4118cb 2938182
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Mar 21 13:28:43 2020 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 2938182ce6303e6e55086e2e9e82f8263a3c8e76
|
||
Merge: e4118cb c8826d6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Mar 21 17:26:37 2020 +0000
|
||
|
||
Merge pull request #72 from madaidan/master
|
||
|
||
Fix sysctl-initramfs logs
|
||
|
||
commit c8826d6702ebaf280994effb22aea39b4cfd2dac
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Mar 21 17:15:25 2020 +0000
|
||
|
||
Fix sysctl-initramfs logs
|
||
|
||
commit 8dfdec1d3b0fde7b2836b38e5aefab1b6b6df9f2
|
||
Author: onions-knight <38859709+onions-knight@users.noreply.github.com>
|
||
Date: Tue Mar 17 16:38:53 2020 +0000
|
||
|
||
Update thunar.xml
|
||
|
||
Adding Delete option for thunar on right mouse click (removed in Debian 10). See https://forums.whonix.org/t/whonix-host-calamares-branding-suggestion/7772/26
|
||
|
||
commit e4118cb21eb8765bc8f4e7b5e05d464d72575824
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Mar 12 04:43:08 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit e6e7886a6e3dca1a75943c5a04c4d29ab8682cec
|
||
Merge: 04a87f7 711e786
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Mar 11 09:08:41 2020 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 711e786be504179c832172acb39d567b323520e6
|
||
Merge: 04a87f7 4d0de87
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Mar 11 13:06:23 2020 +0000
|
||
|
||
Merge pull request #70 from madaidan/userfaultfd
|
||
|
||
Fix unprivileged_userfaultfd
|
||
|
||
commit 4d0de87f799d8032731140e9a5815d4773d91baa
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Mar 8 17:49:49 2020 +0000
|
||
|
||
Disable unprivileged userfaultfd use again
|
||
|
||
commit efb2683cfc168c3b110c6664ee61eabcf85f3f30
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Mar 8 17:49:12 2020 +0000
|
||
|
||
Hide unprivileged_userfaultfd error
|
||
|
||
commit 04a87f7029736e5ce66f18bb6c42cadf3500b26b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Mar 8 09:43:24 2020 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit 284a49110030b21aa3136447217273337a12acaf
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Mar 8 08:07:10 2020 -0400
|
||
|
||
disable `vm.unprivileged_userfaultfd=0` for now
|
||
|
||
because broken
|
||
|
||
https://forums.whonix.org/t/kernel-hardening/7296/406
|
||
|
||
reverts "Restrict the userfaultfd() syscall to root as it can make heap sprays easier."
|
||
|
||
https://duasynt.com/blog/linux-kernel-heap-spray
|
||
|
||
commit 44351ec9b78d59aeeef44675e8e203c7ace243f0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Mar 7 21:44:19 2020 -0500
|
||
|
||
remove no longer needed code for installation of apparmor profiles
|
||
|
||
commit 71ae6239168d829e25670ffa856ee0f011a168a9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Mar 5 08:36:27 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 76eb9579a3038982301fc622c84cd48fa3d88ffd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Mar 5 08:33:00 2020 -0500
|
||
|
||
readme
|
||
|
||
commit 15dde15a36c3cac0088773670b84f7e1e2b1423f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Mar 3 09:42:24 2020 -0500
|
||
|
||
typo
|
||
|
||
commit 8887af26d6a82613ee1f9c3a10ba42fdd2444d1c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Mar 3 09:19:49 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 1dea4dbcf6fa3299e513d01005b514e42bf51538
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Mar 3 09:18:38 2020 -0500
|
||
|
||
readme
|
||
|
||
commit cd19c2da006d38cd0cd3653b31e398d16396d825
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Mar 3 09:18:24 2020 -0500
|
||
|
||
fix lintian warning
|
||
|
||
commit 7e3fedefb234e584d900c036c424ac083a9efa3d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Mar 3 09:12:50 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 201d6b5efc355b08b5f94f9284d2242dec9c56b8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Mar 3 09:07:42 2020 -0500
|
||
|
||
readme
|
||
|
||
commit 63c6405ab74f0dd5f3ec3838135b29304a3d1fc8
|
||
Merge: e3e39f2 453aa8a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 29 07:34:46 2020 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 453aa8a4eb76fe56ad67f1aea8abfeb122e68a9c
|
||
Merge: e3e39f2 60fbf8b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 29 12:28:32 2020 +0000
|
||
|
||
Merge pull request #65 from madaidan/userfaultfd
|
||
|
||
Restrict the userfaultfd() syscall to root
|
||
|
||
commit e3e39f22354595c9f21c243d7bdadc1487374db8
|
||
Merge: 649ec5d bd7678c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 29 05:01:41 2020 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 649ec5dfa1d2c0e324d8054b4c7402ab2b462d93
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 29 04:59:56 2020 -0500
|
||
|
||
pkexec wrapper: fix gdebi / synaptic
|
||
|
||
but at cost of checking for passwordless sudo /etc/suders /etc/sudoers.d
|
||
exceptions.
|
||
|
||
http://forums.whonix.org/t/cannot-use-pkexec/8129/53
|
||
|
||
commit 32269d32b63e549f76b4090b675dd53256fbc42d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 29 04:59:15 2020 -0500
|
||
|
||
description
|
||
|
||
commit b31caefdeb8b76537982e359e708b57081d7b381
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 29 04:59:02 2020 -0500
|
||
|
||
description
|
||
|
||
commit bd7678c574819298b364185fe7e3362c7e8d4930
|
||
Merge: d04d4bf 42d3b98
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Feb 28 12:04:05 2020 +0000
|
||
|
||
Merge pull request #66 from madaidan/mce
|
||
|
||
Fix docs
|
||
|
||
commit 42d3b986c41854fc2990557d2333874e9379793b
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Feb 27 17:41:14 2020 +0000
|
||
|
||
Update control
|
||
|
||
commit d04d4bf0950b60b8e5bf51b2303bbecdbc5fe326
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Feb 25 02:08:10 2020 -0500
|
||
|
||
description
|
||
|
||
commit 4043d2af3f8239a2056610363fc9d53770ebc336
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Feb 25 02:06:48 2020 -0500
|
||
|
||
description
|
||
|
||
commit 0e5187ff249c686908506896e01125e37d194543
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Feb 25 02:00:27 2020 -0500
|
||
|
||
description
|
||
|
||
commit 60fbf8b0de8a631d8a63c64f7e8181fee501c237
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Feb 24 18:24:07 2020 +0000
|
||
|
||
Update control
|
||
|
||
commit 6b64b36b0190198f5edfda6c704a9efe3ea5b9a6
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Feb 24 18:23:15 2020 +0000
|
||
|
||
Restrict the userfaultfd() syscall to root
|
||
|
||
commit 221000db5b184664c09dfe9cb7055de45331a7e1
|
||
Merge: 01eaee9 c7f2537
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 17 03:17:11 2020 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit c7f2537930925e3ec250db81791a107af003079b
|
||
Merge: 01eaee9 8ea4e50
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 17 08:16:34 2020 +0000
|
||
|
||
Merge pull request #64 from madaidan/extra_latent_entropy
|
||
|
||
Gather more entropy during boot
|
||
|
||
commit 8ea4e50c8e9c3c9ee650b665a32b78f67aedc1aa
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Feb 16 19:52:40 2020 +0000
|
||
|
||
Update control
|
||
|
||
commit f6b6ab374ea2b24dfd4ac49bc1a595b50ab3d952
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Feb 16 19:51:32 2020 +0000
|
||
|
||
Gather more entropy during boot
|
||
|
||
commit 01eaee997e34aa73a11dffe032ace5ef23c37e28
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 15:35:44 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 412a83923dd09f36a25ebf9ce1991369d09c5e34
|
||
Merge: dce54d5 4399a51
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 15:30:32 2020 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit dce54d5d0f7c6017037b5fb6a5851dd90ce5d762
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 15:29:38 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 3df008f0b9aa08c8b92c89439abeb029f5d1f316
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 15:28:30 2020 -0500
|
||
|
||
readme
|
||
|
||
commit 4399a512bef77ddec428bd4150cacebb77fc22da
|
||
Merge: 757df8f a79ce7f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 19:43:05 2020 +0000
|
||
|
||
Merge pull request #63 from madaidan/ldisc_autoload
|
||
|
||
Document ldisc_autoload better
|
||
|
||
commit a79ce7fa68c22048d3e10789fe209b14b818d0fb
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Feb 15 17:30:21 2020 +0000
|
||
|
||
Document ldisc_autoload better
|
||
|
||
commit 757df8fceb29d9b6143cf26e73cb31dde69d0a71
|
||
Merge: 9bbae90 a9a1581
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 05:43:43 2020 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit a9a1581720739966e94f18be556552e9d75d63b1
|
||
Merge: 9bbae90 1e5946c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 10:42:20 2020 +0000
|
||
|
||
Merge pull request #60 from madaidan/sysrq
|
||
|
||
Restrict the SysRq key
|
||
|
||
commit 1e5946c795e3962fdc2229146b9331d36a1d6c41
|
||
Merge: 0f49736 9bbae90
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 10:41:52 2020 +0000
|
||
|
||
Merge branch 'master' into sysrq
|
||
|
||
commit 9bbae903fe5ee58d4a22dfeab51cbb179b8cfb14
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 05:29:48 2020 -0500
|
||
|
||
remove-system.map: lower verbosity output
|
||
|
||
commit cce35e5109489df44916a08722d9016bb1e578ec
|
||
Merge: 14140ad e403517
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 05:27:52 2020 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit e40351796e297673e1ec45dee7483079e96d9639
|
||
Merge: 5124f8c 31009f0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 10:25:15 2020 +0000
|
||
|
||
Merge pull request #62 from madaidan/shred
|
||
|
||
Shred System.map files
|
||
|
||
commit 5124f8cebcf6113547d11fc5193f83af1a2b6f84
|
||
Merge: ac8757a 9b76713
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 10:18:56 2020 +0000
|
||
|
||
Merge pull request #61 from madaidan/disable_early_pci_dma
|
||
|
||
Avoid holes in IOMMU
|
||
|
||
commit ac8757a031a02c6cbad564e6a857954c0cf01a54
|
||
Merge: ad6b766 ace6211
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Feb 15 10:09:46 2020 +0000
|
||
|
||
Merge pull request #59 from madaidan/ldisc
|
||
|
||
Restrict loading line disciplines to CAP_SYS_MODULE
|
||
|
||
commit 31009f0bfa10e7b67f5823a5be92273e5414fff3
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Fri Feb 14 23:46:19 2020 +0000
|
||
|
||
Shred System.map files
|
||
|
||
commit 9b767139ef82279e00d86f7f1e1e8bf73d795651
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Fri Feb 14 18:52:01 2020 +0000
|
||
|
||
Avoid holes in IOMMU
|
||
|
||
commit 0f497369574811b0e7fb832636a5618e62618619
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Fri Feb 14 18:18:18 2020 +0000
|
||
|
||
Update control
|
||
|
||
commit d251c43344a04e1dd8afbf12352432810874e021
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Fri Feb 14 18:17:20 2020 +0000
|
||
|
||
Restrict the SysRq key
|
||
|
||
commit ace62111761451a13c446767dfd3c32b9b70a7f8
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Fri Feb 14 17:51:17 2020 +0000
|
||
|
||
Update control
|
||
|
||
commit 0ea7dd161b3e643c23624e6dcb450116824b6301
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Fri Feb 14 17:50:19 2020 +0000
|
||
|
||
Restrict loading line disciplines to CAP_SYS_MODULE
|
||
|
||
commit ad6b76688677cd4f9f0b2f2524c0f6b0a381bf29
|
||
Merge: 14140ad 14f8458
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Feb 13 18:40:58 2020 +0000
|
||
|
||
Merge pull request #57 from madaidan/sysctl
|
||
|
||
Prevent symlink/hardlink TOCTOU races
|
||
|
||
commit 14140ad41ba45b2457570a7df28b42cfd3bf3155
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Feb 13 13:39:45 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit d1fa191bc0ad58ea4fbb5b4db383311f87319dfe
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Feb 13 13:38:21 2020 -0500
|
||
|
||
readme
|
||
|
||
commit 76a51a3b45113b4f771397bf32daae3fb38af6a6
|
||
Merge: 163e20b 5ebab39
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Feb 13 13:37:34 2020 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 5ebab397b201f431e3d0ca3bebfb71fa61a7ed2b
|
||
Merge: 163e20b 2796c2d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Feb 13 18:36:41 2020 +0000
|
||
|
||
Merge pull request #58 from madaidan/mitigations
|
||
|
||
Improve CPU mitigations documentation
|
||
|
||
commit 2796c2dd00fca0bb458bdb4ea5c2cdbd35854bef
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Feb 12 18:43:19 2020 +0000
|
||
|
||
Update control
|
||
|
||
commit 700c7ed9085f2c9f0f271ddf8781f119e8ac5714
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Feb 12 18:42:13 2020 +0000
|
||
|
||
Create 40_cpu_mitigations.cfg
|
||
|
||
commit ba0043b8a7249e55e0a0d3b87f6c54de5283f057
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Feb 12 18:36:05 2020 +0000
|
||
|
||
Update 40_kernel_hardening.cfg
|
||
|
||
commit 14f845837476810f1eb3038d9d41f9ad8088b916
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Feb 12 18:05:32 2020 +0000
|
||
|
||
Update control
|
||
|
||
commit 5cb21d0d4d36fd516f17a9b5378443859f497027
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Feb 12 18:03:23 2020 +0000
|
||
|
||
Prevent symlink/hardlink TOCTOU races
|
||
|
||
commit 163e20b886f298cb9d3aca54c14f66991001b396
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Feb 5 06:31:48 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 3024006f63be34f0c9d2968b1839a855419792dd
|
||
Merge: 8c5cd86 024576e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Feb 4 00:24:50 2020 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 024576e3307e45c90b97ed8658ee82ceb1ed00aa
|
||
Merge: 8c5cd86 e4c6e89
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Feb 4 05:24:05 2020 +0000
|
||
|
||
Merge pull request #56 from HulaHoop0/patch-1
|
||
|
||
kvm.nx_huge_pages=force
|
||
|
||
commit e4c6e897cf37cbf5de6d90888a0ddbe56db11c2f
|
||
Author: HulaHoop0 <55955185+HulaHoop0@users.noreply.github.com>
|
||
Date: Mon Feb 3 16:06:46 2020 +0000
|
||
|
||
kvm.nx_huge_pages=force
|
||
|
||
commit 8c5cd865f49cea986cdfc00a4cb4f0f913d4d3e6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 3 09:23:13 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 1f6ed2cc7047e1144e811d94dddc7306ee93b61e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 3 08:55:20 2020 -0500
|
||
|
||
add support for passing parameters to usr/lib/security-misc/apt-get-update
|
||
|
||
commit 2291b7f787bcec5f64f632c6f3e8dfb12c67b4ee
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 3 08:43:31 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 8627c9f76d1bdf26a423a92506d3d8c0eb1afc2e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 31 12:18:02 2020 -0500
|
||
|
||
/usr/lib/security-misc/apt-get-update increase default timeout_after="600"
|
||
|
||
commit 829e28aa90ff5cb38edcc3cfab8ec91939ae5844
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 31 12:17:07 2020 -0500
|
||
|
||
/usr/lib/security-misc/apt-get-update environment variable timeout_after kill_after support
|
||
|
||
commit 0bd0a4a647aef9899e1cbb5671ccfa3ca36efe18
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jan 30 06:14:34 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 85d2aa1365ae5dfc43944a938794954452c26fe0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jan 30 06:13:42 2020 -0500
|
||
|
||
hide stdout (but not stderr) by sysctl during initramfs
|
||
|
||
commit d69c1839cd30145c30247e0962a97cfd38f79d60
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jan 30 06:02:26 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit b9d65338bcc76552e4d2169106cd04e6276eb320
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jan 30 05:55:13 2020 -0500
|
||
|
||
unconditionally enable all CPU bugs (spectre, meltdown, L1TF, ...)
|
||
|
||
this might reduce performance
|
||
|
||
* `spectre_v2=on`
|
||
* `spec_store_bypass_disable=on`
|
||
* `tsx=off`
|
||
* `tsx_async_abort=full,nosmt`
|
||
|
||
Thanks to @madaidan for the suggestion!
|
||
|
||
https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647
|
||
|
||
commit 2711d0f7f08362f97383fbae81ce9d520b19dcbc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jan 30 01:22:32 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 4df0d6c01cc91139dc9eef1dc4265e8cacde8cdf
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jan 30 01:22:06 2020 -0500
|
||
|
||
readme
|
||
|
||
commit c1a0da60beacd027c1c7c94ae44a9d7b1ab708b9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jan 30 00:46:48 2020 -0500
|
||
|
||
set kernel boot parameter `l1tf=full,force` and `nosmt=force`
|
||
|
||
https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17
|
||
|
||
commit efc40da4fb1fffcc760685cda0e49dc04da4c5fe
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 12:02:27 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 07dcb32fc28abf33eaf0425c67cc5cf9ee1f5a5b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 11:55:38 2020 -0500
|
||
|
||
readme
|
||
|
||
commit f4c54881ac21ed095f54a59f9c0baf582ef76d9b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 04:49:19 2020 -0500
|
||
|
||
description
|
||
|
||
commit 25317f23e3a80fdd9f6965990cd397ddcab11a4b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 04:41:16 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit be79f0688a47dca129ac61dd78b18a2638e8650c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 04:40:20 2020 -0500
|
||
|
||
readme
|
||
|
||
commit c0d3726b002d136e602c6bdaf07c5d94c5591ee4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 04:40:03 2020 -0500
|
||
|
||
comment
|
||
|
||
commit a37da1c96880b14a8271712801e6da3d3ea766eb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 04:39:06 2020 -0500
|
||
|
||
add digits to drop-in file names
|
||
|
||
commit 2ab940c60311ae38079d2ceb09e04eedac2aad90
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 04:34:18 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit bac6cd601baaca7453c55719e9dfa84d5109135d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 04:33:54 2020 -0500
|
||
|
||
readme
|
||
|
||
commit 3a4d283169b381bdc93c4ff5ce7b08c11a0830b3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 04:33:30 2020 -0500
|
||
|
||
description
|
||
|
||
commit e0aa67677d3561cae6544c24e12021dd04f26133
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 04:30:36 2020 -0500
|
||
|
||
merge the many modprobe.d config files into 1
|
||
|
||
and use a name starting with double digits
|
||
|
||
to make it easier to disable settings using a lexically higher config file
|
||
|
||
commit 6a4c493213929b354a3c8d2acf2325473ae63cfd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 04:26:36 2020 -0500
|
||
|
||
merge the many sysctl config files into 1
|
||
|
||
and use a name starting with double digits
|
||
|
||
to make it easier to disable settings using a lexically higher config file
|
||
|
||
commit f653b94e7747436323e2083d416ab86560e3cd71
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 03:49:02 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit ca057713e2e1f3c4a47216aadb51ba0ca012e39e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 03:39:04 2020 -0500
|
||
|
||
readme
|
||
|
||
commit 8616728ce0a6e5eaa799949abb5bfccd0a7effa7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 03:35:15 2020 -0500
|
||
|
||
remove duplicate
|
||
|
||
commit d4a37b6df2a2de4822e3e4bac93ca3e10712af7c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 24 03:18:17 2020 -0500
|
||
|
||
remove-system.map: source /usr/lib/helper-scripts/pre.bsh
|
||
|
||
commit 3b283ec00f03b580d2f8b76f95449240a163dd48
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 22 07:10:47 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 531f17cb68b331beb19a6e6c8b76575ebe38f95e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 22 07:08:08 2020 -0500
|
||
|
||
add update initramfs trigger
|
||
|
||
https://github.com/Whonix/security-misc/pull/53
|
||
|
||
commit df0b2afda1e1d5a3fddfd8c48b62a5de8295d687
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 21 10:12:32 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 18041efa2f704d2a177b033ff8008aacdb7dde3f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 21 10:01:17 2020 -0500
|
||
|
||
fix pam tally2 check when read-only disk boot without ro-mode-init or grub-live
|
||
|
||
commit 627b95e0b363e2e46a5de8a7aa5065bc66242293
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jan 20 08:51:25 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit fbe9b60d95d43452bf661461197efced431806a5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jan 20 08:49:02 2020 -0500
|
||
|
||
fix Whonix / Kicksecure
|
||
|
||
/var/lib/dpkg/tmp.ci/preinst: ERROR: No user is a member of group 'console'. Installation aborted.
|
||
/var/lib/dpkg/tmp.ci/preinst: ERROR: You probably want to run:
|
||
|
||
sudo adduser user console
|
||
|
||
commit 960e1ff6e82f8593c2d242a6a0f1e1cf5805c85b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 17 03:32:57 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 130434186811930d40407115af99116d4982da49
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jan 17 03:10:56 2020 -0500
|
||
|
||
readme
|
||
|
||
commit 6f8d89c6c5609ed83d9dcd174375cb1ccfca91d8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 15 15:54:06 2020 -0500
|
||
|
||
error handling
|
||
|
||
commit 7211f6e0199d2ccb50437c7a5b0842050590b5dc
|
||
Merge: e110ea0 f6cc76a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 15 15:53:36 2020 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit f6cc76acd729428f83d3497a2e83bfc4b14f1ff8
|
||
Merge: e110ea0 1df48a2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 15 20:52:33 2020 +0000
|
||
|
||
Merge pull request #55 from madaidan/sysctl.conf
|
||
|
||
Process sysctl.conf in initramfs
|
||
|
||
commit 1df48a226d83b98dadc8bfb8dbc479dd656e2313
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Jan 15 20:30:17 2020 +0000
|
||
|
||
Update control
|
||
|
||
commit f7fde60b67a7ef44658cde3b835565407aafd133
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Jan 15 20:28:32 2020 +0000
|
||
|
||
Process sysctl.conf too
|
||
|
||
commit e110ea0b84329dfbe0175298b21e7732f7105436
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 15 11:37:52 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 0f17596aacb86afb7abcdd4781a9995dde23d3bb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 15 11:35:41 2020 -0500
|
||
|
||
readme
|
||
|
||
commit 0618b5346493723865cc6f2a632822c8b6fa690a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 15 11:35:07 2020 -0500
|
||
|
||
fix lintian warning
|
||
|
||
commit 47ce3bec75f9aeb808993a70579ba93d2527a371
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 15 11:05:54 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 73e830d0ac1ece338b0e80ca1a020d84a15d1774
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 15 10:08:57 2020 -0500
|
||
|
||
readme
|
||
|
||
commit 8ab4623f8e81ad1b67858b458f2ae4085e7c8e65
|
||
Merge: 8015954 087465a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 15 06:06:39 2020 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 087465a0cdecc4765f7b659256cdd5e8cdef73ab
|
||
Merge: 8015954 528c5fc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 15 11:02:30 2020 +0000
|
||
|
||
Merge pull request #53 from madaidan/sysctl-initramfs
|
||
|
||
Set sysctl values in initramfs
|
||
|
||
commit 528c5fc4c41026396a63ac91af7c156dd0d4f191
|
||
Merge: 9dc43ea 8015954
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 15 11:02:03 2020 +0000
|
||
|
||
Merge branch 'master' into sysctl-initramfs
|
||
|
||
commit 80159545a580830565ec01a507915add9c44838a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 15 02:42:10 2020 -0500
|
||
|
||
fix xfce4-power-manager xfpm-power-backlight-helper pkexec lxsudo popup
|
||
|
||
https://forums.whonix.org/t/xfce4-power-manager-xfpm-power-backlight-helper-pkexec-lxsudo-popup/8764
|
||
|
||
do show lxqt-sudo password prompt if there is a sudoers exceptoin
|
||
|
||
improved pkexec wrapper logging
|
||
|
||
commit d90ca4b1ad18289d6bcfcef51cfb032a0b4423eb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 14 15:12:13 2020 -0500
|
||
|
||
refactoring
|
||
|
||
commit 082f04f2d4101828455a4a9b2852376a72ced6ce
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 14 15:04:58 2020 -0500
|
||
|
||
add logging to pkexec wrapper
|
||
|
||
commit 1059ccf2254d0aac40d2c14680fea2a4012a2d66
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 14 09:28:28 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 660837dc380440f6b00d3baf9395222376163b3b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 14 09:25:32 2020 -0500
|
||
|
||
fix case when user "user" does not exists
|
||
|
||
commit 18c726c3eebc93f69062f1e4c1d3c7ab394985c3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 14 09:23:02 2020 -0500
|
||
|
||
comment
|
||
|
||
commit b8652681e741236af2e20876d7103b2dfb0ae9bf
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 14 09:21:47 2020 -0500
|
||
|
||
fix legacy
|
||
|
||
commit cc21f912a372faef8322801e9a48882f29159c2d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 14 09:20:36 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 2078cd237f2aaad8d68c1c5eab3f9942460ecd3c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 14 09:18:30 2020 -0500
|
||
|
||
readme
|
||
|
||
commit c377c5ff83437a5447ecc9c873150421f4f1e691
|
||
Merge: 8341242 539f24b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 14 09:01:38 2020 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 539f24b65ee7739487d8038fcb1fdfb1ed62ab22
|
||
Merge: 8341242 0953bbe
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jan 14 14:01:17 2020 +0000
|
||
|
||
Merge pull request #54 from madaidan/panic_on_oops
|
||
|
||
Document panic_on_oops
|
||
|
||
commit 0953bbe1d7f3e789aef2218a65c14c586dab4bcb
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Jan 13 21:05:35 2020 +0000
|
||
|
||
Update control
|
||
|
||
commit 9dc43eae38b55951cae2a9bf93114bcf742f8c8b
|
||
Author: madaidan <>
|
||
Date: Sun Jan 12 21:42:07 2020 +0000
|
||
|
||
Description
|
||
|
||
commit 8c4e0ff1c4d6191dbb40b28cfc23a8185cc0cbdb
|
||
Author: madaidan <jeremy_stevens12@protonmail.ch>
|
||
Date: Sun Jan 12 21:37:37 2020 +0000
|
||
|
||
Set sysctl values in initramfs
|
||
|
||
commit 8341242abc342d9cbd82afe12f512daf73a9e59a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jan 11 15:19:29 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 130a4cf6d433f4d862e10e31abbc2b1f3b1614d2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jan 11 15:17:06 2020 -0500
|
||
|
||
readme
|
||
|
||
commit 61a2d390a7d6195d556898db8afa57822a9bc76a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jan 11 15:15:12 2020 -0500
|
||
|
||
lintian
|
||
|
||
commit 3fae8e771ffbdd3023921b296e46cf982034d2ac
|
||
Merge: 13a1e13 e9f4dbd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jan 11 15:14:43 2020 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit e9f4dbdda579db83f330054253100bc7c5d1e2be
|
||
Merge: 13a1e13 6088444
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jan 11 20:14:10 2020 +0000
|
||
|
||
Merge pull request #52 from madaidan/vivid
|
||
|
||
Blacklist the vivid kernel module
|
||
|
||
commit 6088444c371f021ca23daa3a0ab1ee431d429a61
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Jan 11 18:38:17 2020 +0000
|
||
|
||
Update control
|
||
|
||
commit a662a76a52970530a4a3c3d6a284ce9400dc74c6
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Jan 11 18:37:00 2020 +0000
|
||
|
||
Blacklist vivid
|
||
|
||
commit 13a1e1321e05965ad9449fafa4406c4d3b781dcf
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jan 1 05:59:59 2020 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 5031e7cc4b8bfc4037ba6ea029e20637090ccacb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 31 08:18:38 2019 -0500
|
||
|
||
better output if trying to login with non-existing user
|
||
|
||
commit b2bdeb90957da4ebe38e7f12fba0330b89e0983d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 31 06:08:32 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 2a3aae62b1cf97313b925fac94261e28af7ea3d1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 31 06:06:52 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 427deec3f50664f2fbb244b6cf060bb5b9e821b6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 31 06:03:48 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit e89552c9846f85b4bbf73595080d71dcd873fe29
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 31 05:55:44 2019 -0500
|
||
|
||
add user "user" to group "console" in Whonix and Kicksecure
|
||
|
||
enable Console Lockdown in Whonix and Kicksecure
|
||
|
||
commit b5a2d1dc581b53974aaa148f6d8f3054c9d1c5fe
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 31 02:54:58 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 20697db3ee5d227176c4d31e6c96454a64f47797
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 31 02:53:02 2019 -0500
|
||
|
||
improve console lockdown info output
|
||
|
||
commit 788914de95ee9299d685e8b65466feee1085cf18
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 31 02:46:32 2019 -0500
|
||
|
||
group ssh check was removed
|
||
|
||
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/27
|
||
|
||
commit 06ed728d791abe0ad3c93091fd8ebc088f73c4ef
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 30 06:42:14 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit f3ff32ddbb8a7cf7555b9f1b2154e83154532a3d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 30 06:39:24 2019 -0500
|
||
|
||
Protect /bin/mount from 'chmod -x'.
|
||
|
||
/bin/mount exactwhitelist
|
||
/usr/bin/mount exactwhitelist
|
||
|
||
Remove SUID from 'mount' but keep executable.
|
||
|
||
/bin/mount 745 root root
|
||
/usr/bin/mount 745 root root
|
||
|
||
https://forums.whonix.org/t/disable-suid-binaries/7706/61
|
||
|
||
commit e4e9c4e3b09138af25e94a6db81b0f759ddb4d1b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 30 05:59:43 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 9c0d6b605707dbcb7db9cd227257a5dcd612f784
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 05:09:07 2019 -0500
|
||
|
||
copyright
|
||
|
||
commit edc08988f26532daf90bc4a4f007aef53e62eeaf
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 05:08:53 2019 -0500
|
||
|
||
copyright
|
||
|
||
commit 9156d3584cd7ba9064d5af54afd95b6d8e73907b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 04:59:05 2019 -0500
|
||
|
||
Description
|
||
|
||
commit 3ea946b365d8b05cabce63f4d26b3153559aa465
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 04:56:51 2019 -0500
|
||
|
||
RemainAfterExit=yes
|
||
|
||
commit 2787ae976580d20ea4da5213c7f624f984510934
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 04:56:35 2019 -0500
|
||
|
||
copyright
|
||
|
||
commit 6d56eb9ef0e2cfbba46df2294deb9c8e6b9aa2b7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 04:56:18 2019 -0500
|
||
|
||
minor
|
||
|
||
commit 0e14706f32728123f1d345b73266934fe454a989
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 04:45:26 2019 -0500
|
||
|
||
copyright
|
||
|
||
commit 1a0f7a77335940a11e33ca519d8f64429b8ee966
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 04:43:32 2019 -0500
|
||
|
||
debugging
|
||
|
||
commit 5271892cb1e4646b79388d064227d4662b682583
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 04:42:54 2019 -0500
|
||
|
||
debugging
|
||
|
||
commit 683028049c46516ba105b1b73364960b3b87efd6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 04:41:23 2019 -0500
|
||
|
||
debugging
|
||
|
||
commit e3e1ff2a310c46fab67309edd88e73096843edcb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 04:35:46 2019 -0500
|
||
|
||
exit with error if a config line cannot be processed rather than skipping
|
||
|
||
https://forums.whonix.org/t/disable-suid-binaries/7706/59
|
||
|
||
commit d5c99f3a60372a00ded4b1b4340775aab1421d31
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 04:27:21 2019 -0500
|
||
|
||
output
|
||
|
||
commit e5623fcd2b32b58e72c2ef80955072f013672e0d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 29 04:21:52 2019 -0500
|
||
|
||
comment
|
||
|
||
commit d7f58db52c926c11157671c4555ca97f02929a76
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 27 05:30:12 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 674840e6f9fb362dc713da3edde07132b5ae17d4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Dec 26 05:44:35 2019 -0500
|
||
|
||
/fusermount matchwhitelist
|
||
|
||
unbreak AppImages such as electrum Bitcoin wallet
|
||
|
||
https://forums.whonix.org/t/disable-suid-binaries/7706/57
|
||
|
||
commit 507a30d6e39f17fcb09b92033fe1d831e7d4baf4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 24 18:35:49 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 04f438f75d4566822026373e78988e9d4e42b8b5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 24 18:09:37 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 9da0e428ed4635fb5ca98b2d72b56b553404a742
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 24 17:54:31 2019 -0500
|
||
|
||
debugging
|
||
|
||
commit e18ec533c3ebb382f974d30db3cd1f5eace648c2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 24 17:54:02 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 0326cd5ee9371213420d2afdcbfb0a05d9a808e6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 24 08:07:55 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit ede536913daa0c7ddfe55e20c93d7b752daa5de3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 24 06:00:41 2019 -0500
|
||
|
||
no longer hardcode amd64
|
||
|
||
commit d03a3d9ac03bc29ba349107855936dd194e12271
|
||
Merge: 9d77d88 27a42a9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 24 05:57:24 2019 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 27a42a9da82bc1f22135ffa509925f63177f25d9
|
||
Merge: ac49c55 79241c5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 24 10:55:11 2019 +0000
|
||
|
||
Merge pull request #50 from madaidan/modules
|
||
|
||
Make /lib/modules unreadable
|
||
|
||
commit ac49c55d1fafff5f36bd7c595f50db295ff616a2
|
||
Merge: 0c3d4ad 98e88d1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 24 10:55:03 2019 +0000
|
||
|
||
Merge pull request #49 from madaidan/kver
|
||
|
||
Detect kernel upgrades
|
||
|
||
commit 0c3d4ad255de75b57a2e316bf8a7fd77a2fc0d4d
|
||
Merge: 9d77d88 d1a0650
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 24 10:54:23 2019 +0000
|
||
|
||
Merge pull request #48 from madaidan/kernel-hardening
|
||
|
||
Use only one slub_debug parameter
|
||
|
||
commit 79241c5d09c4a7123cf90b45289b53d893135efb
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Dec 23 20:28:29 2019 +0000
|
||
|
||
Make /lib/modules unreadable
|
||
|
||
commit 98e88d1456ca0e8fa23809115c51c380a4bb2d3b
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Dec 23 19:57:43 2019 +0000
|
||
|
||
Detect kernel upgrades
|
||
|
||
commit d1a0650fd944973ab614c1da06f8e555b31b73ae
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Dec 23 19:44:52 2019 +0000
|
||
|
||
Use only one slub_debug parameter
|
||
|
||
commit 9d77d88a4dfd0f42a2a671bbec49f4ebd90af882
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 09:39:50 2019 -0500
|
||
|
||
comments
|
||
|
||
commit 7a80837b4f0a7201f3e092ad9b99b4cddb6043b3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 08:48:04 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 617c0a0e15f1c113b6e7fd748bb75978e4f23fcd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 07:21:26 2019 -0500
|
||
|
||
disable remount-secure.service - Disable for now until development finished / tested.
|
||
|
||
commit 3e131174d5919303462295cb0852a9254885ae7c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 05:00:35 2019 -0500
|
||
|
||
comments
|
||
|
||
commit bef41a38c26548d50101f7ea636316e1e2107a55
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 03:58:00 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 046ceeae4df3b45916f35b0789af341c4f3d911a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 03:57:36 2019 -0500
|
||
|
||
readme
|
||
|
||
commit 9f072ce4f99467f82986be348c9cedc2eb7f017d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 03:46:02 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 26fe9394fff2eb5be2f19272ea76ed187a8237e5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 03:41:54 2019 -0500
|
||
|
||
disable lockdown for now due to module loading
|
||
|
||
commit 9ec5b0ee82263e1afb38c44348e69437ddc5c9c2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 03:38:49 2019 -0500
|
||
|
||
description: lockdown not enabled yet
|
||
|
||
commit b05669accfe6fac8070003bbd57939ca2c621445
|
||
Merge: 11b4192 1ff51ee
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 03:38:04 2019 -0500
|
||
|
||
Merge branch 'madaidan-kernel-hardening'
|
||
|
||
commit 1ff51ee061dcdb1a898ebb68c0267ce926e0fca0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 03:37:28 2019 -0500
|
||
|
||
merge
|
||
|
||
commit 535c258b834028e5638fd2b37b1a6f352e2b4558
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Dec 18 20:43:01 2019 +0000
|
||
|
||
More kernel hardening
|
||
|
||
commit 11b4192fbdbc02af97e7dc32677bdb3a549b0000
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 03:28:42 2019 -0500
|
||
|
||
comments
|
||
|
||
commit 42ff53e9ad26190dcbff154f6cfd039e3f6bdf83
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 02:42:07 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 2152fa2d61fa72935b70e60b98ccbe2e1b31db43
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 02:38:53 2019 -0500
|
||
|
||
comment
|
||
|
||
commit f8f2e6c7041d98572452be2e53094d0c539b1616
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 02:35:13 2019 -0500
|
||
|
||
fix disablewhitelist feature
|
||
|
||
commit 47ddcad0c0af27093f61cf77008224bf66572532
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 02:29:47 2019 -0500
|
||
|
||
rename keyword whitelist to exactwhitelist
|
||
|
||
add new keyword disablewhitelist
|
||
|
||
refactoring
|
||
|
||
commit 175d1c284552a08881286e8c3ca5d8eb9b97a144
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 02:13:13 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 0409aac3aeb7acc273e19b16e78409994c731f2a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 02:09:04 2019 -0500
|
||
|
||
readme
|
||
|
||
commit 1ff56625a170c392f6099b41f371c56032362ea0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 01:42:03 2019 -0500
|
||
|
||
polkit-agent-helper-1 matchwhitelist to match both
|
||
|
||
- /usr/lib/policykit-1/polkit-agent-helper-1 matchwhitelist
|
||
- /lib/policykit-1/polkit-agent-helper-1
|
||
|
||
commit d484b299ea1a93a401d00a212d675b5837b8aaa9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 01:38:31 2019 -0500
|
||
|
||
matchwhitelist /qubes/qfile-unpacker to match both
|
||
|
||
- /usr/lib/qubes/qfile-unpacker whitelist
|
||
- /lib/qubes/qfile-unpacker
|
||
|
||
commit 34bf2457136db227cc27a5d0fe9282f09780a310
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 01:35:45 2019 -0500
|
||
|
||
output
|
||
|
||
commit ba30e45d15ec53b2d0a67ce96f5132d3f59bf870
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 01:32:42 2019 -0500
|
||
|
||
output
|
||
|
||
commit ee9c5742da99673785068b0393e3587a77c99a31
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 01:29:48 2019 -0500
|
||
|
||
output
|
||
|
||
commit 6d05359abcf460cbec266401530a9ab1aaaaf47f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 01:21:52 2019 -0500
|
||
|
||
output
|
||
|
||
commit a1e78e8515a87ebc8fc2211b3e1e91824fd3865a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 01:20:56 2019 -0500
|
||
|
||
fix needlessly re-adding entries
|
||
|
||
commit 906b3d32e769bbd30ed5698268899a7d2ec71d95
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 01:09:57 2019 -0500
|
||
|
||
output
|
||
|
||
commit 4f76867da6ce5710cf486175cd84adcd72640049
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 01:08:02 2019 -0500
|
||
|
||
lower debugging
|
||
|
||
commit dc6e5d8508a09bd7f2b9bfed02bc502797c11361
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 01:06:38 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 87b999f92aab4f4176f366308c27c4fe5471580c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 00:59:43 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 065ff4bd058ab26df3d3af1022da9d6a7405ab61
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 00:59:24 2019 -0500
|
||
|
||
sanity_tests
|
||
|
||
commit fef1469fe62bf923ba89077934c8b0e5d8cd0258
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 00:51:14 2019 -0500
|
||
|
||
exit non-zero if capability removal failed
|
||
|
||
commit 3670fcf48baecffe098c96eb67cbd601bc3e0069
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 00:49:33 2019 -0500
|
||
|
||
depend on libcap2-bin for setcap / getcap / capsh
|
||
|
||
commit 17a8c294702acb30c397abc984d69c356cec2cd7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 00:47:49 2019 -0500
|
||
|
||
fix capability removal error handling
|
||
|
||
https://forums.whonix.org/t/disable-suid-binaries/7706/45
|
||
|
||
commit b631e2ecd8ae0e08850edd81bf64b02666fb6234
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 00:36:41 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 7aea304549cea2c885c2d813c7a15f617f4ebf2a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 23 00:26:15 2019 -0500
|
||
|
||
comment
|
||
|
||
commit f4b1df02ee66309d12724cf7124b14180c855f14
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 22 19:42:40 2019 -0500
|
||
|
||
Remove suid / gid and execute permission for 'group' and 'others'.
|
||
|
||
Similar to: chmod og-ugx /path/to/filename
|
||
|
||
Removing execution permission is useful to make binaries such as 'su' fail closed rather
|
||
than fail open if suid was removed from these.
|
||
|
||
Do not remove read access since no security benefit and easier to manually undo for users.
|
||
|
||
chmod 744
|
||
|
||
commit 58a4e0bc7d1b87d4d169f31dc5935c75e929c0b4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 22 19:12:10 2019 -0500
|
||
|
||
dbus-daemon-launch-helper matchwhitelist
|
||
|
||
commit 15e3a2832da603f5caa9aadc6d68aaf503f013c9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 22 18:57:23 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 6eb8fd257aecd84686b4d7a9824a98bace9a705e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 22 18:56:36 2019 -0500
|
||
|
||
suid utempter/utempter matchwhitelist
|
||
|
||
to cover both:
|
||
|
||
/usr/lib/x86_64-linux-gnu/utempter/utempter
|
||
/lib/x86_64-linux-gnu/utempter/utempter
|
||
|
||
commit 9409209b48fb8f803b88d72c0e7febaa74f5bd2c
|
||
Merge: 008ce48 bce02ff
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 22 10:29:08 2019 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit bce02ffdc01c22c8d5528eb5eaa7729a6b3137dd
|
||
Merge: 008ce48 8f11a52
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 22 15:26:07 2019 +0000
|
||
|
||
Merge pull request #47 from madaidan/msr
|
||
|
||
Blacklist CPU MSRs
|
||
|
||
commit 8f11a520f4c406fa3187ad530f945a564b78a28c
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Dec 22 13:54:16 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit dd93b11321e171c56affcd660c0830d6a91ad87e
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Dec 22 13:52:43 2019 +0000
|
||
|
||
Blacklist CPU MSRs
|
||
|
||
commit 008ce4817c6ad2218af05d14626b0f2c70a6e90d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 14:55:03 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit d300db3cde0f7ee8e3884a1225ec1d196a318728
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 14:45:11 2019 -0500
|
||
|
||
output
|
||
|
||
commit 3921846df6e21a80d87f451e89f96f5b3092dd53
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 14:36:42 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 1213415ce649e7305af0b6c6ef2f8435caab5cd8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 14:23:35 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 2ddf7b5db5d335d4f64d0df2c0caab0c80a2a046
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 14:06:51 2019 -0500
|
||
|
||
/lib/ nosuid
|
||
|
||
commit 1e8457ea476a693dd1e455e4c455bf2e763cec23
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 14:06:10 2019 -0500
|
||
|
||
no longer remount /lib
|
||
|
||
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/25
|
||
|
||
commit 10c19d6a8fc6b6bc03067dc3be88f486aa78d438
|
||
Merge: b2260f4 fffdf50
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 13:00:41 2019 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit fffdf5090c707c698de4adacfd5837809b33aa99
|
||
Merge: 1c99b56 f5a52ae
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 17:59:56 2019 +0000
|
||
|
||
Merge pull request #46 from madaidan/remount-secure
|
||
|
||
Don't remount /sys/kernel/security
|
||
|
||
commit f5a52aeddc4742b4dbd8a0075d759b2ceaaae691
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Dec 21 14:55:28 2019 +0000
|
||
|
||
Don't remount /sys/kernel/security
|
||
|
||
commit b2260f48f4ab978b531d8ca9df2dc1a787b6666f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 08:03:33 2019 -0500
|
||
|
||
add support for /etc/exec / /usr/local/etc/exec
|
||
|
||
to allow enabling exec on a per VM basis
|
||
|
||
commit 1c99b56c9b99cceab6fe38580d06197dd4bcfb77
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 07:49:55 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 161b6f6b885586cd65b8ac13b0bd113691465522
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 07:49:29 2019 -0500
|
||
|
||
readme
|
||
|
||
commit b74e5ca97244209e041f55483027365eacdf44c9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 07:47:00 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 8fb17624bc3471a3676e76b3695179cde1ec21da
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 07:44:51 2019 -0500
|
||
|
||
comment
|
||
|
||
commit aef796a524f9156b584a7d8d203decc446c5d3b9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 07:44:23 2019 -0500
|
||
|
||
disable debugging
|
||
|
||
commit 1fe83d683f97af6730948aecce3216a51979c695
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 07:43:55 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 7c3da38bd53427501bcb0ac0d56bd626ce9e6adb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 07:42:25 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 9050058bc2427a701095901a5bd275767437391b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 07:42:01 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 0c4db8c2b054a10554f163c31e3e626a80981c52
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 07:38:25 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 6b13a644df279ec3ccf3814e86233baafc0cf437
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 07:37:41 2019 -0500
|
||
|
||
add /usr/lib/security-misc/permission-hardening-undo
|
||
|
||
commit af8b04b73d6d64792fc1ffb7f6b04b273c0ca7ec
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 06:58:01 2019 -0500
|
||
|
||
rm_conffile /etc/apparmor.d/usr.lib.security-misc.pam_tally2-info
|
||
rm_conffile /etc/apparmor.d/usr.lib.security-misc.permission-lockdown
|
||
|
||
https://github.com/Whonix/security-misc/pull/45
|
||
|
||
commit 2350e0f5d06d9625835ba1547aab0054b795c0c5
|
||
Merge: 3ea5871 efd65a3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 06:57:10 2019 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit efd65a3f15fc9380e2019c9d7ad0bf82adcc230d
|
||
Merge: c336bc4 c28ddf5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 11:56:31 2019 +0000
|
||
|
||
Merge pull request #45 from madaidan/apparmor
|
||
|
||
Delete apparmor profiles
|
||
|
||
commit 3ea587187e9d0a927799a66d15d163ee56a41978
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 06:53:07 2019 -0500
|
||
|
||
no need to exclude xorg nosuid on Debian
|
||
|
||
http://forums.whonix.org/t/permission-hardening/8655/25
|
||
|
||
commit c336bc4fd229d9a6370df5520aaa4e872465de5a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 06:39:13 2019 -0500
|
||
|
||
comment
|
||
|
||
commit fac17a963d3dec1b399fd9b41ebebcedb7e90f43
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 06:28:19 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit b5f88efe2072eca99c245fc60442c82a270fab8e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 06:27:01 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 2088628c8d44306e51c8a1407caee99e5eb4ce5b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 06:24:08 2019 -0500
|
||
|
||
debugging
|
||
|
||
commit 2dca031527fa38a932619ed2336a5aa472a85205
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 06:22:46 2019 -0500
|
||
|
||
debugging
|
||
|
||
commit 195e00cc8796d532a68f90b7c1f8f30d17f24246
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 06:16:38 2019 -0500
|
||
|
||
output
|
||
|
||
commit 78d33d8b57fdef3b16e8ab5b4f6b0487d51b9657
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 06:12:20 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 4b21b6df4167a2a95392a39182c636bdc097bc7e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 06:11:44 2019 -0500
|
||
|
||
fix
|
||
|
||
commit ff48b672a8537e65c3d0b3ccfb65fb29c2d3766c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 06:00:17 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 8436da2b7b0b9d309b57ed6ab36f2042fd82f4ae
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:58:50 2019 -0500
|
||
|
||
output
|
||
|
||
commit da15265e1c311be16c1dd0a8681e630548fac0e9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:55:23 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 2a248fe0de1b86b416c705ecce81dcb549581d9b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:54:39 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 4f12664362fb4304ed43185ed5805f686bdeb0af
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:54:07 2019 -0500
|
||
|
||
output
|
||
|
||
commit e3355843c835c650d4701a2b94b93cc0040ca419
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:51:22 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 234ec5fe93c9b03c02e076621ac919f12062c4e5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:47:35 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 65b5adb2d731f52533bda24eb6868d9e2968e2ed
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:38:39 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 7ff900c20457ee42d415c4eddf3b08f1ac5e4461
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:37:43 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 2b5a49a61b221161f3b42d3a692d2e22df2afec2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:31:55 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit e1a5ee4bcf5ecb447ae7da0b137f81d520673cde
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:26:55 2019 -0500
|
||
|
||
output
|
||
|
||
commit 66aaf3e22cda9bb58ab72e750a5711556cf1de25
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:25:54 2019 -0500
|
||
|
||
output
|
||
|
||
commit 7aa7d0b5a0e3b602b527131581f350b9b32fb0d6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:22:27 2019 -0500
|
||
|
||
improve error handling
|
||
|
||
commit 8919d38de9206b4802b471c2f40787a2f9d70269
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:21:46 2019 -0500
|
||
|
||
disable debugging
|
||
|
||
commit cf5dee64fd4e1c44a8726db49b8328841ee6327f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:18:34 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 29cd9a0c38924fc2eb7520db886efc19541476cb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:17:35 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 486027a4d75917fe2741370aa1e707b8ca14f693
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:15:38 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 1fd26be864ebd0dab8419e0b2b321522166d6271
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:14:51 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 0fc97c37beae5d48fed9ec714f19007f402952c9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:14:39 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 1018d5b3b0b58a641aaca0419a06c246091932d5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:11:51 2019 -0500
|
||
|
||
output
|
||
|
||
commit 4388fc4d5ace9046c9eacb8354d9960599735ee4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:11:19 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit ed20980f4c6c3fb304d8436399f5e14ead7b3ae3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 05:07:10 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 315ce86b9a66d15aea2d50f5271c228ee8bd3909
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 04:33:03 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 0c5848494b147b067afa2b70451fc7e5087823f2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 04:21:26 2019 -0500
|
||
|
||
do not remount if already has intended mount options
|
||
|
||
commit 203f4ad46e6a6950edd4b2a83f47ac71428928e5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 04:17:10 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit e7fd0dadb03e7f90adfa9ebdaf07530f02a846e7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 04:09:35 2019 -0500
|
||
|
||
output
|
||
|
||
commit e6ea21c7757ad732bd9bcce2c6a7a364780e1b14
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 04:08:35 2019 -0500
|
||
|
||
record existing modes in separate dpkg-statoverwrite databases
|
||
|
||
to have a history of what was modified and to allow to undo changes
|
||
|
||
commit 89be5f2ecb998c46ff4864996cd86b97fa56d176
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 21 02:05:39 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit c28ddf5c4dbfd92aba9a59874f529a4afe69c497
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Fri Dec 20 22:44:31 2019 +0000
|
||
|
||
Delete usr.lib.security-misc.pam_tally2-info
|
||
|
||
commit cfe69dd66900f7aad5311c02d2b4ee7b400fb90b
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Fri Dec 20 22:44:27 2019 +0000
|
||
|
||
Delete usr.lib.security-misc.permission-lockdown
|
||
|
||
commit d220bb3bc4aaf923dcb2e2a48ac05dd5f1326442
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 13:07:01 2019 -0500
|
||
|
||
suid /usr/lib/chromium/chrome-sandbox whitelist
|
||
|
||
commit 77b3dd5d6b5de0070da7e71154ecbe2e099e3b7f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 13:02:33 2019 -0500
|
||
|
||
comments
|
||
|
||
commit d7bd477e7379cd5d74d81e81080d375041cc3b29
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 12:59:27 2019 -0500
|
||
|
||
add "/usr/lib/xorg/Xorg.wrap whitelist"
|
||
|
||
until this is researched
|
||
|
||
https://manpages.debian.org/buster/xserver-xorg-legacy/Xorg.wrap.1.en.html
|
||
https://lwn.net/Articles/590315/
|
||
|
||
commit 17e8605119fc671c4cbe4343851cf3c46b830508
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 12:57:24 2019 -0500
|
||
|
||
add matchwhitelist feature
|
||
|
||
add "/usr/lib/virtualbox/ matchwhitelist"
|
||
|
||
commit 3fab3876693f20303c95f03c45af9adb9ae680e2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 12:50:35 2019 -0500
|
||
|
||
suid /usr/bin/firejail whitelist
|
||
|
||
There is a controversy about firejail but those who choose to install it
|
||
should be able to use it.
|
||
https://www.whonix.org/wiki/Dev/Firejail#Security
|
||
|
||
commit d3f16a5bf46a7d10316259788f3d97364fe2e545
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 12:47:10 2019 -0500
|
||
|
||
sgid /usr/lib/qubes/qfile-unpacker whitelist
|
||
|
||
commit 508ec0c6fa44d9185aa22f5fa81ae9dbbefdb19c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 12:34:07 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 1b569ea7908dcba409c94dacd477d2fbfeafe522
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 12:32:36 2019 -0500
|
||
|
||
comment
|
||
|
||
commit f88ca2588920ac16a6b41e8c48021bf85801c2a9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:58:07 2019 -0500
|
||
|
||
fix terminology, sguid -> sgid
|
||
|
||
Thanks to @madaidan for the bug report!
|
||
|
||
https://forums.whonix.org/t/permission-hardening/8655/21
|
||
|
||
commit 1cd5fb6a0020504c7897acf169772d39b67f4bd4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:50:25 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit ff0a26fb5d65450c0a2b5fb86758d3d823a717e9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:49:19 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 71496a33ab27455d2856284d21f261dd20780dc2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:47:53 2019 -0500
|
||
|
||
skip folders are these are not suid / guid
|
||
|
||
commit 9321ecff4139f0776f93a9bd8c9606bcaf94f568
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:43:53 2019 -0500
|
||
|
||
no more need to add/remove /
|
||
|
||
commit b95225b6a6b45b84778ba2427ae4628f102e6d05
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:37:05 2019 -0500
|
||
|
||
pipefail
|
||
|
||
commit cad6f328f40bb8b3c414e2bd6c7cb86e625f6d64
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:34:44 2019 -0500
|
||
|
||
minor
|
||
|
||
commit 3265f9894d1c677419718de52570d304a4e69279
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:27:43 2019 -0500
|
||
|
||
output
|
||
|
||
commit 28d12c3966e3ddfadbf7d44e7c7bcdc37e1a7d25
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:09:22 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 1615ebec58b563224c7c02cd2b1f83b0954c48ca
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:07:44 2019 -0500
|
||
|
||
output
|
||
|
||
commit 1e11b775cf1d2994f2e0da8d0191ef38eebe21a8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:05:05 2019 -0500
|
||
|
||
output
|
||
|
||
commit 731f80289566e118ba6c121c406775abc4c03bd4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:04:12 2019 -0500
|
||
|
||
output
|
||
|
||
commit cd8efe58008c7b0e90ac88ac098b3fd08e75d716
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 11:03:22 2019 -0500
|
||
|
||
output
|
||
|
||
commit c0ddb76d7463753e3250fc7da466fa763ef08dd5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 10:50:51 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit b31abea0af60874d4a48fd0da56978b0081eaef8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 10:49:31 2019 -0500
|
||
|
||
improve error handling
|
||
|
||
commit 79cd3b86b6e5e186da66fd329b04fb3b42c0276e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 10:47:23 2019 -0500
|
||
|
||
comment
|
||
|
||
commit b3458cc6ee368968de1510e9d05ddd3791fe5f6d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 10:45:59 2019 -0500
|
||
|
||
fix checking existing entries to avoid needless calls to dpkg-statoverride
|
||
|
||
commit 370f3c5e541612021fa181e39507aa4ba8131731
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 10:35:05 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 133d09f2984506e0b0fd2e17a893b8d3e37b8431
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 10:33:16 2019 -0500
|
||
|
||
output
|
||
|
||
commit 1ffa8e197e9ba9722d5fb2695de343df9d9db597
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 10:31:26 2019 -0500
|
||
|
||
speed up setuid removal by using find with '-perm /u=s,g=s'
|
||
|
||
https://forums.whonix.org/t/permission-hardening/8655/19
|
||
|
||
commit 4cfdf2c65b57f410163653304871ee3eb1d3f6ea
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 10:21:27 2019 -0500
|
||
|
||
fix, re-enforce nosuid even if changed on the disk
|
||
|
||
commit e36868e675cbd80a36053956dbef71992cceca24
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 10:02:46 2019 -0500
|
||
|
||
output
|
||
|
||
commit 50b8f65490555d9d12fd28991040c00a358b3b84
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 09:59:28 2019 -0500
|
||
|
||
add sanity test: count if we really processed all files
|
||
|
||
commit e28da89253f646969cdc2b0b46617bd603f917a5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 09:48:06 2019 -0500
|
||
|
||
/bin/sudo whitelist / /bin/bwrap whitelist
|
||
|
||
commit 55faa7b9978df52bcb98a562554473f80db1f171
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 09:43:23 2019 -0500
|
||
|
||
fix missing processing files bug
|
||
|
||
https://forums.whonix.org/t/permission-hardening/8655/16
|
||
|
||
commit fbe2479f486add30cd29f5c4063a140c42c502fe
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 08:54:56 2019 -0500
|
||
|
||
count processed file system objects
|
||
|
||
to be able to verify if any were "forgotten"
|
||
|
||
commit 195ea522f5a8582851792b53047185717a6f679e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 08:52:14 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 6f8231be70940e2afb0ec8e4a0d60bb4f166f5b9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 08:51:55 2019 -0500
|
||
|
||
debugging
|
||
|
||
commit ed50f98010c8b7878d518273703e00fa561e980b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 08:47:22 2019 -0500
|
||
|
||
output
|
||
|
||
commit 089c40135f2a7f0da128808a27b696e36aff6821
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 08:15:00 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 6d30e3b4a2c0e5cf53d88b4a033511aa49b8f227
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 08:13:23 2019 -0500
|
||
|
||
do not remove suid from whitelisted binaries ever
|
||
|
||
https://forums.whonix.org/t/permission-hardening/8655/13
|
||
|
||
commit d5f1bd8dd29a4f9e1ccb6fed82a255f7b7abfe6f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 08:02:30 2019 -0500
|
||
|
||
fix mode sanity check
|
||
|
||
no longer use seq due to issue
|
||
|
||
https://forums.whonix.org/t/permission-hardening/8655/13
|
||
|
||
commit ddc0eec63d744e4600f3b1b8cdf60fef6d647cbe
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 07:12:36 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 65248a94efa4646127d8e11447e49a37f3ff986e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 07:06:50 2019 -0500
|
||
|
||
readme
|
||
|
||
commit 8e112c34232b8ef88fb0c0fb19f2983de4e5a0a1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 06:53:24 2019 -0500
|
||
|
||
description
|
||
|
||
commit 24ea70384bb6c34f283ff1e71e4f7ed34133db5f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 06:53:03 2019 -0500
|
||
|
||
description
|
||
|
||
commit 0ae3e689b5f12101156b4be84631679c622f2e98
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 06:35:02 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 050f4d8b9482e1513ceccfb39394606b173fd8a5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 06:34:37 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 36043fe5ccdbd798483096a104a40b9cc013a487
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 06:33:41 2019 -0500
|
||
|
||
comment
|
||
|
||
commit fb4254547b39160c410b1f83ed56aa7653291df1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 06:32:04 2019 -0500
|
||
|
||
comment
|
||
|
||
commit cca0908d9a73430fb97577fb6ae42b7416e72e6a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 06:11:38 2019 -0500
|
||
|
||
fix
|
||
|
||
commit e254b8b52d61432084273a3ec91bb5f4b377163f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 06:09:17 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 7f8b3c76de6e140b676d960004e779f9846c8cb8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 06:02:17 2019 -0500
|
||
|
||
output
|
||
|
||
commit 071c64dc413c8a868866ddf699f653b371ac3b19
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 06:01:49 2019 -0500
|
||
|
||
enable 'set -e'
|
||
|
||
commit b97c66707c3d3e8bb9164a35fe83974642f9652c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:59:05 2019 -0500
|
||
|
||
minor
|
||
|
||
commit 17b4f12276349f28d9fc37944ece87fb6f7827a9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:58:42 2019 -0500
|
||
|
||
output
|
||
|
||
commit 48fe7312bf6b87a94678ed8a2eb0a01f2a88e371
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:57:41 2019 -0500
|
||
|
||
update config
|
||
|
||
commit 87d820d84cd44e427c8990cf295da7ab6890040e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:54:16 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 918cbb4e257bab0ee4bb6eb303df5e65e34b9963
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:51:25 2019 -0500
|
||
|
||
output
|
||
|
||
commit c8cf09a4cbe7721e3d97c62785a5d25fe3f61115
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:50:16 2019 -0500
|
||
|
||
output
|
||
|
||
commit 46466c12ad9dcc62d52dd3e887665ced6bdedf3a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:49:11 2019 -0500
|
||
|
||
parse drop-in config folder rather than only one config file
|
||
|
||
commit 66fd31189dd1c2ccc5e6fb51278b0646c5188320
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:37:33 2019 -0500
|
||
|
||
improve output if set-user-id / set-group-id is set
|
||
|
||
commit 6dd6530fa539a55feecc28cecdc812b787b555a6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:32:26 2019 -0500
|
||
|
||
remove hardening-enable
|
||
|
||
please invent package security-paranoid instead
|
||
|
||
https://forums.whonix.org/t/security-hardening-tool-usr-bin-hardening-enable-by-security-misc/8609
|
||
|
||
commit 6c8127e3cd32c04a6eb4641ad856c7bf2c777fee
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:29:37 2019 -0500
|
||
|
||
remove "/lib/ nosuid" from permission hardening
|
||
|
||
Takes 1 minute to parse. No SUID binaries there by default.
|
||
remount-secure mounts it with nosuid anyhow.
|
||
Therefore no processing it here.
|
||
|
||
commit af0f074987b21ba4ad3f331ddaa622082d76fceb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:27:11 2019 -0500
|
||
|
||
remount /lib with nosuid,nodev
|
||
|
||
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/22
|
||
|
||
commit 7f201604779e442660c4c13798b2b48d706576ac
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:24:00 2019 -0500
|
||
|
||
comment
|
||
|
||
commit a135ae94009c4f6492ed8c779ceaefcfaf19e123
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:22:59 2019 -0500
|
||
|
||
use must manually enable permission-hardening.service
|
||
|
||
until development finished
|
||
|
||
commit fa6f1e156898572513cacb1d65b042482896011a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 05:19:39 2019 -0500
|
||
|
||
output
|
||
|
||
commit a26cb94bfd252f939f02ee50c76efb67dcb0235c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 04:49:21 2019 -0500
|
||
|
||
globstar no longer required
|
||
|
||
commit c66e9abe18f0809df4f6b84772774431afcadd6f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 04:48:57 2019 -0500
|
||
|
||
comment
|
||
|
||
commit d1d0afff34a562d29726fbb3382ebe932e04a267
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 04:48:02 2019 -0500
|
||
|
||
fix
|
||
|
||
fso: /lib/
|
||
usr/lib/security-misc/permission-hardening: line 19: /usr/bin/stat: Argument list too long
|
||
|
||
https://forums.whonix.org/t/kernel-hardening/7296/326
|
||
|
||
commit e74d2e4f94f4cdb2f3a83f27e17e19e9e4078961
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 04:23:14 2019 -0500
|
||
|
||
output
|
||
|
||
commit eb8635903379d1245c2c1c35eaf33c1a45ef514a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 04:20:05 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit bb84fca184ee32f227fb5b210f9eea7afbdf75c0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 04:08:46 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit f92b41419558f01e7ec0ec3edba3af6a550c5911
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 04:06:28 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 4c44871e9d3070d73f298eca051ee303b01ea56c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 04:02:05 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 6876a2eaa87e3eead822e5f4f7d1fc53d0853ebd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 04:01:40 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 35c4fce61b784a4093339b64e5564d93c1f91870
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:54:46 2019 -0500
|
||
|
||
fix "dpkg-statoverride: warning: stripping trailing /"
|
||
|
||
commit 9bd9012ab17f2c3422cdab20f57e3852ae1f14de
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:46:50 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 788a2c1ba3d35eb26440386e2c3269fb8cf4992d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:45:01 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 55933f88766f9b2fa2f284c5d0ff098e1e11b657
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:43:36 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 9e493a9f481e03d8bd41794eee4e4efd0e39a593
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:42:09 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit b92a690c166cf3bc97d34ae977cc0c6d2342cb86
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:40:47 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 98535e3a2bc5d0d54694a1ea71f3afef3f468943
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:39:25 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit ecbba2fd61f6d182dcd51f42b579ecb50ffdbedd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:38:39 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 20b8a407ac5984ba621ebb0150b47067c32ddc76
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:25:17 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 6cd9eb44fbc451a08908a9899ca114843c32edf3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:24:07 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 706dba104d201de4eed6886bf9570bf6851c2c3f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:19:12 2019 -0500
|
||
|
||
code simplification
|
||
|
||
commit 01dd567f8b3764ae241a4df39d54617089532b9d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:16:43 2019 -0500
|
||
|
||
fix, if fso has exactly the mode we want (not 3 instead of 4 string length), not need to reset it
|
||
|
||
commit 4f65b0fc1e33037e86289627e1c9bcf040af86c8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:13:27 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit bfee6b60cbd799e31b75e20bc5820f65f9993899
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:11:11 2019 -0500
|
||
|
||
comment
|
||
|
||
commit d64cdc124793bda57916b2c4d73465b17ae44af6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:04:41 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 7c5c65a6c13ddf23d7324283815d653974802fd9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:04:13 2019 -0500
|
||
|
||
comment
|
||
|
||
commit b31d8cd3fc905b61707f77e08cff72e74f18c46b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:03:40 2019 -0500
|
||
|
||
fix
|
||
|
||
commit c626290673d44b2a6485aeb24888f35c3782c151
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:02:26 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit d5ff1d6f28a62f858fd0a9edf905d6727413a3c2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 03:00:39 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 640ca1d24dad657f0590c98a353dc21ed18b4395
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:57:57 2019 -0500
|
||
|
||
skip symlinks
|
||
|
||
https://forums.whonix.org/t/kernel-hardening/7296/323?
|
||
|
||
commit cc8f795799e76d61b60f31e718effb88478b0fea
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:47:04 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 4e5b222a081a5e8463ebe6832e7fbe68a1fb7978
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:43:33 2019 -0500
|
||
|
||
comment
|
||
|
||
commit fa895ee11ec5897eb73ce066dfe5bde337cb297c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:40:42 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 2c163bf4398d67730efb23d70e2f9fc41ebb0459
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:39:53 2019 -0500
|
||
|
||
check string length of permission variable
|
||
|
||
https://forums.whonix.org/t/kernel-hardening/7296/322
|
||
|
||
commit a89befd902f6976ebef303b22ee9f9cbc3a1cc23
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:20:54 2019 -0500
|
||
|
||
code simplification
|
||
|
||
commit 72812da63f60bd1955e52ac52ce583c9d9a18c95
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:16:32 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 39a41cc27ba93ede21e69270b3b113a037f77064
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:14:45 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 2ed6452590c443d88862f12ef25dcd5acbe98de9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:12:43 2019 -0500
|
||
|
||
downgrade to info
|
||
|
||
commit a5e55dfcfca5b15bbbdc22788e6615d080c44819
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:11:39 2019 -0500
|
||
|
||
quotes
|
||
|
||
commit 3187cee4fba89d72f8d0c26a9987b33adc0d8faa
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:10:13 2019 -0500
|
||
|
||
output
|
||
|
||
commit 5160b4c7816ce449e0dd9cbfaae28050ef2af676
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:08:05 2019 -0500
|
||
|
||
disable xtrace
|
||
|
||
commit 27bfe95d253178790ee10f591af0d586907463d7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:07:49 2019 -0500
|
||
|
||
add echo wrapper
|
||
|
||
commit a6988f3fb8034c2f5be6d3ee6300f9e756e0dfce
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:06:31 2019 -0500
|
||
|
||
output
|
||
|
||
commit 1819577b88ae795c1a6107cf76e084859c9f6d2e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:04:34 2019 -0500
|
||
|
||
fix
|
||
|
||
commit 278c60c5a01c8dcb8a035950bd9e56ed7d1d431d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 02:01:36 2019 -0500
|
||
|
||
exit non-zero if some line cannot be parsed
|
||
|
||
therefore make systemd notice this
|
||
|
||
therefore allow the sysadmin to notice this
|
||
|
||
commit 66bcba831317cf4810e9123b305597ee85fc94bf
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 01:58:35 2019 -0500
|
||
|
||
improve character whitelisting
|
||
|
||
commit 8f14e808a9b27f980299ed493f1ecb85acbe1c70
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 01:32:49 2019 -0500
|
||
|
||
send error messages to stderr
|
||
|
||
commit d8c9fac2e5c8bc511f593d9a477307f8a15cf2e7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 01:32:08 2019 -0500
|
||
|
||
output
|
||
|
||
commit f19abaf6271fcd87226b9ef5ae3f1b567d96cd90
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 01:31:37 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit c5d1e9dda7059d18fad303128f6f09c98fe955b7
|
||
Merge: 62eb462 a20b300
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 01:30:31 2019 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit a20b30013f9ae229d1fe86cc5992aac474a9d8e6
|
||
Merge: 62eb462 9df7407
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 20 06:29:58 2019 +0000
|
||
|
||
Merge pull request #44 from madaidan/permission-hardening
|
||
|
||
Remove SUID bits
|
||
|
||
commit 9df74072862b31871d0aad7bed8333fc8344ffec
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Dec 19 17:01:33 2019 +0000
|
||
|
||
Remove SUID bits
|
||
|
||
commit 3c2ca0257f08f2c7fa0d0adb74345110801f9fc0
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Dec 19 17:01:08 2019 +0000
|
||
|
||
Support for removing SUID bits
|
||
|
||
commit 62eb462920e8614ea904a8d3517f7592e67ecab8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 16 06:46:48 2019 -0500
|
||
|
||
skip console_users_check for Qubes users
|
||
|
||
commit ab68182e118b8e76e2ce2a749b956cf96e3d02b6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 16 06:27:51 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 2cab38a8b3f7423f8956c72f1bf6c399ea70c495
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 16 06:24:14 2019 -0500
|
||
|
||
readme
|
||
|
||
commit 4ca9fc592029cbd28969f1e7fe56907bc7c261cb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 16 03:53:10 2019 -0500
|
||
|
||
fix
|
||
|
||
commit f68efd53cf000b92818e6c97b4c590a2c4b73a5b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 16 03:52:09 2019 -0500
|
||
|
||
remount /sys/kernel/security with nodev,nosuid[,noexec]
|
||
|
||
as suggested by @madaidan
|
||
|
||
http://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/238
|
||
|
||
commit 2c4170e6f3366709c391db396a74547d4fed9589
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Dec 12 09:47:58 2019 -0500
|
||
|
||
description
|
||
|
||
commit 2d5ef378f36af5d2d94c342c284be4395352bc34
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Dec 12 09:39:39 2019 -0500
|
||
|
||
description
|
||
|
||
commit 300f010fc24846b6416501929ca24c4d80eca8d5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Dec 12 09:29:00 2019 -0500
|
||
|
||
increase priority of pam-abort-on-locked-password-security-misc
|
||
|
||
since it has its own user help output
|
||
|
||
so it shows before pam tally2 info
|
||
|
||
to avoid duplicate non-applicable help text
|
||
|
||
commit a10597de92c316cc32ab552865a6658b38b19f5e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Dec 12 09:04:15 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 729fa26eca292d60bcbeaba05d8878ff6112876e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Dec 12 09:00:08 2019 -0500
|
||
|
||
use pam_acccess only for /etc/pam.d/login
|
||
remove "Allow members of group 'ssh' to login."
|
||
remove "+:ssh:ALL EXCEPT LOCAL"
|
||
|
||
commit 22b6480bc4691e76ef155452d2b9df05c5265f68
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 10 11:44:02 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 88bea2a6efa8823739ba65b2f5b67cb90071ca3f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 10 03:53:10 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 7d8001ddc9801046289b2f4e31d25dfc3bca6cc5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 10 03:51:39 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit d2f6ac0491f179382f4b68455d19956049e6cd23
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 10 03:50:23 2019 -0500
|
||
|
||
fix, do user/group modifications in preinst rather than postinst
|
||
|
||
commit 64ae53edb90929492e11ac81e3e18bcc8164b428
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 9 08:25:30 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit d80bf036f3b6b70df9208d1ca603c5602298bbf8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 9 03:50:43 2019 -0500
|
||
|
||
Disable permission hardening now until development finished / tested.
|
||
|
||
commit b72eb30056e186ce13b03907fc37e8d5ebb5df44
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 9 02:32:05 2019 -0500
|
||
|
||
quotes
|
||
|
||
commit c258376b7ed565d0e23963ddab56ce35892ff23f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 9 02:31:10 2019 -0500
|
||
|
||
use read (built-in) rather than awk (external)
|
||
|
||
commit 02165201ab850e32c9f9ad5c4f46cb26dd71dddb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 9 02:23:43 2019 -0500
|
||
|
||
read -r; refactoring
|
||
|
||
as per https://mywiki.wooledge.org/BashFAQ/001
|
||
|
||
commit 7467252122cb2e7600ce5ab3dce9dac2aa7a0676
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 9 02:22:16 2019 -0500
|
||
|
||
quotes
|
||
|
||
commit 9bea9960173cf06dcbc0aefa2fb3b10df1f84c69
|
||
Merge: 6f94423 af62da3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Dec 9 02:21:47 2019 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit af62da34457a56fee43a6003036a3bb387b23b32
|
||
Merge: 6f94423 d7e2dea
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 20:45:16 2019 +0000
|
||
|
||
Merge pull request #42 from madaidan/permission-hardening
|
||
|
||
File permission hardening
|
||
|
||
commit d7e2deae9250abd79ab83c2025b98476dde710d3
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Dec 8 16:50:54 2019 +0000
|
||
|
||
Create permission-hardening.service
|
||
|
||
commit 6c564f6e9549462412299fd5b2f7e303409c5dad
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Dec 8 16:50:11 2019 +0000
|
||
|
||
Create permission-hardening.conf
|
||
|
||
commit 61e19fa5f1343554e9a213a1a9762cef4707ab3d
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Dec 8 16:49:28 2019 +0000
|
||
|
||
Create permission-hardening
|
||
|
||
commit 6f944234a988b226942832473a5a6825006dcac9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 05:26:29 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit e64741c01e94849f7ad57231a106e45c4fe3dc65
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 05:25:19 2019 -0500
|
||
|
||
readme
|
||
|
||
commit c192644ee328ff8d5d244d10c082b3a871b151b1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 05:21:35 2019 -0500
|
||
|
||
security-misc `/usr/share/pam-configs/permission-lockdown-security-misc` is no longer required, removed.
|
||
|
||
Thereby fix apparmor issue.
|
||
|
||
> Dec 08 09:47:50 host audit[3232]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=3232 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
|
||
> Dec 08 09:47:50 host sudo[3232]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied
|
||
|
||
It is no longer required, because...
|
||
|
||
existing linux user accounts:
|
||
|
||
* Get permission lock down because security-misc `debian/security-misc.postinst` calls `/usr/lib/security-misc/permission-lockdown`.
|
||
|
||
new linux user accounts (created at first boot):
|
||
|
||
* security-misc `/usr/share/pam-configs/mkhomedir-security-misc` pam mkhomedir sets secure permissions using `umask=027`.
|
||
|
||
commit edcc2de71dea9cf2f94ec008d2817a0cdfdf5b7c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 04:38:33 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 1227ccd1f7aa8d96f70d6c5fa20aa985435ca89c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 04:37:53 2019 -0500
|
||
|
||
After=qubes-sysinit.service
|
||
|
||
commit 17d81d0083b05316515461154473c8a5d769b776
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 04:27:01 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit ebae9eef38035a75c8aa3281735eab79ed6f4c46
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 04:25:19 2019 -0500
|
||
|
||
skip sudo_users_check in Qubes
|
||
|
||
Qubes users can use dom0 to get a root terminal emulator.
|
||
|
||
For example:
|
||
qvm-run -u root debian-10 xterm
|
||
|
||
commit 53e4717c629039104f45a1da8251e3dd1b5e3baa
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 04:05:29 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit bc45ed385e5a2b1b53f81915698e1176359dedf7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 04:03:02 2019 -0500
|
||
|
||
readme
|
||
|
||
commit ac96708b243a766d65e39a037bcf142e526a2382
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 04:01:11 2019 -0500
|
||
|
||
improve usr/bin/hardening-enable
|
||
|
||
commit a345a0fb64f7b8421356b913730284b0e6e3e953
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 03:27:12 2019 -0500
|
||
|
||
abort installation if ssh.service is enabled but no user is member of group ssh
|
||
|
||
commit 50ac03363f6074cc88b6a7c965a822335624924c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 03:18:32 2019 -0500
|
||
|
||
output
|
||
|
||
commit c7c65fe4e7a1fb73921a1b8de25662ff2a21e2a8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 03:15:53 2019 -0500
|
||
|
||
higher priority usr/share/pam-configs/tally2-security-misc
|
||
|
||
so it can give info before pam stack gets aborted by other pam modules
|
||
|
||
commit 3bd0b3f837d5ad8c87e59b99c6baef1e2c74507b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 03:10:41 2019 -0500
|
||
|
||
notify when attempting to use ssh but user is member of group ssh
|
||
|
||
commit cea598dc1a96245c4ccd00646e9790f3c9635ffe
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 02:43:05 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 54f5e02c2192a1cd6a30bc04abd77b177b1953c3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 02:42:30 2019 -0500
|
||
|
||
comment
|
||
|
||
commit b4265195f4823618c60274458f885ef61c2452e1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 02:41:36 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 0f65b2e85c74a379d8ec5321b13e7e332d8eaaa3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 02:38:19 2019 -0500
|
||
|
||
abort installation if no user is a member of group "console"; output
|
||
|
||
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/7
|
||
|
||
commit 1dbca1ea2d80ff7f60a0f426b444994d6bd97d30
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 02:27:09 2019 -0500
|
||
|
||
add usr/bin/hardening-enable
|
||
|
||
commit 19cc6d7555364c5d2ee548899679c153e1555a20
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 02:10:43 2019 -0500
|
||
|
||
pam description
|
||
|
||
commit 24423b42f0dc23704bddbb0f205ad3115e77d90f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 02:03:05 2019 -0500
|
||
|
||
description
|
||
|
||
commit 6b01e5be149f9126308404e6a32931efb3bac277
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 02:01:22 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 66bebefc9fa26341c41847f35f26e16df3ce0a37
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 02:00:23 2019 -0500
|
||
|
||
description
|
||
|
||
commit 52e0f104cc6edf1fe0953ca815445c351f813812
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 01:59:55 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 731d486fa061756b129188959230cb8bf1d78fae
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 01:58:58 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit 221a2df2a2621b1d3f391ee3265af7d4f35e1b2b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 01:58:37 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit b871421a542af37771dbe56f09cc16472aa691c7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 01:57:43 2019 -0500
|
||
|
||
usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc
|
||
|
||
commit d36669596f4c71ce885e46fce66fffc7a7443d27
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 01:56:30 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 1a0f353708832217b9bc5e3ecd044605de6adca0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 01:47:40 2019 -0500
|
||
|
||
comment
|
||
|
||
commit eed1f0a4620d7db5933fb29189328c934db50d9e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 01:46:32 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 2491b6239319c52221f6c58fcfa1c3a247a9ee30
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 01:43:45 2019 -0500
|
||
|
||
refactoring, add all groups first before adding any users to any groups
|
||
|
||
commit 1464f01d191ee4e01ed2ec94f4faf8d17ec62b03
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 01:30:42 2019 -0500
|
||
|
||
description
|
||
|
||
commit 491dd4d93d133ca23eaf5c501b7ab3d3bbf52a27
|
||
Merge: 9432d16 a78a7e5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 01:22:16 2019 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit a78a7e5571b178cbf4cddd065306d130431bc185
|
||
Merge: 373e873 6846a94
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 8 06:21:44 2019 +0000
|
||
|
||
Merge pull request #41 from madaidan/system.map
|
||
|
||
Check for more locations of System.map
|
||
|
||
commit 6846a943277c5ad9049cbf3e21fcd739c316cf44
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Dec 7 19:38:12 2019 +0000
|
||
|
||
Check for more locations of System.map
|
||
|
||
commit 9432d1637866087bcc2f1bf0837535a10f96faeb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 12:13:42 2019 -0500
|
||
|
||
/usr/bin/cat mrix,
|
||
|
||
commit 373e8733d37cb795c7c48642346b0b6dc6dce30c
|
||
Merge: c1800b1 447eb14
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 11:34:42 2019 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 447eb144325a532b0aaf7ce772d5a04005b2af1f
|
||
Merge: c1800b1 668b642
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 16:34:21 2019 +0000
|
||
|
||
Merge pull request #40 from madaidan/system.map
|
||
|
||
Remove hyphen from remove-system.map
|
||
|
||
commit c1800b13fe33a1c129dcb30c51dbead7f894b818
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 11:26:39 2019 -0500
|
||
|
||
separate group "ssh" for incoming ssh console permission
|
||
|
||
Thanks to @madaidan
|
||
|
||
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16
|
||
|
||
commit 668b6420de8024fdeaf948f1750beb8b62d9ffb7
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Dec 7 14:15:02 2019 +0000
|
||
|
||
Remove hyphen
|
||
|
||
commit 55225aa30e78e9a988527ed2da2019dc0a0b2631
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 07:16:07 2019 -0500
|
||
|
||
description
|
||
|
||
commit 34a2bc16c85b06e1eccb2f72da89e198184ba72c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 07:15:58 2019 -0500
|
||
|
||
description
|
||
|
||
commit d823f06c7858c1380325e3dbbbcfb1854fa64309
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 07:13:42 2019 -0500
|
||
|
||
description
|
||
|
||
commit 9ba84f34c68263e5151d5b54264c1edb90603424
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 06:51:59 2019 -0500
|
||
|
||
comment
|
||
|
||
commit dc1dfc8c20218a5ca986f49dc96cbfc71d50533e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 06:51:16 2019 -0500
|
||
|
||
output
|
||
|
||
commit 8636d2f62995947620fbbd76fc653aab89dda7eb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 06:51:10 2019 -0500
|
||
|
||
add securetty
|
||
|
||
commit 532a1525c2350a634b14a84d94997b8db81243a0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 06:26:55 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 14aa6c50774786890686fee2a6d6eed49dadcac1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 06:26:23 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 8b3f5a555ba04bb1d2e6bafb8345782aae875a51
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 06:25:45 2019 -0500
|
||
|
||
add console lockdown to pam info output
|
||
|
||
commit 021b06dac95dd742952446e9ff455305c7d2b09b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 06:04:45 2019 -0500
|
||
|
||
add hvc0 to hvc9
|
||
|
||
commit 8a59662a44ea46c5ba86be82ec2bc43e912c79be
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 06:02:45 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 090ddbe96a48424e0e3f187b917e023f9b710798
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 06:00:41 2019 -0500
|
||
|
||
description
|
||
|
||
commit cda67247557ce2028017ba4e6e8824c2ae2f5118
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 05:56:57 2019 -0500
|
||
|
||
add pts/0 to pts/9
|
||
|
||
commit 218cbddba9b053eac4ecb486ea7fbc9e160f18c6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 05:52:06 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 6479c883bf04464b299ce42185df2429f7b5cab5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 05:40:20 2019 -0500
|
||
|
||
Console Lockdown.
|
||
|
||
Allow members of group 'console' to use tty1 to tty7. Everyone else except
|
||
members of group 'console-unrestricted' are restricted from using console
|
||
using ancient, unpopular login methods such as using /bin/login over networks,
|
||
which might be exploitable. (CVE-2001-0797)
|
||
|
||
Not enabled by default in this package since this package does not know which
|
||
users shall be added to group 'console'.
|
||
|
||
In new Whonix builds, user 'user" will be added to group 'console' and
|
||
pam console-lockdown enabled by package anon-base-files.
|
||
|
||
/usr/share/pam-configs/console-lockdown
|
||
|
||
/etc/security/access-security-misc.conf
|
||
|
||
https://forums.whonix.org/t/etc-security-hardening/8592
|
||
|
||
commit 52934c9288a596b233c1ce3b5f68a29248602c96
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 02:02:32 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 6faa977cd73efd90809c7034d15102095adcfe63
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 02:02:06 2019 -0500
|
||
|
||
readme
|
||
|
||
commit 6d92d03b31c8251d3df72aab5e9dfa3327feed1c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 01:54:50 2019 -0500
|
||
|
||
description
|
||
|
||
commit 5a4eda0d05bc57680e3f3df2b84471f5f16b8356
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 7 01:53:33 2019 -0500
|
||
|
||
also support /usr/local/etc/remount-disable and /usr/local/etc/noexec
|
||
|
||
commit 0afcc5e798823f4ed3eff2d5f94b3d3fe8ad5069
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 6 12:43:21 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 2954dcbccfb2990e95056d20fc9b279569dcacee
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 6 12:24:55 2019 -0500
|
||
|
||
minor
|
||
|
||
commit f3647e74787483f0d8076de742cc6f36645f1396
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 6 12:18:18 2019 -0500
|
||
|
||
RemainAfterExit=yes
|
||
|
||
commit af0cf058e7ad5b26c708b1013d8ca8dc172a15e8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 6 11:18:20 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit 9b14f24d5e24ac4a6facb20d4fd436f35bed305f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 6 11:17:32 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit a6133f59125db7482c3f56110ce6ba1a17d15e09
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 6 11:16:43 2019 -0500
|
||
|
||
output
|
||
|
||
commit c1ea35e2ef54119d940b225da41c87e6db32981e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 6 11:15:54 2019 -0500
|
||
|
||
output
|
||
|
||
commit 4bec41379d2baaa81930395ff2329ff42f10ff13
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 6 11:15:13 2019 -0500
|
||
|
||
fix remount with noexec if /etc/noexec exists
|
||
|
||
commit bff425fec2adc3c80fee50466ef81bec19c237cf
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 6 09:32:18 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit b22289f2a8e77ccd9a693871612b61842b1f48c8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 6 09:30:05 2019 -0500
|
||
|
||
readme
|
||
|
||
commit 470cad6e9176f57d33b038640b20443c3fa971fc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Dec 6 05:14:02 2019 -0500
|
||
|
||
remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
|
||
|
||
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
|
||
|
||
commit 8cf5ed990a3940c108d661c6c169b5720b1459d1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Dec 5 15:52:24 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 19add3299c9215d05208e3c2e748527bf87e66b5
|
||
Merge: 0c25a96 9679292
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Dec 5 15:46:19 2019 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 96792928787c1c129a964bd81e97450d2edb29a6
|
||
Merge: 0c25a96 af9e19c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Dec 5 20:33:47 2019 +0000
|
||
|
||
Merge pull request #39 from madaidan/rp_filter
|
||
|
||
Enable reverse path filtering
|
||
|
||
commit af9e19c51f256504c5c2206e31da1911872b6ef8
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Dec 5 20:14:55 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit 30289c68c24a8aa2ce5f336b79f92cffb7aa98c7
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Dec 5 20:13:10 2019 +0000
|
||
|
||
Enable reverse path filtering
|
||
|
||
commit 0c25a96b59b5bb55c04c88015eb8b50d79815a23
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 3 02:18:32 2019 -0500
|
||
|
||
description / comments
|
||
|
||
commit d26ba05c4776cdff0750b872f3da70fd25fca1f4
|
||
Merge: 6ca48ff 73c6410
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 3 01:52:04 2019 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 73c6410a0e1e6e56529ba8ea98681867bd8acb37
|
||
Merge: 6ca48ff 8d63da3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 3 06:51:31 2019 +0000
|
||
|
||
Merge pull request #38 from madaidan/distrust-cpu
|
||
|
||
Distrust the CPU for initial entropy
|
||
|
||
commit 8d63da3cef6e114deaa6943ea9a633d6620a974b
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Dec 2 16:46:12 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit 5da2a27bf064d6efefd0d0ba8041e85c4941d3a2
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Dec 2 16:43:00 2019 +0000
|
||
|
||
Distrust the CPU for initial entropy
|
||
|
||
commit 6ca48fffdcab8665d75584435dd6a24d6b881347
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 28 10:22:41 2019 -0500
|
||
|
||
bumped changelog version
|
||
|
||
commit ab696f557140fca19c09ac08ba61e9ce55947ed8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 28 10:05:39 2019 -0500
|
||
|
||
readme
|
||
|
||
commit 25aed91eb167a092ece06a9aa4ab56fea165073e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 28 09:20:46 2019 -0500
|
||
|
||
description
|
||
|
||
commit 0c4e5df3e0214c10390b672645d9f80ef4457392
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 28 09:18:05 2019 -0500
|
||
|
||
description
|
||
|
||
commit 5ac2a6f9ac53f75256c655d329149bccd2d9aa37
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 28 09:17:32 2019 -0500
|
||
|
||
description
|
||
|
||
commit ff3412fbe06476cb295dfd9d61b26694f289d389
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Nov 27 10:22:31 2019 -0500
|
||
|
||
fix, make sure to undo pam changes on package removal
|
||
|
||
Thanks to minimal for the bug report!
|
||
|
||
https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/11
|
||
|
||
commit 62b924eea7d50f58649e089ff9cf8d73075cac63
|
||
Merge: 9091f69 ba02dcb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Nov 26 13:00:36 2019 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit ba02dcb267a95d332bd01bb3fc725e051ccb3246
|
||
Merge: 9091f69 d9d6d07
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Nov 26 18:00:11 2019 +0000
|
||
|
||
Merge pull request #37 from madaidan/apparmor-fixes
|
||
|
||
Fix permission-lockdown
|
||
|
||
commit d9d6d0771433700f49c4ddf156a0b5bc7098d94b
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Nov 26 17:12:12 2019 +0000
|
||
|
||
/dev/pts/[0-9]* rw,
|
||
|
||
commit 9091f69eddb76059995e2f44734437746a3fd108
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Nov 25 08:51:36 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 57ce06c0ebaa1e451c39b85c8db27babed4b149e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Nov 25 08:41:45 2019 +0000
|
||
|
||
readme
|
||
|
||
commit aa5451c8cda02e6df3dc089bf813e6acd9878a59
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Nov 25 01:39:53 2019 -0500
|
||
|
||
Lock user accounts after 50 rather than 100 failed login attempts.
|
||
|
||
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19
|
||
|
||
commit 6277db1383451822769948bbebac31f719e98e74
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Nov 23 14:07:45 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 6a6a638ef01d337da137dc04bcff984f7a36f425
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Nov 23 14:06:28 2019 +0000
|
||
|
||
readme
|
||
|
||
commit fe1f1b73a77d11c136cedcdb3efcb57f4c68c6af
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Nov 23 11:20:32 2019 +0000
|
||
|
||
load jitterentropy_rng kernel module for better entropy collection
|
||
|
||
https://www.whonix.org/wiki/Dev/Entropy
|
||
|
||
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972
|
||
|
||
https://forums.whonix.org/t/jitterentropy-rngd/7204
|
||
|
||
commit d32024a3da3cdfbb07f61dd3e9a52535e747de6b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Nov 23 05:53:19 2019 -0500
|
||
|
||
/usr/sbin/pam_tally2 mrix,
|
||
|
||
https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/152
|
||
|
||
commit 03e80238477bef26cf14a86a136d2ab688c87d08
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Nov 22 14:11:30 2019 -0500
|
||
|
||
output
|
||
|
||
commit e76e1475b0009451b930061bff553684b6490d33
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Nov 22 12:24:35 2019 -0500
|
||
|
||
comment
|
||
|
||
commit a99dfd067ac8a43bdcd779cf57b3533bdaa404fb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Nov 19 15:31:55 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 81e4f580af1ea12e79e387d4977771f37c50e7c1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Nov 19 15:29:02 2019 +0000
|
||
|
||
etc/apparmor.d/usr.lib.security-misc.permission-lockdown: /usr/bin/chmod mrix,
|
||
|
||
commit 8ad8dbea5a5c0bacd03cefb66ad8a1989e1cb0fb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Nov 18 19:16:16 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 9a20b85fe16584dda909fd5f1aa6bbb62d06bcf0
|
||
Merge: 477d476 2b17c0f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Nov 17 11:20:17 2019 -0500
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 2b17c0f3e4dcd7cb9f2239da649b4a885c27e7cf
|
||
Merge: 477d476 e92022a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Nov 17 16:19:55 2019 +0000
|
||
|
||
Merge pull request #36 from madaidan/hidepid-fix
|
||
|
||
Remove proc-hidepid systemd sandboxing
|
||
|
||
commit e92022a21cbe2df76026b36482f5c71e3471b344
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Nov 16 14:56:28 2019 +0000
|
||
|
||
Remove systemd sandboxing
|
||
|
||
commit 477d476bb1a7507951c2c04622056de5a8d41a56
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Nov 10 08:29:44 2019 -0500
|
||
|
||
etc/apparmor.d/usr.lib.security-misc.pam_tally2-info: add '#include <abstractions/base>'
|
||
|
||
commit 11dc23bf082cb0579b5a4a1bc5788ec0b5140973
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Nov 10 08:28:32 2019 -0500
|
||
|
||
etc/apparmor.d/usr.lib.security-misc.permission-lockdown: add '#include <abstractions/base>'
|
||
|
||
commit d1d61b106b54a360ca71bb506e2410ac70ea07ed
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Nov 9 18:44:50 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 9f2932faab4be91528f3404fcbace7012040dac5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Nov 9 13:32:21 2019 -0500
|
||
|
||
/usr/bin/id rix,
|
||
|
||
commit 6b7df973f621dc9cbe107ee5d709600005f49e65
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Nov 9 12:57:45 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 2e73c053b561eb2ffcd815cba8006da810b02184
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Nov 9 12:55:00 2019 +0000
|
||
|
||
fix lintian warning
|
||
|
||
commit 6e28774f95414c5660b76fca3696710beb2affa2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Nov 9 12:23:15 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 94d40c68d4292c0c399c3b12e1af76cb89e7f436
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Nov 5 10:02:55 2019 -0500
|
||
|
||
do not set kernel boot parameter page_poison=1 in Qubes since does not work
|
||
|
||
https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012
|
||
|
||
commit f57702c1589047f5d0eff7a7bdffb928117532f6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Nov 5 09:55:43 2019 -0500
|
||
|
||
comments; copyright
|
||
|
||
commit 74293bcd2f2670abf3e62ac8dad54d9f4e545bb1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Nov 5 01:59:25 2019 -0500
|
||
|
||
output
|
||
|
||
commit 2b5b06b602f9537c9a5473651cd1a16a4e16e5ba
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Nov 5 01:59:19 2019 -0500
|
||
|
||
output
|
||
|
||
commit d6977becbaf644cdc98c081b3c3e3fd366c4072d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Nov 5 01:51:14 2019 -0500
|
||
|
||
refactoring
|
||
|
||
commit daf00067953a61d749a07a0e0b4ec7cd397e4c39
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Nov 5 01:50:27 2019 -0500
|
||
|
||
comment
|
||
|
||
commit 78defc4d0bedf4a727d617f3de0294d9f59e3aa9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Nov 3 04:34:31 2019 -0500
|
||
|
||
add /var/cache/security-misc/state-files/placeholder file
|
||
|
||
to make sure folder already exists to avoid AppArmor issue
|
||
|
||
https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/76
|
||
|
||
commit 7c0ec7e50797c0da719f389e61445ff7d8e252b3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Nov 3 04:23:40 2019 -0500
|
||
|
||
readme
|
||
|
||
commit b55c2fd62e200f96bd552445ad4c517d6a0aee92
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Nov 3 02:50:51 2019 -0500
|
||
|
||
Enables punycode (`network.IDN_show_punycode`) by default in Thunderbird
|
||
to make phising attacks more difficult. Fixing URL not showing real Domain
|
||
Name (Homograph attack).
|
||
|
||
https://forums.whonix.org/t/enable-network-idn-show-punycode-by-default-in-thunderbird-to-fix-url-not-showing-real-domain-name-homograph-attack-punycode/8415
|
||
|
||
commit bf62306d4fc3b3168204254ca354028a1fe857a7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 31 16:34:35 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit e1375802eb1521eb0bc9089f2ab12056fa326f17
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 31 16:32:28 2019 +0000
|
||
|
||
apparmor fix
|
||
|
||
https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/67
|
||
|
||
commit 6e5d8b357d977991953e153d618dbdda2b05c0e6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 31 16:06:51 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 203d5cfa6845e23d73ff3790019bac9579f3524b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 31 11:19:44 2019 -0400
|
||
|
||
copyright
|
||
|
||
commit f001250ae61789bef7b2b19d5c40831273b0acca
|
||
Merge: d832ab9 5a3cbe8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 28 10:31:30 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 5a3cbe81000c3a9bbc69ba03c944c6c5ae9115bf
|
||
Merge: d832ab9 0e49bdc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 28 14:30:45 2019 +0000
|
||
|
||
Merge pull request #35 from madaidan/apparmor
|
||
|
||
Apparmor profiles
|
||
|
||
commit 0e49bdc45f6c94b3f6c2874fd48a6b1c75519790
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Oct 28 14:26:14 2019 +0000
|
||
|
||
Licensing
|
||
|
||
commit 5d5ad92638ea0ca079bbf8bb03201e8d5c030b1c
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Oct 28 14:26:05 2019 +0000
|
||
|
||
Licensing
|
||
|
||
commit 0699747fcb6d79ba6abeccdba99c3bc032c615c6
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Oct 28 14:24:37 2019 +0000
|
||
|
||
Debian packaging
|
||
|
||
commit fe4e29d392ed8db5571d69b10ef0f8a24eec1829
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Oct 28 14:22:47 2019 +0000
|
||
|
||
Depend on dh-apparmor
|
||
|
||
commit 1b8b3610b17ae31bc81c3827cea24bd09822a0e3
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Oct 28 14:20:59 2019 +0000
|
||
|
||
Create usr.lib.security-misc.pam_tally2-info
|
||
|
||
commit 29b05546e4248bdf95b62ea356bd98767e3a59b0
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Oct 28 14:20:08 2019 +0000
|
||
|
||
Create usr.lib.security-misc.permission-lockdown
|
||
|
||
commit d832ab91bdd9cdbf2a9c3bbee39351082a59f759
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Oct 23 10:22:03 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit bce5274a15e4d34907c2f65b9811dd44705c120e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Oct 22 09:22:29 2019 -0400
|
||
|
||
quotes fix
|
||
|
||
commit e20b9e21334ef9e16e1fd147fec4ff33f0721d4a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Oct 22 09:08:18 2019 -0400
|
||
|
||
better solution when using pkexec with --user: wrap sudo --user with lxqt-sudo
|
||
|
||
commit d4e02de43a068a22a9fd1b15c4d2b314baf97283
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Oct 22 09:04:44 2019 -0400
|
||
|
||
set SUDO_ASKPASS for pkexec wrapper when using sudo --askpass
|
||
|
||
commit 1a65a91039276f73c68feb5c19b1a3dd86b07cbb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Oct 22 08:56:05 2019 -0400
|
||
|
||
long rather than short option
|
||
|
||
commit b55913637bb66b3c1e9fcab3d1576cb1325419ea
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Oct 22 08:54:48 2019 -0400
|
||
|
||
silence output by mount/grep
|
||
|
||
commit a1154170c9f65011ae1a9da51ea1d797381853a7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Oct 22 08:54:17 2019 -0400
|
||
|
||
Call original pkexec in case there are no arguments.
|
||
|
||
commit 9c8f678cb935d5d63b238d4641bde84c5495127b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 21 09:55:41 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 1e4d0ea1d072c193281ac176592108c88e80bad0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 21 09:55:05 2019 +0000
|
||
|
||
fix lintian warning
|
||
|
||
commit 343d9cc9169dd3e0b4afebaeaa43d0051cbb5e37
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 21 09:53:55 2019 +0000
|
||
|
||
fix
|
||
|
||
commit 2d436f36021d1148862ff5e2db62577580761bf6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 21 09:51:36 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit af3f42dabf708b6f6e2c4e2595d6af496b520372
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 21 09:51:12 2019 +0000
|
||
|
||
readme
|
||
|
||
commit 40707e70dbbf74e5ee3cd25bd2737f880d4bca5c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 21 05:46:49 2019 -0400
|
||
|
||
Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid.
|
||
|
||
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040
|
||
|
||
https://forums.whonix.org/t/cannot-use-pkexec/8129
|
||
|
||
Thanks to AnonymousUser for the bug report!
|
||
|
||
commit 31b771ac2e1cd692851f0d58191c3147d4a09335
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Oct 18 10:39:43 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 2613525b945c98c676a919cb4a9d54b90e51cbbf
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Oct 18 10:39:19 2019 +0000
|
||
|
||
readme
|
||
|
||
commit 957deac5cb1e3fdf54990bad21c502388af2407e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Oct 18 10:38:25 2019 +0000
|
||
|
||
fix lintian warning
|
||
|
||
W: security-misc: maintainer-script-should-not-parse-etc-passwd-or-group preinst:19
|
||
|
||
commit d301e7f3653bdb4b56c42deab9d0566ff1b27380
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Oct 18 10:36:44 2019 +0000
|
||
|
||
description, fix lintian warning
|
||
|
||
commit ce6b64a9baba3763f2137c81c1e022c4e6344d3c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Oct 18 08:55:07 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 20b7faa61fb7c425f15492fd8aaa67e4fe06a6d9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Oct 18 08:54:43 2019 +0000
|
||
|
||
readme
|
||
|
||
commit c9d75ef9ea76fee0cff882143f289d9662826330
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 17 06:46:47 2019 -0400
|
||
|
||
abort installation if no user is part of group sudo
|
||
|
||
https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4
|
||
|
||
Thanks to minimal for the bug report!
|
||
|
||
commit a5045dc26e3b7d6acd6ae2c5727920824f992cc7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 17 06:18:32 2019 -0400
|
||
|
||
set -e
|
||
|
||
commit 0b8725306f2c603c28ab78be7000df25ca2ea430
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 17 06:13:44 2019 -0400
|
||
|
||
renamed: etc/hide-hardware-info.d/30_whitelist.conf -> etc/hide-hardware-info.d/30_default.conf
|
||
|
||
commit 4aba02756680eb5e0dac9d84ba434edd735c68c1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 17 06:12:36 2019 -0400
|
||
|
||
syntax check
|
||
|
||
commit 8b9aa8841a67adb9b3b64a1d43022e950768bc42
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 17 06:11:01 2019 -0400
|
||
|
||
fix
|
||
|
||
commit cfbd77040a51b68dc6e3c1f8f82861cfc4b6e761
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 17 06:10:29 2019 -0400
|
||
|
||
set "shopt -s nullglob" to avoid failing when folder /etc/hide-hardware-info.d
|
||
does not exist or is empty
|
||
|
||
commit b05663c5f65f59ce652995c403feb9b4e088b4ec
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 17 06:08:55 2019 -0400
|
||
|
||
shuffle
|
||
|
||
https://forums.whonix.org/t/restrict-hardware-information-to-root/7329/80
|
||
|
||
commit 28a440091dd98fd4f3284cce01d692c08aa96bf1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 17 06:08:16 2019 -0400
|
||
|
||
code simplification
|
||
|
||
commit 3c4e261c20ce7cab51ad9b6596db09e009efbdeb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 17 06:05:23 2019 -0400
|
||
|
||
remove trailing spaces
|
||
|
||
commit c8e0303d6d59e3303c0582ff8ab2664762199c81
|
||
Merge: 4b1b3b7 8a42c5b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 17 06:04:34 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 8a42c5b02387da454ff5661057be88a7c6fe9d9c
|
||
Merge: 994ca02 61f7423
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 17 09:59:12 2019 +0000
|
||
|
||
Merge pull request #34 from madaidan/whitelist
|
||
|
||
Add a whitelist for /sys and /proc/cpuinfo
|
||
|
||
commit 994ca024c24cf80075b2f03bc65475a5d9980d94
|
||
Merge: 4b1b3b7 259b1f2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Oct 17 06:19:46 2019 +0000
|
||
|
||
Merge pull request #33 from madaidan/documentation
|
||
|
||
Improve documentation
|
||
|
||
commit 61f742304d26e73df8433bd6fa03d33d39e39625
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Oct 16 19:46:59 2019 +0000
|
||
|
||
return 0
|
||
|
||
commit 259b1f2c71ec4566011a148e5bc703a41f0ebd90
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Oct 16 19:21:24 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit ffba0e017940d2be08c1e37514d396ac39f55e35
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Oct 16 19:04:15 2019 +0000
|
||
|
||
Elaborate
|
||
|
||
commit 4f5b7816ecda6375b051c75a3b0aff93519b4a66
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Oct 16 19:01:49 2019 +0000
|
||
|
||
Elaborate
|
||
|
||
commit 99a762d3dc6ecbdb160b7840081848444b56c3fa
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Oct 16 18:53:04 2019 +0000
|
||
|
||
KASLR is different from ASLR
|
||
|
||
commit a14a2854c6e72f2b4b3e5c8d02b63a46c3179a00
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Oct 16 18:52:14 2019 +0000
|
||
|
||
Elaborate
|
||
|
||
commit f08c03ab21126b2d3ef5d4c2e4e3f0eae14fa5c0
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Oct 16 15:39:23 2019 +0000
|
||
|
||
Restrict sysfs/cpuinfo if the whitelist is disabled
|
||
|
||
commit af607d5eb233d85d493d796afde76728f0e0e3cd
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Oct 15 21:02:03 2019 +0000
|
||
|
||
Create sysfs and cpuinfo groups
|
||
|
||
commit 42c1701d5ca446da37a493b27c125b78bd8d183d
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Oct 15 21:00:03 2019 +0000
|
||
|
||
Whitelist user@.service
|
||
|
||
commit a47a2fca8bcdf8ff480cea879720b9599c491358
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Oct 15 20:58:58 2019 +0000
|
||
|
||
Create 30_whitelist.conf
|
||
|
||
commit 6b78dbcd07a9d2361c5ab41f5151e24a80309e13
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Oct 15 20:57:02 2019 +0000
|
||
|
||
Add way to whitelist things
|
||
|
||
commit 4b1b3b7d6675adbde57d9cf5cbcc880f95199ef1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 14 10:23:01 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit c19964360a6d42e73e5d2f3b90afd5f676933d30
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 14 10:10:08 2019 +0000
|
||
|
||
readme
|
||
|
||
commit c22738be027f69391a4ac40ce85bfacf35ff1742
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 7 08:25:45 2019 +0000
|
||
|
||
comments
|
||
|
||
commit 75f36bc2c9bf5c50061f05198c504d84b128e5da
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 7 08:25:07 2019 +0000
|
||
|
||
comments
|
||
|
||
commit e92a8a69665f982e8b5a37f7081fa75197cde828
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 7 08:24:02 2019 +0000
|
||
|
||
comments
|
||
|
||
commit 60c044a9d669dd816ff473f19e19b87f87cc9008
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 7 05:30:56 2019 +0000
|
||
|
||
copyright / comments
|
||
|
||
commit cd2135ff82de82278eaa680d30bea2fe68f94f52
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Oct 6 10:18:24 2019 +0000
|
||
|
||
comments
|
||
|
||
commit 8b4f2befd46d4db4d2a83d9e79ebcf9abf98fd02
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 13:15:34 2019 +0000
|
||
|
||
comment out sack by default
|
||
|
||
https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/8?u=patrick
|
||
|
||
commit 02096f8d7c7ee1f61285cf96564616f2828aa6c2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 13:13:46 2019 +0000
|
||
|
||
Revert "undo Disabling TCP SACK, DSACK, FACK"
|
||
|
||
This reverts commit 5fb4eb8e561e7c37cea977072944501fc32ee883.
|
||
|
||
commit 62a0239207ee355e3d07e0097c963a0ded496e76
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 11:33:15 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 54b83ae44dbda76b9b2696488194b53612bfc377
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 07:20:18 2019 -0400
|
||
|
||
readme
|
||
|
||
commit 5fb4eb8e561e7c37cea977072944501fc32ee883
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 07:00:47 2019 -0400
|
||
|
||
undo Disabling TCP SACK, DSACK, FACK
|
||
|
||
https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/5
|
||
|
||
commit c19942f72b8d74056dd8da8c3cd9ac7e0fbe8991
|
||
Merge: 213aef6 a33851a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 06:58:27 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit a33851a3c99a5eb9021d2d28b3164ed10025fbd9
|
||
Merge: 213aef6 d0c6bb1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 10:58:08 2019 +0000
|
||
|
||
Merge pull request #32 from madaidan/disable-dsack-fack
|
||
|
||
Disable TCP DSACK and FACK
|
||
|
||
commit 213aef6eb9288efffe9fb0458f0aa8a44a6dafa6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 09:40:26 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit aaebb32b668f4447c011f4e150f959c8d0e1ce09
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 09:39:05 2019 +0000
|
||
|
||
readme
|
||
|
||
commit c87fc75f2a7d6ed38362729d27030f83b08292d3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 09:36:21 2019 +0000
|
||
|
||
fix, run remove-system-map.service during sysinit.target
|
||
|
||
commit 25b674678472623c06d948f4cbb967f360ba15f0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 09:14:54 2019 +0000
|
||
|
||
fix systemd unit file proc-hidepid.service: WantedBy=sysinit.target
|
||
|
||
commit d2bc3a2a08a00c68f05ed99caf16aad0b1e11ea4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 09:14:41 2019 +0000
|
||
|
||
chmod +x usr/lib/security-misc/hide-hardware-info
|
||
|
||
commit ffe0d62c8148ec60f7528002e988b969ebb868ca
|
||
Merge: ddc778b 7bcf73d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 04:49:05 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 7bcf73deaa1c77f9c650d8844ad94d24e38746fd
|
||
Merge: ddc778b 7345287
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Oct 5 08:46:21 2019 +0000
|
||
|
||
Merge pull request #31 from madaidan/hide-hardware-info
|
||
|
||
Restrict /proc/cpuinfo, /proc/bus, /proc/scsi and /sys to root
|
||
|
||
commit d0c6bb1e9064ffdf45f7ac606f708c3f5e7dc247
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Fri Oct 4 17:35:54 2019 +0000
|
||
|
||
Disable TCP DSACK and FACK
|
||
|
||
commit 7345287560bc701f8b4aead985238d66104b228c
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Fri Oct 4 17:32:52 2019 +0000
|
||
|
||
Use sysinit.target instead
|
||
|
||
commit e06eeec6788a46a28682b2c83f1de9f83eacf3bd
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Oct 3 21:42:06 2019 +0000
|
||
|
||
Disable hide-hardware-info.service by default
|
||
|
||
commit 87917d2f03d5e510f4e2cbdbea2a7692146e820b
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Oct 3 21:38:07 2019 +0000
|
||
|
||
Add licensing
|
||
|
||
commit b06ab912c04d3d8746afa7492d0c3bb17bf71932
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Oct 3 21:37:29 2019 +0000
|
||
|
||
Add licensing
|
||
|
||
commit ec5fcf813b80347e5d8aa55dbd5d77860e62ccc6
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Oct 3 20:50:48 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit ce97e5ed8203809619d8fdf630242712c188cede
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Oct 3 20:45:29 2019 +0000
|
||
|
||
Create hide-hardware-info.service
|
||
|
||
commit 9449f5017a6feff7e70d625d54d75d514ed2e596
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Oct 3 20:45:14 2019 +0000
|
||
|
||
Create hide-hardware-info
|
||
|
||
commit ddc778b45281b9f7f42496ffbd4f2137d6fa9d5a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 16 13:34:11 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 75258843e9d4da9b0be7aec42528e093e0861992
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 16 13:03:43 2019 +0000
|
||
|
||
copyright
|
||
|
||
commit 8e39cea876a8ff9ca496b9230dd13e4201f1e2f6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 16 13:03:25 2019 +0000
|
||
|
||
comment
|
||
|
||
commit bac462f2112d0290cad82717e1efed19c8fafac5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 16 13:03:02 2019 +0000
|
||
|
||
comment
|
||
|
||
commit bec680d4f3ccc406c5d8c5a67d7957be04f6a0de
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 16 12:30:23 2019 +0000
|
||
|
||
pam_tally2-info: fix, do nothing when started as user "user"
|
||
|
||
xscreensaver runs as user "user", therefore pam_tally2 cannot function.
|
||
xscreensaver has its own failed login counter.
|
||
|
||
as user "user"
|
||
/sbin/pam_tally2 -u user
|
||
pam_tally2: Error opening /var/log/tallylog for update: Permission denied
|
||
/sbin/pam_tally2: Authentication error
|
||
|
||
https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
|
||
|
||
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698
|
||
|
||
commit c2e444479cf723a7ddb3c51cd6394795daba108e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Sep 15 14:08:13 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit c9425a1404af73bf5d92fd7d1665130335d9e789
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Sep 15 14:07:50 2019 +0000
|
||
|
||
readme
|
||
|
||
commit 619550da2393dfe683be827a51d4390b6280ace1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Sep 15 14:00:24 2019 +0000
|
||
|
||
description
|
||
|
||
commit b95b66e42986a359835127d6c56aabb1e9d9008f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Sep 15 13:56:37 2019 +0000
|
||
|
||
description
|
||
|
||
commit ae804a15e73a4a8b9ef3b605e3fca7ba24e135a6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Sep 15 13:21:02 2019 +0000
|
||
|
||
description
|
||
|
||
commit 3d187dab99cd6d0a2906e73c86e0dd8c94cbc648
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Sep 12 12:50:42 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit f13a73e569e6adacd38aaa59f4484919a3896359
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Sep 10 12:35:42 2019 -0400
|
||
|
||
undo SysRq restrictions
|
||
|
||
https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079
|
||
|
||
commit fbd1a5bde922be9c571d54567c977618e2c4bfc5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Sep 10 12:23:00 2019 -0400
|
||
|
||
hidepid before sysinit.target
|
||
|
||
commit 1f75a1065049a1c75e0cb597f2bcc1a8e0eca93b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 9 12:10:24 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 1b4391417619a51cfe22d9eee21d9fa644d145b6
|
||
Merge: 9d875d7 d0b3bc7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 9 11:45:36 2019 +0000
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit d0b3bc7d3da6a4e3a04adb85cc5c7aa6c22bb466
|
||
Merge: 9d875d7 60db7e6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Sep 9 11:45:19 2019 +0000
|
||
|
||
Merge pull request #30 from madaidan/patch-23
|
||
|
||
fix typo
|
||
|
||
commit 60db7e6294ab405a862c1cbc62140c9e89208b25
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Sep 7 20:08:56 2019 +0000
|
||
|
||
fix typo
|
||
|
||
commit 9d875d7c31b4cd15873709c57ebb338d89477ab5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Sep 7 06:11:32 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit b3103b1ba8a1b8d7718ee167230dc938bc8b64b4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Sep 7 06:10:35 2019 +0000
|
||
|
||
readme
|
||
|
||
commit 7affddb3bbfaa8183bad5986dbbb6ea728df1fe4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Sep 7 05:47:34 2019 +0000
|
||
|
||
blacklist modules with /bin/false rather than /bin/true to fail with error
|
||
|
||
message rather than failing without notification
|
||
|
||
commit 8132052ce01215a98cb4464e5f78d75349e77b10
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Sep 7 05:44:23 2019 +0000
|
||
|
||
run update-grub from postinst so /etc/default/grub.d changes take effect
|
||
|
||
commit 661bcd8603425934188cf139f33e20675ff4b765
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Sep 7 05:39:56 2019 +0000
|
||
|
||
allow loading unsigned modules due to issues
|
||
|
||
https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
|
||
|
||
commit 9ee9309f542472a8c8045df44573a5ec38e32a90
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 6 13:04:57 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit ea0779e42aa8416c142eb3d37f8cede42794e0f7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 6 13:00:20 2019 +0000
|
||
|
||
rm_conffile /etc/sudoers.d/umask-security-misc
|
||
|
||
commit 3a9939dccbea16408e8ba1c739748234bde68d89
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 6 11:47:40 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 51705c201bd9959a77a53201e492100b751d0508
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 6 11:47:17 2019 +0000
|
||
|
||
readme
|
||
|
||
commit 5960c1682a5177355147fce67c383ce6f861d60c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 6 11:46:22 2019 +0000
|
||
|
||
description
|
||
|
||
commit fccfacfdafd197951e5a9598b9fb47309021ec84
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 6 11:45:54 2019 +0000
|
||
|
||
description
|
||
|
||
commit cb8170fd800816c2f6123cd67819340da8f51551
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 6 11:44:56 2019 +0000
|
||
|
||
comment
|
||
|
||
commit ccdbc52b82993f0078c16ba99248eb4569539344
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 6 11:43:55 2019 +0000
|
||
|
||
comment
|
||
|
||
commit 051856bc8e587250d9b6936661d8f05d965c3e59
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 6 11:42:38 2019 +0000
|
||
|
||
remove trailing space
|
||
|
||
commit 610d3488e9d4372c442eeb33c57a4a791c48267b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 6 09:33:06 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit b15becd48d3437b8a3965b84d5cdb80012fe32e8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 6 09:32:42 2019 +0000
|
||
|
||
readme
|
||
|
||
commit 0e20e33d1629e532e77e1f3e21b546ea125f28b0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Sep 5 02:31:57 2019 -0400
|
||
|
||
description
|
||
|
||
commit 0b3dcef13d6462d9586908a91ff4d976070b26a3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Sep 5 02:30:40 2019 -0400
|
||
|
||
description
|
||
|
||
commit f2e5883b4c72118d00f77e4dfc3187e5d9bf6391
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Sep 5 02:29:48 2019 -0400
|
||
|
||
description
|
||
|
||
commit a4913ae092e26af4368e0f493b8b79d11329eb18
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Sep 5 02:28:43 2019 -0400
|
||
|
||
description
|
||
|
||
commit a2aeb401a25f3576b8ed95b62fd47edad8e61e2c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 31 13:44:37 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 3a5bdddf5c790829252ff7d5443a3d4d3b9218d8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 31 08:43:46 2019 -0400
|
||
|
||
depend on adduser
|
||
|
||
commit 8bbebf64cff87ce37a100a1da74cfd0e811ed571
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 24 16:41:27 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 07cba361ed663672de3d0263e8262c61b4d43b4e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 24 16:39:56 2019 +0000
|
||
|
||
readme
|
||
|
||
commit 0ae5c5ff14c308ff5307926fbe6d93f44e1c7615
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 24 12:14:22 2019 -0400
|
||
|
||
remove umask changes since these are causing issues are are not needed anymore
|
||
|
||
thanks to home folder permission lockdown
|
||
|
||
https://forums.whonix.org/t/change-default-umask/7416/45
|
||
|
||
commit 41c4682280b7bc8e700d9ed41b55e464c0511b69
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Aug 23 16:57:12 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit e77260fd9cab49f85d5790188485dce7f9eeee23
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Aug 23 16:53:55 2019 +0000
|
||
|
||
readme
|
||
|
||
commit 793c9b6801ffda5d75d389b8e7a2a6d140d8d382
|
||
Merge: a74b983 44d62e0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 19 12:48:23 2019 +0000
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit a74b983283e9aa1662cd6be87148184f380fa297
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 19 12:46:59 2019 +0000
|
||
|
||
remove LLC - IEEE 802.2 from blacklist
|
||
|
||
since required by KVM
|
||
|
||
https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107
|
||
|
||
https://forums.whonix.org/t/blacklist-uncommon-network-protocols/7391/22
|
||
|
||
https://github.com/Whonix/security-misc/pull/29
|
||
|
||
commit 44d62e05b5a60a3d45afd829fb67970afa7678b7
|
||
Merge: 0140df8 a8b6281
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 19 12:45:52 2019 +0000
|
||
|
||
Merge pull request #29 from onions-knight/patch-1
|
||
|
||
Update uncommon-network-protocols.conf
|
||
|
||
commit a8b62811199b6c4e5d86439cd0fc9e9c18dc027b
|
||
Author: onions-knight <38859709+onions-knight@users.noreply.github.com>
|
||
Date: Mon Aug 19 11:30:57 2019 +0000
|
||
|
||
Update uncommon-network-protocols.conf
|
||
|
||
Removing llc from blacklisted network protocols as it is needed by KVM for networking.
|
||
See https://hub.packtpub.com/kvm-networking-libvirt/ and https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107
|
||
|
||
commit 0140df866839d4f02ba5988eec8c72a71136482a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 19 08:43:28 2019 +0000
|
||
|
||
virusforget
|
||
|
||
commit 113ab4256861edc068ea09b2d8fb96355cb71867
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 19 08:31:23 2019 +0000
|
||
|
||
virusforget
|
||
|
||
commit 416906d4f9ad522a65d8847c9d03f4497bbd898f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 19 08:19:35 2019 +0000
|
||
|
||
virusforget
|
||
|
||
commit 2d867d9fee691ba088cf42badc4def562d82bd0d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 19 08:10:18 2019 +0000
|
||
|
||
virusforget
|
||
|
||
commit 8e76e6b8b3129bcda1c82322cc56e31edac43e3f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 19 07:48:12 2019 +0000
|
||
|
||
fix
|
||
|
||
commit 3f068f77febebbe425f9d6cd1ef2d620fb6ec379
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 19 07:47:20 2019 +0000
|
||
|
||
keep cache folder outside of reach of user since even user can remove files
|
||
|
||
owned by root in its home folder
|
||
|
||
commit 1fa1efa58e6f719766394bc8b94d4aa4076bdc0d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 19 07:22:09 2019 +0000
|
||
|
||
credits
|
||
|
||
commit 1e026a3ebbacb1011edbbf5b0fbcfe7b5e6338c0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Aug 18 22:50:44 2019 +0000
|
||
|
||
initial development version of VirusForget
|
||
|
||
commit e15b5603057fd9c67ac1ab34493e8b9f05fbac9b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 17 10:54:08 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit c897682794639fa7848acf5ba4b33aabbbcd0644
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 17 10:53:45 2019 +0000
|
||
|
||
readme
|
||
|
||
commit e535232728ec7ff6846a3102b73707c549ea64c0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 17 10:37:49 2019 +0000
|
||
|
||
description
|
||
|
||
commit 7ffdd7c240b55c1d5fae9279b42319a5e8be74ba
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 17 10:37:42 2019 +0000
|
||
|
||
description
|
||
|
||
commit 207399439f29b4b421a8e91fc1b965d9e82ba35c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 17 10:37:36 2019 +0000
|
||
|
||
description
|
||
|
||
commit d4fb485e7090a7424f3f80b18b010fbc9859283c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 17 10:35:31 2019 +0000
|
||
|
||
description
|
||
|
||
commit 41b2819ec88364290c5d91daa2236919ea589c1c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 17 10:33:47 2019 +0000
|
||
|
||
PAM: abort on locked password
|
||
|
||
to avoid needlessly bumping pam_tally2 counter
|
||
|
||
https://forums.whonix.org/t/restrict-root-access/7658/1
|
||
|
||
commit e0e25364e2d14459b918eea2cb63cbe10b8371f3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 17 09:57:48 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit cfd18d4486c763a79bc174bded7d8cf0b3dd567f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 17 09:56:29 2019 +0000
|
||
|
||
readme
|
||
|
||
commit ed90d8b025c1f852856fea0e620c240f35e78a53
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 17 09:55:20 2019 +0000
|
||
|
||
change default umask to 027
|
||
|
||
as per:
|
||
|
||
https://forums.whonix.org/t/change-default-umask/7416/47
|
||
|
||
commit b9127faac300024f7d8851d41037bebd5d3fe05c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Aug 16 16:05:51 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit e004a5e0cf22c5add683ed8c1ff6f88bdc4053ba
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Aug 16 16:05:25 2019 +0000
|
||
|
||
readme
|
||
|
||
commit f9e3825e9166b9814beb5e0a8e30caa540e66a27
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Aug 16 16:05:09 2019 +0000
|
||
|
||
fix lintian warning
|
||
|
||
commit ec99720811c53bf0ad3a1f36e0d34371ebc6d283
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Aug 16 15:59:14 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 6a68c3bd9cd47a8542460a95d90bcf7e34d9f768
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Aug 16 15:57:30 2019 +0000
|
||
|
||
readme
|
||
|
||
commit 224f95799c36f56c2165fe9284abaceaa84f1d3b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Aug 16 11:15:25 2019 -0400
|
||
|
||
sudo default umask 006
|
||
|
||
https://forums.whonix.org/t/change-default-umask/7416/43
|
||
|
||
commit 17cfcb63b6358f51a65df9623bc23ddf869b06cc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Aug 16 10:50:56 2019 -0400
|
||
|
||
code simplification; report locked account earlier
|
||
|
||
commit 5754671c460c67bd7d8e064841383ea7b7f90824
|
||
Merge: 34672b8 9781598
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Aug 16 10:36:43 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 97815986321b6daf9c1f0c6f33a4b282ca05438c
|
||
Merge: 34672b8 85502ad
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Aug 16 14:36:00 2019 +0000
|
||
|
||
Merge pull request #27 from madaidan/patch-21
|
||
|
||
Blacklist bluetooth
|
||
|
||
commit 85502ad430f560070806c8b95b7fed3fe7028587
|
||
Merge: 4a6f87f 34672b8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Aug 16 14:35:51 2019 +0000
|
||
|
||
Merge branch 'master' into patch-21
|
||
|
||
commit 34672b88a86285e1d3eaf35f0a2b3c2e974ffd26
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Aug 15 15:18:02 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit a11e3cea9eb160ba84dbc273ea4cb48bc687158f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Aug 15 15:08:48 2019 +0000
|
||
|
||
readme
|
||
|
||
commit ff9bc1d7ea81a8507f44d9bb1301b9665614ebdd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Aug 15 13:37:28 2019 +0000
|
||
|
||
informational output during PAM:
|
||
|
||
* Show failed and remaining password attempts.
|
||
* Document unlock procedure if Linux user account got locked.
|
||
* Point out, that there is no password feedback for `su`.
|
||
* Explain locked (root) account if locked.
|
||
* /usr/share/pam-configs/tally2-security-misc
|
||
* /usr/lib/security-misc/pam_tally2-info
|
||
|
||
commit 454e1358220abf75def0d88a22426086a55c0802
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Aug 15 07:33:41 2019 +0000
|
||
|
||
pam_tally2.so even_deny_root
|
||
|
||
commit 63b476221c7b9ece6b99f9e194fab80e300275d9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Aug 15 07:30:56 2019 +0000
|
||
|
||
use requisite rather than required to avoid asking for password needlessly
|
||
|
||
if login will fail anyhow
|
||
|
||
commit ce4a30d3cecb7e9bddb96c79aab871804cb90bd4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 11:52:26 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit a7c25a451c78f7b9a5720e1b6fc7d168eb0afa4f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 11:50:53 2019 +0000
|
||
|
||
remove unneeded dependency on libpam-cgfs
|
||
|
||
commit 633854c6bec439af9718439c8207012322800166
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 11:13:25 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 0feb54b28e90b5c4cfcd529914a3892362c34966
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 11:10:18 2019 +0000
|
||
|
||
add Depends: apparmor-profile-anondist to fix apparmor issue
|
||
|
||
sudo[19806]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied
|
||
sudo[18961]: pam_exec(sudo:session): /usr/lib/security-misc/permission-lockdown failed: exit code 13
|
||
kernel: audit: type=1400 audit(1565780860.972:224): apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=19806 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
|
||
|
||
commit 8fdc77fed553d7ba6123d738b9cb3efe98f3f08f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 10:33:23 2019 +0000
|
||
|
||
output to stdout
|
||
|
||
commit 5213cfbcdcb41a5aa714d1031b36436adeb0359c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 10:08:18 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 2875adb7221769dcd23ef701dae8b9ad24708590
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 10:07:55 2019 +0000
|
||
|
||
readme
|
||
|
||
commit 01b3a0bfaeda0dad87644ad8d54c61e07dd501f7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 09:52:53 2019 +0000
|
||
|
||
description
|
||
|
||
commit 547ba91d799780487782cdd8088c556d978494e8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 09:45:30 2019 +0000
|
||
|
||
sanity test
|
||
|
||
commit dee195d89e94ff343cec60308cbbb5464d2a7b18
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 09:40:41 2019 +0000
|
||
|
||
description
|
||
|
||
commit 799acad724977dea220c2228f9da0db3d6b5170e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 09:39:43 2019 +0000
|
||
|
||
skip, if not a folder
|
||
|
||
commit 6321ff5ad5938a929d4a997b4f1b03db2ac4b5fd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 09:38:44 2019 +0000
|
||
|
||
refactoring
|
||
|
||
commit 15094cab4fbbb1fd0c20bd8241ea20bd6c0bd331
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 09:36:30 2019 +0000
|
||
|
||
avoid ' character in usr/share/pam-configs; in description
|
||
|
||
commit 97d1945e61053efd3b73fb9f761b3ea1c9271cdc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 09:32:58 2019 +0000
|
||
|
||
no log needed, informative output to stdout instead
|
||
|
||
commit a085d46c567b0b5dbbaddd8f3e5873d87d904c4a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 09:31:58 2019 +0000
|
||
|
||
change priories so "pam_umask.so usergroups umask=006" runs before pam_exec.so /usr/lib/security-misc/permission-lockdown
|
||
|
||
commit f8c828b69a8f52108d19af4076e718930b5dcd07
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 05:19:02 2019 -0400
|
||
|
||
output
|
||
|
||
commit e5da6d9699de1d3c4aaefee7d301a4c47f33e4bd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 05:17:54 2019 -0400
|
||
|
||
copyright
|
||
|
||
commit 1595789d7c310c80196345e06b6bacc8fb7c0baf
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 05:17:16 2019 -0400
|
||
|
||
comment
|
||
|
||
commit ce06fdf91103afbaf84523ce998570af733b5bbe
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 05:15:53 2019 -0400
|
||
|
||
formatting
|
||
|
||
commit 21489111d107023f150988137180154ba62e1ff2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 08:34:03 2019 +0000
|
||
|
||
run permission lockdown during pam
|
||
|
||
https://forums.whonix.org/t/change-default-umask/7416
|
||
|
||
commit 42f2d5f6664f15baebdaf200a5690cf32cdbe284
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 07:39:28 2019 +0000
|
||
|
||
description
|
||
|
||
commit 52df8dc0149d597c3106daa7112a01db444e34f1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 07:37:21 2019 +0000
|
||
|
||
optional pam_umask.so usergroups umask=006
|
||
|
||
commit f210294f4091b6a09c902a446b125c26022c5d2a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 07:24:24 2019 +0000
|
||
|
||
description
|
||
|
||
commit dbea7d1511d8e1b2604960d37146ec931d9dfe15
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 07:22:14 2019 +0000
|
||
|
||
add hook etc/kernel/postinst.d/30_remove-system-map to remove system.map
|
||
|
||
on kernel package upgrade;
|
||
|
||
self-document this package: during upgrade the following will be written
|
||
to stdout:
|
||
|
||
Setting up linux-image-4.19.0-5-amd64 (4.19.37-5+deb10u2) ...
|
||
/etc/kernel/postinst.d/30_remove-system-map:
|
||
removed '/boot/System.map-4.19.0-5-amd64
|
||
|
||
commit f1d8cbc9fb2b800205923cce77a8e242dddd133c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 07:02:09 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 41f4441d9dc5777d4ea7424f8422164c548da091
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 07:01:47 2019 +0000
|
||
|
||
readme
|
||
|
||
commit a82448d46af4fb9dce2de84025b8b820a11fae01
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 07:01:25 2019 +0000
|
||
|
||
description
|
||
|
||
commit ff8c0979435b491cf462c5ef6e8e02f6d85f1d81
|
||
Merge: 6f8acf0 a8ea379
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 06:59:50 2019 +0000
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit a8ea37952669b3f40a452cb580442126ec44233a
|
||
Merge: 6f8acf0 9a49b8e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Aug 14 06:59:34 2019 +0000
|
||
|
||
Merge pull request #28 from madaidan/patch-22
|
||
|
||
Require all loaded kernel modules to be signed with a valid key.
|
||
|
||
commit 9a49b8ecbb863a995862a4d380c6a03f6c0991ac
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Aug 13 13:33:07 2019 +0000
|
||
|
||
Create 40_only_allow_signed_modules.cfg
|
||
|
||
Require all loaded kernel modules to be signed with a valid key.
|
||
|
||
commit 6f8acf06d79c77e3bee15cc8696a433271e2b7c9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Aug 11 12:07:07 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 52cee9128316d649ba7ffa9600d0fdc33c99a9a9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Aug 11 11:39:32 2019 +0000
|
||
|
||
readme
|
||
|
||
commit aacd9c7679b05b7ee59df484f21a24fe7aa5901d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Aug 11 10:34:38 2019 +0000
|
||
|
||
description
|
||
|
||
commit c0b5c70de498d891e4edd5b9af2292909be36776
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Aug 11 10:33:22 2019 +0000
|
||
|
||
description
|
||
|
||
commit 2f37a66fd009c9cba423c0f95833a71c8669af46
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Aug 11 10:31:29 2019 +0000
|
||
|
||
description
|
||
|
||
commit e83ec79a25d09b2467e2389959d87267bab7f1f0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Aug 11 10:30:51 2019 +0000
|
||
|
||
enable usr/share/pam-configs/mkhomedir-security-misc by default
|
||
|
||
commit 1eb806a03ef25bb387fa80f45dd6509925437048
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Aug 11 10:29:49 2019 +0000
|
||
|
||
pam_mkhomedir.so umask=006
|
||
|
||
commit c50eb3c9b07b9e54951eb08206db6d28383f6cdc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Aug 11 10:28:55 2019 +0000
|
||
|
||
add usr/share/pam-configs/mkhomedir-security-misc based on
|
||
/usr/share/pam-configs/mkhomedir
|
||
|
||
commit 75769151cd7980042357f18c5567adab2a031049
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 10 11:37:02 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit a2fa18c38159161418edcdaacb1baad215f5d31d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 10 07:07:28 2019 -0400
|
||
|
||
pam_tally2.so deny=100
|
||
|
||
during testing, due to issues
|
||
|
||
https://github.com/Whonix/security-misc/commit/d17e25272b9b7bbb6abc4dccd500a6b34311a7dd
|
||
|
||
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/12
|
||
|
||
commit d17e25272b9b7bbb6abc4dccd500a6b34311a7dd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 10 06:06:39 2019 -0400
|
||
|
||
effectively (not directly) add "required pam_tally2.so debug" to /etc/pam.d/common-account
|
||
|
||
This is required because otherwise something like "sudo bash" would count as a
|
||
failed login for pam_tally2 even though it was successful.
|
||
|
||
https://bugzilla.redhat.com/show_bug.cgi?id=707660
|
||
|
||
https://forums.whonix.org/t/restrict-root-access/7658
|
||
|
||
commit 0f896a9d8d6f7c125311a0e226755f8a00214f3c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Aug 10 06:05:37 2019 -0400
|
||
|
||
add onerr=fail audit to pam_tally2
|
||
|
||
commit a703865dcf736996a58e6f684fc02f0e9dfa8cc7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Aug 1 12:02:41 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 1fe3036a4903588b89edd82e7097a665271fd27f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Aug 1 11:13:43 2019 +0000
|
||
|
||
readme
|
||
|
||
commit e076470f68dc18908c5ab1889232aaaa0fcb9f3d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Aug 1 11:04:58 2019 +0000
|
||
|
||
renamed: usr/share/pam-configs/usergroups -> usr/share/pam-configs/usergroups-security-misc
|
||
|
||
commit 830111e99aa6f45688c4ba00a7f41ea323f15f2a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Aug 1 11:04:22 2019 +0000
|
||
|
||
split usr/share/pam-configs/security-misc
|
||
into
|
||
usr/share/pam-configs/tally2-security-misc
|
||
usr/share/pam-configs/wheel-security-misc
|
||
|
||
commit 5d0aec1321b4f46f1834ba9ad166d2445a995fbb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 19:12:27 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 89d32402b2dd2182dc6e7788d41708eaaeeb02c1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 14:52:29 2019 -0400
|
||
|
||
fix, do not use "," inside /usr/share/pam-configs files
|
||
|
||
commit 4a6f87f3fa104f0e0a62809fe08f7d07d15dd9f7
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Jul 31 18:33:28 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit 5a4ea39566621431e931d5bc09957e04f18bbeee
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Jul 31 18:30:57 2019 +0000
|
||
|
||
Create blacklist-bluetooth.conf
|
||
|
||
commit 864de10659d0145ae8883b98b1746a7debc9492a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 15:17:51 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 47368ae4fccc85ab3197f07316b03c123187f9a2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 15:15:30 2019 +0000
|
||
|
||
readme
|
||
|
||
commit c09fb208d163be4ff7ace9f41cfee03147018cd8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 07:44:50 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit ac1220e14bd9428420cf01ef68e5acb690b6afa4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 07:32:59 2019 +0000
|
||
|
||
depend on sudo so group sudo exists during postinst
|
||
|
||
commit 09f75fb1ff03d7a95951a0f6bcb9d84f1744b583
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 07:32:36 2019 +0000
|
||
|
||
description
|
||
|
||
commit 2ad087dcd9e4fd3e747a47577b9d4ba1088d6a33
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 07:30:40 2019 +0000
|
||
|
||
description
|
||
|
||
commit 404f597c0aaddeef3c8c555d2d7f5a9993f9e512
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 07:29:42 2019 +0000
|
||
|
||
description
|
||
|
||
commit c921872016672073927fce34ed764263c8d6db5b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 07:27:13 2019 +0000
|
||
|
||
description
|
||
|
||
commit 39e1b1c5f0622c062f12c532400ca170d3eb789f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 07:26:25 2019 +0000
|
||
|
||
update file path
|
||
|
||
commit cf906687561acee7f61fdf100b801d670a74a94f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 03:25:02 2019 -0400
|
||
|
||
lock user accounts after 5 failed authentication attempts using pam_tally2
|
||
|
||
commit 3e29761560085f9e3d84250e29a2ea5e34766432
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 03:17:06 2019 -0400
|
||
|
||
debug at the end
|
||
|
||
commit 5cdb3edb321046bf9dc09e91665e63faf16e9786
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 31 03:16:41 2019 -0400
|
||
|
||
usr/share/pam-configs/wheel -> usr/share/pam-configs/security-misc
|
||
|
||
commit 031a1c8751504b00f131fd8d518f59b975353369
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 22 01:16:18 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit f38f307b37d2efb036c5b4e85f48921b0acfadeb
|
||
Merge: 8c538ba b2582fb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 21 09:12:33 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit b2582fbd4c2364c7bca95b4038eec2ef2a2fae41
|
||
Merge: 8c538ba 077899c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 21 12:40:37 2019 +0000
|
||
|
||
Merge pull request #26 from fepitre/fix-files
|
||
|
||
Fix files
|
||
|
||
commit 077899c23d518416cd9ee801a3607585d3a51aab
|
||
Author: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
|
||
Date: Sun Jul 21 11:23:06 2019 +0200
|
||
|
||
Add .gitignore
|
||
|
||
commit 5fbe7537613a2034d80983e095cdd8d2971b1bcc
|
||
Author: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
|
||
Date: Sun Jul 21 11:19:35 2019 +0200
|
||
|
||
spec: update %files section
|
||
|
||
QubesOS/qubes-issues#1885
|
||
|
||
commit 8c538ba318e5524d07034f2f718e4b5ae483176d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 21:38:26 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 1c7441ddf194fd54f40f1b0d16c408fd29d49b9e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 21:16:14 2019 +0000
|
||
|
||
alias /etc/securetty -> /etc/securetty.security-misc,
|
||
|
||
commit 940054d53ff9b7027f414268370245627675a60a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 21:08:23 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 08d37471d486f13aebeb2c355280f3b207eb044b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 21:06:17 2019 +0000
|
||
|
||
readme
|
||
|
||
commit c0a4a10d6b89000735227f51464cc1ce76f8419b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 21:05:11 2019 +0000
|
||
|
||
description
|
||
|
||
commit 7352b2ac31d7fde7e15da044c7f7279d7eddc8ae
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 21:03:54 2019 +0000
|
||
|
||
description
|
||
|
||
commit b153e8f7df1f2a8e815b910aa6962ae3abe80755
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 21:02:48 2019 +0000
|
||
|
||
fix path
|
||
|
||
commit 4bf2360b9579b12775487e4215af5afa1c180f04
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 21:02:27 2019 +0000
|
||
|
||
description
|
||
|
||
commit 9f2e300e72263380a0a99e59efe636652f4a8ce1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 20:48:33 2019 +0000
|
||
|
||
description
|
||
|
||
commit d044780c04e0bcfc9d91a0cf6fc26d9f778bb50d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 20:42:14 2019 +0000
|
||
|
||
description
|
||
|
||
commit 75e5714d183b8ad08bc7a96643b2a38727620530
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 20:40:01 2019 +0000
|
||
|
||
description
|
||
|
||
commit 8c2f983578a0af63258bfe7e2b95f230e43df860
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 20:39:42 2019 +0000
|
||
|
||
description
|
||
|
||
commit 2299ed041f101f1fa9711d83a31ad6e8d07d3023
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 20:36:51 2019 +0000
|
||
|
||
passwordless recovery / emergency console
|
||
|
||
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211
|
||
https://salsa.debian.org/ah/user-setup/commit/bc5ca2de85ec27845d0b46059cb7cc02bae7b44d
|
||
|
||
https://forums.whonix.org/t/restrict-root-access/7658/46
|
||
|
||
commit 50036b2934410b57936a4909d022d436cd27cdfc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 19:13:57 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 3f9437f1ecfd292f06ce021f12cb5430da280f84
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 17 14:25:19 2019 -0400
|
||
|
||
Revert "set back to default group "root" rather than group "sudo" membership required to use su"
|
||
|
||
This reverts commit 2f276cdb10aedf0d30c01d25e50b17cac7d1c62c.
|
||
|
||
commit 1b772c6a9aac9e6c203c0c89b49e589a2b6e83d3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jul 16 19:45:52 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 2499ae0890bb524d3756e6135d5d6986e74210ed
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jul 16 07:28:50 2019 -0400
|
||
|
||
description
|
||
|
||
commit d0124b24d19e0c34c23931bd252ccffe2f786b3d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jul 16 07:27:56 2019 -0400
|
||
|
||
description
|
||
|
||
commit 4b604bbb240d5fb32428ef0aafde3d6646752d31
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 15 13:26:47 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit f21fa8d95d19665e1cb1320062007472284bd9b8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 15 13:03:30 2019 +0000
|
||
|
||
readme
|
||
|
||
commit 5c741d2149f12554e63d0fcb0d129cbbdad66569
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 15 13:02:30 2019 +0000
|
||
|
||
shuffle
|
||
|
||
commit d247b7534b9e3a161fdba296c32dd85b7e91a665
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 15 13:01:46 2019 +0000
|
||
|
||
sort description by categories
|
||
|
||
commit 168ea5a660561fdaa438fdf88f6cecf1f2677324
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 15 08:48:17 2019 -0400
|
||
|
||
shuffle
|
||
|
||
commit 2f276cdb10aedf0d30c01d25e50b17cac7d1c62c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 15 08:44:28 2019 -0400
|
||
|
||
set back to default group "root" rather than group "sudo" membership required to use su
|
||
|
||
since root login will be locked by default anyhow
|
||
|
||
Thanks to @madaidan for providing the rationale!
|
||
|
||
https://forums.whonix.org/t/restrict-root-access/7658/42
|
||
|
||
commit 6d1e8ac9a4657bb3d49a9674ce3a1500350d4bba
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 14 11:16:49 2019 +0000
|
||
|
||
description
|
||
|
||
commit ffb61f43ea8011d71cf9c5bba1e277a2f825eea7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 14 11:11:59 2019 +0000
|
||
|
||
fix, add 'group=sudo' and 'debug' for debugging
|
||
|
||
https://forums.whonix.org/t/restrict-root-access/7658
|
||
|
||
commit 1731196c9fda93233917bcf6dba48834be03a448
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 18:51:32 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 6af2d7facb391724d48dece28c1a34f4aaaf3929
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 18:12:25 2019 +0000
|
||
|
||
copyright
|
||
|
||
commit 75f0ca565d10fd1c02800387d52b1db8a039ecc8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 18:12:04 2019 +0000
|
||
|
||
set -e
|
||
|
||
commit c389e13e1a6143fb69dbd57e4c2e5a80aa8cbf84
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 17:59:49 2019 +0000
|
||
|
||
use pre.bsh
|
||
|
||
commit 7afddb028f423254adcd6026aaf12627cebbee17
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 16:30:39 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit c13485f532203dbb3675d367be3bc16811719442
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 16:29:10 2019 +0000
|
||
|
||
readme
|
||
|
||
commit ea90f95f1c7b8200db222e42a5f72221212a71e1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 16:26:40 2019 +0000
|
||
|
||
cleanup
|
||
|
||
commit ea8b22ee78439a3cd5f7305f9588940320740ab9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 16:26:14 2019 +0000
|
||
|
||
shuffle
|
||
|
||
commit ca7e0e0161d6eaa2a166d7a7a26e5577f5a4dd6a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 16:25:08 2019 +0000
|
||
|
||
description
|
||
|
||
commit ffb5a9c48201dc38a886cbd26753ff56b1ed832a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 16:23:39 2019 +0000
|
||
|
||
formatting
|
||
|
||
commit 41675ddcff4d561282db9b43d2d9f993a39600c8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 16:21:34 2019 +0000
|
||
|
||
removed: The amount of hashing rounds used by shadow is bumped to 65536.
|
||
This increases the security of hashed passwords.
|
||
|
||
Since we do not do that currently.
|
||
|
||
https://forums.whonix.org/t/restrict-root-access/7658/37
|
||
|
||
commit 3f031a297dc2d54346e9c9b3d566c3fa3a469240
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 16:20:14 2019 +0000
|
||
|
||
Removes read, write and execute access for others for all users who have home
|
||
folders under folder /home by running for example "chmod o-rwx /home/user"
|
||
during package installation or upgrade. This will be done only once per folder
|
||
in folder /home so users who wish to relax file permissions are free to do so.
|
||
This is to protect previously created files in user home folder which were
|
||
previously created with lax file permissions prior installation of this
|
||
package.
|
||
|
||
commit 4740e8b3357914aee16079b980b8861376cd222c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 16:13:55 2019 +0000
|
||
|
||
cleanup
|
||
|
||
commit 834fcc4671a50f10426a62cb5986d79f991903b8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 15:17:16 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit e9eb38b5dbbddffb12103c14edc3745e239365a5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 15:04:09 2019 +0000
|
||
|
||
formatting
|
||
|
||
commit e2b626870221971b1f6202dbb8eb0f9b0b0654ec
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 14:58:47 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 1d8a0dbec7ca5418b1c4fa70ae14a063c94bd119
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 14:57:51 2019 +0000
|
||
|
||
remove no longer shipped files in etc/pam.d/*
|
||
|
||
commit 8e5d45352eaacd9ee4ae1357efb7d4f393dedf9b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 14:55:31 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit cb668459e81d74baf28ac43173bb50c7210e37a4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 10:35:10 2019 -0400
|
||
|
||
port umask from /etc/pam.d to /usr/share/pam-configs implementation
|
||
|
||
https://forums.whonix.org/t/change-default-umask/7416
|
||
|
||
commit ac25733de871b0da5ef42e2e0283a44d94ac3112
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 14:01:53 2019 +0000
|
||
|
||
remove etc/pam.d/common-password.security-misc rounds=65536
|
||
|
||
due to unclean implementation, see:
|
||
|
||
https://forums.whonix.org/t/restrict-root-access/7658/37
|
||
|
||
commit 69b97981f3b5e4efc75954d6957659f1bb8e7d18
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 12:33:51 2019 +0000
|
||
|
||
convert etc/pam.d/su.security-misc to usr/share/pam-configs/wheel
|
||
|
||
https://forums.whonix.org/t/restrict-root-access/7658/32
|
||
|
||
commit 4079632d1aed4f3e50ea21de674a9b6d537d3e05
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 13 11:41:37 2019 +0000
|
||
|
||
remove modifying to /etc/pam.d directly (unrelased)
|
||
config-package-dev displace /etc/securetty
|
||
remove trailing spaces
|
||
|
||
https://forums.whonix.org/t/restrict-root-access/7658/31
|
||
|
||
commit cdb7c6f7eb8e61bd203c9a4cb755da0b97cc9a3d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jul 11 18:28:04 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit aee6b346359db4973fdc80d565f7a6972bb884a0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jul 11 18:26:17 2019 +0000
|
||
|
||
fix lintian warning
|
||
|
||
commit a40a04aaec0c30ceb47266a3f9b2b714e9b89888
|
||
Merge: f5356ce 93190eb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jul 11 14:08:30 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 93190ebf1019f76b73cf0f1e4491f15fd36bcae1
|
||
Merge: f5356ce 1aee08f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jul 11 18:08:01 2019 +0000
|
||
|
||
Merge pull request #25 from madaidan/patch-20
|
||
|
||
Improve documentation of blacklisting uncommon network protocols
|
||
|
||
commit 1aee08fa5e46cbd9439c36df9bcbb7a513270e1b
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Jul 11 15:30:09 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit b63d4ccb41d6c4942faa8ec5e2b8de8cffacd03e
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Jul 11 15:28:56 2019 +0000
|
||
|
||
Update uncommon-network-protocols.conf
|
||
|
||
commit 853c2eb37786b1f625d5b54a54cf16fc09e1b367
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Jul 11 15:26:14 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit f5356cee2c6c09aa08ca1a8675501657c1d1b37c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jul 11 07:16:38 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit bea98474ba8a189b4c174ce6613547b8f377de68
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jul 11 07:07:21 2019 +0000
|
||
|
||
chmod +x usr/lib/security-misc/panic-on-oops
|
||
|
||
commit 0057c0dd8c4d4b85f07949c1c1e61608769e82f1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jul 11 07:07:01 2019 +0000
|
||
|
||
fix lintian warning
|
||
|
||
commit 2a893c0562438aaf0c34a25538a8e21bb11ba197
|
||
Merge: 3df6a44 a54500c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jul 11 06:50:35 2019 +0000
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit a54500c6f18719520ae66c335870d3e8f03e9e14
|
||
Merge: 7d3a615 1e4d349
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jul 11 06:41:37 2019 +0000
|
||
|
||
Merge pull request #23 from madaidan/patch-18
|
||
|
||
Blacklist more uncommon network protocols
|
||
|
||
commit 7d3a61564dc01b899466defe957a7bc65d38dc89
|
||
Merge: 3df6a44 932524c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jul 11 06:41:08 2019 +0000
|
||
|
||
Merge pull request #24 from madaidan/patch-19
|
||
|
||
Move disable-coredumps.conf to correct position
|
||
|
||
commit 932524cbd1b15df06bd4e395dc391dd489ba100f
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Jul 10 15:28:48 2019 +0000
|
||
|
||
Move disable-coredumps.conf to correct position
|
||
|
||
commit 1e4d3495167c0305ec1fce8568658a06750df674
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Jul 10 14:28:39 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit 4058e283a542900e7c8bcc060012d7c33964e36a
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Jul 10 14:27:19 2019 +0000
|
||
|
||
Blacklist more uncommon network protocols
|
||
|
||
commit d70440aaeda5f1a1ab0459d02f5f5e56c808bbde
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Jul 9 21:57:37 2019 +0000
|
||
|
||
Remove duplicate
|
||
|
||
commit a8b44c75f9ca6df1460ce0feca647f2f370f8833
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Jul 9 21:57:07 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit 2d27bdd808374a71cd9d7187326be99420411583
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Jul 9 21:55:37 2019 +0000
|
||
|
||
Blacklist more uncommon network protocols
|
||
|
||
commit 3df6a44e98e93ecea6c6b6fa00c7fb05cbcfc0a5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jul 9 06:56:23 2019 -0400
|
||
|
||
also allow members of group sudo to run /usr/lib/security-misc/panic-on-oops
|
||
|
||
commit 5fb500ac32a8935ef989770b2b9d17df4fa1698c
|
||
Merge: 8793708 e4bb770
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jul 9 06:55:27 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit e4bb77037e9327eea7b8fd92961192613d6e0763
|
||
Merge: a9441e7 0f15303
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jul 9 10:54:48 2019 +0000
|
||
|
||
Merge pull request #21 from madaidan/patch-16
|
||
|
||
Make the kernel panic on oopses
|
||
|
||
commit 0f15303eb4dd5701cae5b3985be47918e2e4700a
|
||
Merge: 45f8102 a9441e7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jul 9 10:54:24 2019 +0000
|
||
|
||
Merge branch 'master' into patch-16
|
||
|
||
commit 8793708906d037746a2e946177d8a4d1884b391a
|
||
Merge: 50c00fc a9441e7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jul 9 03:23:26 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit a9441e7be4794e88f782f1ff5dd95f00e3928279
|
||
Merge: 50c00fc 24b326d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Jul 9 07:21:47 2019 +0000
|
||
|
||
Merge pull request #22 from madaidan/patch-17
|
||
|
||
Restrict access to the root account
|
||
|
||
commit 24b326d906375bb543b936936519231f51154dcd
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Jul 8 23:24:41 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit 24d9eadcb267b34ce31981d841e58d4e2c769793
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Jul 8 23:19:59 2019 +0000
|
||
|
||
Use 65536 hashing rounds
|
||
|
||
commit 86117d957763a4dd07fb9a84c07a2934a02d32f8
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Jul 8 23:19:19 2019 +0000
|
||
|
||
Create common-password.security-misc
|
||
|
||
commit 8ad9a54b094a4a15ef726f513e38c953cc247b80
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Jul 8 23:17:17 2019 +0000
|
||
|
||
Don't allow root login from a terminal
|
||
|
||
commit 890298a3c882000a8351186521e9c1852dec298a
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Jul 8 23:15:56 2019 +0000
|
||
|
||
Restrict su to users in the root group
|
||
|
||
commit 38099a2a5d830a522fd51b9d9953ae47a14c5289
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Jul 8 23:11:17 2019 +0000
|
||
|
||
Create su.security-misc
|
||
|
||
commit 45f8102d565512938e5c533ffcd4cc06ea68b580
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Jul 8 23:04:47 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit 2a1742705563c264b3ea634345373cce2986d283
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Jul 8 23:01:30 2019 +0000
|
||
|
||
Create security-misc
|
||
|
||
commit 4ac700ded0cca668f585ea466e167f055783e28d
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Jul 8 22:59:39 2019 +0000
|
||
|
||
Create 50panic_on_oops
|
||
|
||
commit 52c61011d4000b49edb0783fcca05952b0da7ee2
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon Jul 8 22:58:56 2019 +0000
|
||
|
||
Create panic-on-oops
|
||
|
||
commit 50c00fcfa13b436e0bba4e1065f0bf94605c1654
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 8 00:23:52 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 223b6918339dc53b8ff8499d3d52210ee07e24a8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 7 23:39:58 2019 +0000
|
||
|
||
add 'Depends: libpam-cgfs'
|
||
|
||
https://forums.whonix.org/t/change-default-umask/7416/30?u=patrick
|
||
|
||
commit d31a16f264ea23a2fc890ffd6664deac3f4c4bdf
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 7 23:00:27 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 673aab6bc2b41d1a0d1829ce200d7b5c3d9e7067
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 7 22:18:47 2019 +0000
|
||
|
||
shut up pam-auth-update
|
||
|
||
commit 67ff83262bd74d467cd92e8a15d13e0c4ca38b5b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 7 21:31:56 2019 +0000
|
||
|
||
move to pam-auth-update --force
|
||
|
||
--package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.
|
||
|
||
commit 8399a1136788dfbbfd5dfb5c11356776e90326cc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 7 21:11:08 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit d4c79cce69d454202304a7d8369fa7b0f1c50946
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 7 21:09:26 2019 +0000
|
||
|
||
add "Depends: libpam-runtime" so pam-auth-update is available
|
||
|
||
for Debian maintainer script
|
||
|
||
commit f68b96241c6afc7dffa8831f35d38bf1bf49508a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 7 21:08:28 2019 +0000
|
||
|
||
comment
|
||
|
||
commit 91fb21aafbab4811ac2055decae0fc58f624c259
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 7 16:51:40 2019 -0400
|
||
|
||
Due to error:
|
||
Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
|
||
Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so
|
||
|
||
run:
|
||
pam-auth-update --package
|
||
from Debian maintainer scripts
|
||
|
||
commit e543c4bf82568dbe00cbeaa850c9f09dd9166e32
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 7 16:37:46 2019 -0400
|
||
|
||
apparmor fixes (this broke whonixcheck apparmor profile)
|
||
|
||
commit 8f4a5f33b9aaaec95d834bb2d6b65c8bcd995e03
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 7 09:39:12 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 3558a9949fe9924d027b267152125b33e25085c8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jul 7 09:37:25 2019 +0000
|
||
|
||
Enable APT seccomp sandboxing.
|
||
|
||
Thanks to @torjunkie for the suggestion!
|
||
|
||
https://forums.whonix.org/t/apt-seccomp-bpf-sandboxing/7702
|
||
|
||
commit 93e81b433036ef2f226d0a2b1422034aba54ea3a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 6 13:56:28 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 3cd1a5ec094cff0151c888418b7b14d5413eb353
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 6 13:56:00 2019 +0000
|
||
|
||
fix lintian warning
|
||
|
||
commit b73cdfd7cc3918633459315f5d9867f6a8798208
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 6 13:53:10 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 7b0b9da32c660e527741a56543c78ee3ac93d541
|
||
Merge: 6df7b3c 649878f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 6 07:06:54 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 649878fdcb81ac621af9bc1481a3b6b41d3e22a0
|
||
Merge: 6df7b3c 8888147
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jul 6 11:06:25 2019 +0000
|
||
|
||
Merge pull request #20 from madaidan/patch-15
|
||
|
||
Blacklist HDLC and use "install" for blacklisting firewire/thunderbolt
|
||
|
||
commit 8888147e1e1102fa852dce14c3ca1cb91cd1ff3b
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Jul 4 14:26:31 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit 46409be8b664db730113b4495ef69bee0f41c53a
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Jul 4 14:25:28 2019 +0000
|
||
|
||
Use install instead of blacklist
|
||
|
||
commit eb7eaffba1f437763773b5c7f2b44ef51684ddcd
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Jul 4 14:24:44 2019 +0000
|
||
|
||
Blacklist n-hdlc
|
||
|
||
commit 6df7b3c295352d0d05070b3c0faf2a14e71b1264
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 15:23:49 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit f82731698c20028531de673903faca10aa136416
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 14:53:01 2019 +0000
|
||
|
||
re-enable PrivateNetwork=true
|
||
|
||
commit 81b38529d92e9bea79db8694200d70b08d3b42a6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 13:58:20 2019 +0000
|
||
|
||
add copyright for files in etc/pam.d/*
|
||
|
||
commit 552b6edbedfbb346c1738ea3edbad16368780c7b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 13:51:00 2019 +0000
|
||
|
||
fix machine readable copyright format
|
||
|
||
commit a05264934b1160f44966e3e0b32e54841b15dd06
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 13:46:01 2019 +0000
|
||
|
||
add copyright for etc/login.defs.security-misc
|
||
|
||
commit 48e511347c7d85478b8593e55f061a53aefbafaa
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 13:37:55 2019 +0000
|
||
|
||
fix lintian warning
|
||
|
||
commit 93c08210545dd77b608515351154bcc16c8464b4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 13:35:45 2019 +0000
|
||
|
||
config-package-dev displace files for change umask
|
||
|
||
https://forums.whonix.org/t/change-default-umask/7416
|
||
|
||
commit a73f0566e978afb6d5b9693bf432a2496bedd61f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 13:25:23 2019 +0000
|
||
|
||
change default umask to 006
|
||
|
||
session optional pam_umask.so usergroups
|
||
|
||
https://forums.whonix.org/t/change-default-umask/7416/17
|
||
|
||
commit 41b61e32776c15a8dcde4479841b71c7e9ca28d4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 13:24:29 2019 +0000
|
||
|
||
revert to Debian buster original
|
||
|
||
commit 88a78b1c87e8419bbb70daa77f7ddfb2332668ae
|
||
Merge: 24cc8e3 8c60e7c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 09:21:05 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 8c60e7c67f692aa9e70316bdde29cdc41eff2a75
|
||
Merge: 24cc8e3 cfaafe4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 13:20:21 2019 +0000
|
||
|
||
Merge pull request #18 from madaidan/patch-14
|
||
|
||
Change the default umask to 006
|
||
|
||
commit 24cc8e380df8706cd8e9765d89bd44ac78c58936
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 03:43:02 2019 -0400
|
||
|
||
comment out proc-hidepid.service hardening for now
|
||
|
||
since broken in Qubes Debian AppVMs
|
||
|
||
https://forums.whonix.org/t/kernel-hardening/7296/104
|
||
|
||
commit 0bffc7a9303d0b32427da04694bbefcf6a3104c8
|
||
Merge: 3c176ce 344d009
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 03:08:26 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 3c176ce1580a3e5232bc1837b51aa3ec288b809d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 03:07:14 2019 -0400
|
||
|
||
allow permissions openat mkdir
|
||
|
||
since required in Qubes Debian templates
|
||
|
||
commit 344d00903250d699fc64d7fa9fad80475ade92e5
|
||
Merge: f26ad14 b8f2aee
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jul 1 06:39:28 2019 +0000
|
||
|
||
Merge pull request #19 from madaidan/patch-15
|
||
|
||
Add licensing to proc-hidepid.service
|
||
|
||
commit b8f2aee905b78034a115e1e2c1d6ecb7fa624122
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 13:22:43 2019 +0000
|
||
|
||
Add licensing
|
||
|
||
commit cfaafe400cd1f77df12f7f6dc9c9da58595bcbdf
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 13:16:12 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit eedeaa0e7faf8d9f75d99d037fa80bd5d08c6db3
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 13:12:59 2019 +0000
|
||
|
||
Update common-session-noninteractive
|
||
|
||
commit a9af85f58529e0dcb154b669bd53aba8333d5634
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 13:12:16 2019 +0000
|
||
|
||
Update common-session
|
||
|
||
commit 1e1d29cfdedaa01d0180b8ca5a79c6f401728432
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 13:11:31 2019 +0000
|
||
|
||
Create common-session-noninteractive
|
||
|
||
commit 501901f7c04514c66a4f97f5eb0e523aa55a1094
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 13:10:54 2019 +0000
|
||
|
||
Change default umask to 006
|
||
|
||
commit 09a5c27f475ea6947180088b4efb615101fdbf9c
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 13:10:29 2019 +0000
|
||
|
||
Create common-session
|
||
|
||
commit a319333493ad1839ff7fb1d4b6f43dc719b57844
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 13:09:51 2019 +0000
|
||
|
||
Create login.defs
|
||
|
||
commit f26ad14d4cab627c04dfa375ac831a3a09c9a165
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 30 07:21:58 2019 -0400
|
||
|
||
bumped changelog version
|
||
|
||
commit b8ace6e3f6a94268e0f63907e62bf968445ae548
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 30 07:21:31 2019 -0400
|
||
|
||
bump
|
||
|
||
commit f3a48009878e0edb033633d609f82a167cd8e616
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 30 08:23:51 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 85f61758c5b6d8b6a57d140a9f3795769a3ed183
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 30 04:11:38 2019 -0400
|
||
|
||
fix package description
|
||
|
||
commit e47339706170c92b8db44f014942ea7d94d1ff9e
|
||
Merge: 24b19c5 ec78a3e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 30 04:11:12 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit ec78a3e42e23a270a245dc254046ac1d7fc6ceec
|
||
Merge: 9525ff8 67de524
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 30 08:10:28 2019 +0000
|
||
|
||
Merge pull request #17 from madaidan/patch-13
|
||
|
||
Disable coredumps
|
||
|
||
commit 67de5247c8e7cd68c851a3d62168e9de69000afe
|
||
Merge: dbfb9e1 9525ff8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 30 08:10:04 2019 +0000
|
||
|
||
Merge branch 'master' into patch-13
|
||
|
||
commit 9525ff87c6ae3cd6538a0a8f294e6b8610e79a32
|
||
Merge: 24b19c5 22267c8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 30 08:09:23 2019 +0000
|
||
|
||
Merge pull request #16 from madaidan/patch-12
|
||
|
||
Mount /proc with hidepid=2
|
||
|
||
commit dbfb9e1cdf1e042c8985e2e69b7f5f5f1eaed860
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 00:21:46 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit 024a698249392bdc6ebd362a2c978bc0e02bd55f
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 00:20:38 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit 230ef34db45c1c7d980abfd8bd4770ec336ae4bf
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 00:19:04 2019 +0000
|
||
|
||
Create disable-coredumps.conf
|
||
|
||
commit 1bf802f8469a4ffc36cccca1ea6fc6f92ea6af8a
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 00:16:50 2019 +0000
|
||
|
||
Create coredumps.conf
|
||
|
||
commit f040081a5998fddd1ea4bc30140e41c405842371
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 00:13:52 2019 +0000
|
||
|
||
Prevent setuid processes from creating coredumps.
|
||
|
||
commit c6b669f1a53bfef08a82994422f9e1b627a937d5
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 30 00:11:13 2019 +0000
|
||
|
||
Create disable-coredumps.conf
|
||
|
||
commit 22267c895b15e10c98bae365ef2bef12f95454aa
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Jun 29 22:30:41 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit a2c676ed48782f86e8b58d39f8bec4cd37a47cf5
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Jun 29 22:28:41 2019 +0000
|
||
|
||
Update proc-hidepid.service
|
||
|
||
commit dcf57bebf0d28089045a29477f26ad35d1041392
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Jun 29 22:27:24 2019 +0000
|
||
|
||
Create proc-hidepid.service
|
||
|
||
commit 24b19c597685233e3ebc7a5200bf929319f8a63f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jun 29 10:35:13 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit befa03fea80c53bac3c4b1bb530be2f965ce6157
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jun 29 10:34:48 2019 +0000
|
||
|
||
fix lintian warning
|
||
|
||
commit 250919b821a00c93ee4fe7d92f6f3ed812110aac
|
||
Merge: ecf5d80 60e6dfc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jun 29 06:06:02 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 60e6dfcbff08dd4526e60c3302741e40d98c8b3e
|
||
Merge: ecf5d80 9e9c854
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jun 29 10:05:34 2019 +0000
|
||
|
||
Merge pull request #15 from madaidan/patch-11
|
||
|
||
Update control
|
||
|
||
commit 9e9c854d274d7322759a9e5d2c49bcbd60e63e0d
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Fri Jun 28 11:34:35 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit b26d861dffdbca124322cbfbda99ab71a3142e06
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Fri Jun 28 11:33:48 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit ecf5d80fdf0e8f997afa88f8d788a7df88008afc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jun 28 07:20:53 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 36c2b1d28391ac2ea0f995fd0a348eecbe833a6c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jun 28 07:18:30 2019 +0000
|
||
|
||
fix lintian warning
|
||
|
||
commit a978fe10001a8c1a9a6a3179d9fc5dc9ed433bc2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jun 28 07:17:35 2019 +0000
|
||
|
||
chmod +x usr/lib/security-misc/remove-system.map
|
||
|
||
commit fe69dc6173e8a3e45ff7996597e9e50f09033279
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jun 28 07:09:35 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 6a6afc347ad80bd133438a27e2dc64a1b54c784a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jun 28 03:02:49 2019 -0400
|
||
|
||
update files list
|
||
|
||
commit ccb89cfd5574ed5a7b3802edc3bf188250edfddd
|
||
Merge: 0a0be1a ab31223
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jun 28 03:00:21 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit ab312235ba89d62b7b83c26f8e9b8a8ff0ec985b
|
||
Merge: 5e02100 3801a53
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jun 28 06:59:16 2019 +0000
|
||
|
||
Merge pull request #14 from madaidan/patch-10
|
||
|
||
Add some hardening for other distributions
|
||
|
||
commit 5e02100e34776bf410ba05d7a3f7ee7f696ca0fc
|
||
Merge: 7e12e16 b809185
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jun 28 06:58:32 2019 +0000
|
||
|
||
Merge pull request #13 from madaidan/patch-9
|
||
|
||
Remove System.map and restrict the SysRq key.
|
||
|
||
commit 7e12e16dc0513f0a6936e576e3c8fa8ee44509d2
|
||
Merge: 0a0be1a 641407c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jun 28 06:57:42 2019 +0000
|
||
|
||
Merge pull request #11 from madaidan/patch-7
|
||
|
||
Protect against DMA attacks
|
||
|
||
commit 3801a53a9e01aafa3783276059a7907f5b20b96e
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Jun 27 18:17:58 2019 +0000
|
||
|
||
Update tcp_hardening.conf
|
||
|
||
commit c54125270b44140b9ecfe0420205ac685b2a3505
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Jun 27 18:15:57 2019 +0000
|
||
|
||
Create dmesg_restrict.conf
|
||
|
||
commit b8091850082fe1b956d6cff11fc7aa17786e693e
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu Jun 27 16:09:52 2019 +0000
|
||
|
||
Update remove-system-map.service
|
||
|
||
commit 9392c8deb2657d3ff2c3734fb8bf1863d4e2a2d7
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Jun 26 15:03:54 2019 +0000
|
||
|
||
Update remove-system.map
|
||
|
||
commit 8ef0db17e6a9c066b50a021292aab80a7523cbb6
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Wed Jun 26 12:59:45 2019 +0000
|
||
|
||
Use a for loop to detect if System.map exists
|
||
|
||
commit 3116a56f1353681fbb97d4e7f92ee069f2577b33
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Jun 25 19:25:32 2019 +0000
|
||
|
||
Create remove-system-map.service
|
||
|
||
commit 382e336f69097f3baa7693da6aaf8833b05cf322
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Jun 25 19:20:27 2019 +0000
|
||
|
||
Create remove-system.map
|
||
|
||
commit 01c839c815b7f8c16c231bbd72da1673ad88fdb7
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Tue Jun 25 19:16:43 2019 +0000
|
||
|
||
Restrict what the SysRq key can do
|
||
|
||
commit 0a0be1ad2889182b15d5851740ff43fb75773571
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 19:57:42 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 7806af14193f195e825678471ba65c64e07d7d0a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 19:51:53 2019 +0000
|
||
|
||
readme
|
||
|
||
commit 4e32438d75726014573b35c9b101abf59dfc3ba4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 19:47:05 2019 +0000
|
||
|
||
debian/control syntax fix
|
||
|
||
commit a098b18560e30ef238f693bf8f05933489027dd4
|
||
Merge: 2a62899 90d676e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 19:46:30 2019 +0000
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 90d676ec1864bd915310673d134d62d10a17a42f
|
||
Merge: 2a62899 1a07d90
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 19:45:31 2019 +0000
|
||
|
||
Merge pull request #12 from madaidan/patch-8
|
||
|
||
Update control
|
||
|
||
commit 1a07d90ed2da597db6d58c5f2da6dc3b32a8104b
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 23 19:26:03 2019 +0000
|
||
|
||
Update control
|
||
|
||
commit 2a6289980e07d1d9c263f2d5abfc3b9e37c5054f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 18:46:52 2019 +0000
|
||
|
||
syntax fix
|
||
|
||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"
|
||
|
||
https://forums.whonix.org/t/kernel-hardening/7296/70
|
||
|
||
commit f1147318c04642f355eae96786c26ec1cb53977c
|
||
Merge: cd73466 aec6da2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 18:45:41 2019 +0000
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit aec6da28e9ac4f8289d7b7aaa77bcef2562cda74
|
||
Merge: cd73466 2178fb3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 18:45:24 2019 +0000
|
||
|
||
Merge pull request #10 from madaidan/patch-6
|
||
|
||
Enable more kernel hardening parameters
|
||
|
||
commit 641407c8e9c728429ec86e7c89e431896d88e116
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 23 18:38:50 2019 +0000
|
||
|
||
Enable IOMMU
|
||
|
||
commit 07c6362f1aff2e151c51aa681a79c3ef650baa6d
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 23 18:34:45 2019 +0000
|
||
|
||
Blacklist thunderbolt and firewire
|
||
|
||
commit 2178fb37a85808df0c455f7dd76fc72516d6ff28
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun Jun 23 17:54:34 2019 +0000
|
||
|
||
Add more kernel hardening parameters
|
||
|
||
commit cd7346699c10e258d5af5f51ad56493e98e4eb1a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 12:22:13 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 60334797d003f63606645220fbc66393eb30cde0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 09:00:12 2019 +0000
|
||
|
||
/etc/sysctl.d/tcp_sack.conf
|
||
|
||
commit d404624bacf220e5545c8e5ffbace937924c77cd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 08:38:01 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit ae50d8134294d3746235d383c18fc187c18717d7
|
||
Merge: 5269cfe cd7172c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 03:59:58 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit cd7172c00cbf0cb69e159b6159ef0bfff663a507
|
||
Merge: 5269cfe 807ac7d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 23 07:59:35 2019 +0000
|
||
|
||
Merge pull request #9 from madaidan/patch-5
|
||
|
||
Disables SACK.
|
||
|
||
commit 807ac7d65916071e4294f42d62b8b2353255c4bc
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sat Jun 22 16:08:30 2019 +0000
|
||
|
||
Create tcp_sack.conf
|
||
|
||
commit 5269cfeef99b500e4aa7c883434f3d5554559d16
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jun 21 05:40:04 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 0a5b15ff45dc1b30867b0093d238b95dde7c0810
|
||
Merge: ca1aa1e f9dc1b6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Jun 21 04:05:50 2019 +0000
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit f9dc1b6322961ff0e6c7a5be122f9d1031ba87ea
|
||
Merge: ca1aa1e 2e81885
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jun 20 23:54:58 2019 -0400
|
||
|
||
Merge pull request #8 from marmarek/packaging
|
||
|
||
qubes-builder integration
|
||
|
||
commit 2e81885f691201e2229dadfd5ec7b554980ac689
|
||
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
|
||
Date: Fri Jun 21 04:52:01 2019 +0200
|
||
|
||
Add rpm packaging
|
||
|
||
QubesOS/qubes-issues#1885
|
||
|
||
commit 27e68a39fe005a58cac02336fc6c468a4b2f5d31
|
||
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
|
||
Date: Fri Jun 21 04:51:33 2019 +0200
|
||
|
||
Add Makefile.builder for qubes-builder (Debian)
|
||
|
||
QubesOS/qubes-issues#1885
|
||
|
||
commit ca1aa1e577179d92f4ec002221b8c4207e6ce1d6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jun 10 15:42:58 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 8b5e84d76a762b6c8cac8626245d5311afbea221
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 9 10:24:53 2019 +0000
|
||
|
||
cleanup, delete debian/security-misc.maintscript to fix lintian warning
|
||
|
||
commit f9acd890a703ce375ed07ad9e1be2bed019e49a3
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 9 10:24:24 2019 +0000
|
||
|
||
lintian
|
||
|
||
commit 49873e8e0286f7604399c7e857c7714271991956
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jun 9 10:06:58 2019 +0000
|
||
|
||
solve package file conflict
|
||
|
||
https://github.com/QubesOS/qubes-issues/issues/1885#issuecomment-500200375
|
||
|
||
commit d5127e716632af2f494e9b41571c44a56a887667
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jun 8 11:32:12 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 9fe58728102f92d0584ef128c53f5e99d3956d92
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Jun 8 00:05:35 2019 -0400
|
||
|
||
fix debian/watch lintian warning debian-watch-contains-dh_make-template
|
||
|
||
commit e7edbe5fb446f869e7b64802038f410c74ce538c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri May 24 20:48:59 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 6102c571a31c8a166fb306ba9e1a0a4e444c58a8
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri May 24 12:29:08 2019 -0400
|
||
|
||
readme
|
||
|
||
commit afb5f5f96500f31864e32af90b2e9bbfd1a9acc1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu May 23 22:38:13 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 0a200e09ecf745d23e5e880d521f1aec2a7b25a9
|
||
Merge: 65d7eb8 244234c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu May 23 18:25:47 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 244234c8b709a425feed4f3cfb87389f4fb2c6f5
|
||
Merge: 65d7eb8 7177c60
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu May 23 22:25:13 2019 +0000
|
||
|
||
Merge pull request #7 from madaidan/patch-3
|
||
|
||
Disable uncommon network protocols
|
||
|
||
commit 7177c6041a9b086a4cb90504a492136b4da732a2
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu May 16 20:30:49 2019 +0000
|
||
|
||
Create uncommon-network-protocols.conf
|
||
|
||
commit 65d7eb81a6b84afcbf0692265f6d7a4b4599017b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu May 16 20:25:46 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit a2b184e5bb9942aa63a36fb918b203053a53f1e4
|
||
Merge: 71bf635 7d7b899
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu May 16 19:53:27 2019 +0000
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 7d7b899dd13f7123822bf269a639c68ff5cb737e
|
||
Merge: 71bf635 b814f33
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu May 16 19:52:52 2019 +0000
|
||
|
||
Merge pull request #6 from madaidan/patch-2
|
||
|
||
Even more kernel hardening
|
||
|
||
commit b814f338b803ae33380551919b00144bb63a53b8
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu May 16 16:33:03 2019 +0000
|
||
|
||
Update tcp_hardening.conf
|
||
|
||
commit e6794721bd181f8884cd3817b5ae3c6c58747ae7
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Thu May 16 16:29:20 2019 +0000
|
||
|
||
Update ptrace_scope.conf
|
||
|
||
commit 71bf63511b2cf2ca955900b85a536e4b3adf4c66
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun May 12 11:08:32 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit c040117fe47acad2e5c76baa55d42a6ec9223955
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun May 12 10:50:34 2019 +0000
|
||
|
||
lintian
|
||
|
||
commit 26fe4305a1fd072a8608f62a30129ad249203684
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun May 12 10:48:27 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 06b86229a4e1cc45a9bbe21c9a4c3e2a16fb82dc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun May 12 02:58:45 2019 -0400
|
||
|
||
update path to pre.bsh
|
||
|
||
commit 137bc073c5d65988cce832336ebee5c47071e732
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed May 8 21:38:25 2019 -0400
|
||
|
||
port to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml
|
||
|
||
https://forums.whonix.org/t/whonix-xfce-development/6213/84?u=patrick
|
||
|
||
commit 3bd4da6794067708f517b099548c0aa2a2b65146
|
||
Merge: c80b746 b00a264
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed May 8 21:32:29 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit b00a264ce27c48584879d85275a3fa3f19030906
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed May 8 21:29:36 2019 -0400
|
||
|
||
Disable thunar-volman by default.
|
||
|
||
commit a4852ad6c8260c68d9c1024e09a9487a8e2e1f61
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon May 6 20:37:53 2019 +0000
|
||
|
||
Create fs_protected.conf
|
||
|
||
commit 0296e51e06d94cea598fcad3bdbfa165e519a47b
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon May 6 15:46:37 2019 +0000
|
||
|
||
Create ptrace_scope.conf
|
||
|
||
commit 2923fc96ef9ee96a3149c8b2f781402c65e106b9
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon May 6 15:45:53 2019 +0000
|
||
|
||
Create tcp_hardening.conf
|
||
|
||
commit 4216299ee847da0bdf4c714451a70b69f5881d8c
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Mon May 6 15:42:55 2019 +0000
|
||
|
||
Create kexec.conf
|
||
|
||
commit c80b7465bfb9164fb300dea71c38f58672199b17
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon May 6 09:58:44 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit f917c27a197d49b7bcdbfe065fe0696792d05350
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon May 6 05:51:14 2019 -0400
|
||
|
||
remove trailing spaces
|
||
|
||
commit 83e12f8e89cf0269daeca36946cdef07e23075b3
|
||
Merge: 74cdecf 5177444
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon May 6 05:50:35 2019 -0400
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 5177444d624a8a935c461ebe1065d451d2f8da0f
|
||
Merge: 74cdecf 02e8888
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon May 6 05:46:03 2019 -0400
|
||
|
||
Merge pull request #5 from madaidan/patch-1
|
||
|
||
More kernel hardening
|
||
|
||
commit 02e8888b0bc4f0dfadccbebc9e6e75849d32ba76
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun May 5 20:17:33 2019 +0000
|
||
|
||
Update 40_kernel_hardening.cfg
|
||
|
||
commit 3695d7491ef8a7af81c0c2aad0babc48ec30af81
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun May 5 14:42:03 2019 +0000
|
||
|
||
Create 40_kernel_hardening.cfg
|
||
|
||
commit d2ca85c6860322a35ef0eb347c01c9f21dcf144f
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun May 5 14:36:30 2019 +0000
|
||
|
||
Create mmap_aslr.conf
|
||
|
||
commit 197c1120a9f9f9a38548e4341d12b404fe72fde9
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun May 5 14:35:42 2019 +0000
|
||
|
||
Create harden_bpf.conf
|
||
|
||
commit 351db0ef7f0e0eee09496ba56ec13d07ae84761e
|
||
Author: madaidan <50278627+madaidan@users.noreply.github.com>
|
||
Date: Sun May 5 14:34:41 2019 +0000
|
||
|
||
Create kptr_restrict.conf
|
||
|
||
commit 74cdecfd6b86c4932be2f3b6677ff023c6d52053
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri May 3 11:34:25 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 09c35d5da251c190febaeb3437e151612597375d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri May 3 10:56:56 2019 +0000
|
||
|
||
update
|
||
|
||
commit db9e60c894c06d316f124659571c4b360e3fc08b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Apr 6 12:13:43 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 6ba1fb70d2ae71d2d97752458c9996709e9a74af
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Apr 5 14:06:00 2019 -0400
|
||
|
||
port to debian buster
|
||
|
||
commit 811dcee2cb43b7569fc1172fa13d7f4a4aece754
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Apr 5 09:26:18 2019 -0400
|
||
|
||
fix lintian warning
|
||
|
||
commit a985581c68a8f92d9f588d5c2a7b606e8dc220dd
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 4 05:51:06 2019 -0400
|
||
|
||
port to debian buster
|
||
|
||
commit db5c3ccde6edcafc5467674176c94008765c0ecc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Apr 3 18:05:56 2019 -0400
|
||
|
||
readme
|
||
|
||
commit 2913acda63b8d2309392ef7af6833a407d7cfa3c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Mar 29 10:02:51 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 2ea9957e4c4200f0c729f482acd9c3519e8de2c9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Mar 29 09:03:18 2019 +0000
|
||
|
||
https://www.whonix.org/wiki/Dev/Licensing
|
||
|
||
commit c5768683f402289456375bb64a40250474005c25
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Mar 12 11:36:25 2019 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 811852656e5fdeae19c2a942207e4318c2f9b14d
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Mar 1 14:32:41 2019 +0000
|
||
|
||
add improved legal protections clauses
|
||
|
||
The license for software created by Whonix is the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version with additional terms applicable per GNU GPL version 3 section 7.
|
||
|
||
The additional terms are based on the Doom 3 license which is Debian refers to as `GPL-3+-with-id-software-additional-terms`, which is Debian DFSG [1] (The Debian Free Software Guidelines) approved and which is therefore suitable for Debian `main`. Whonix made applied minimal changes to it:
|
||
|
||
* Rewrite `The Doom 3 BFG Edition GPL Source Code` to the more common `this program` which is used throughout the GPL.
|
||
* Added a "trump clause" [2], in other words, any conflicts or disputes between the additional terms and the GPLv3 shall be resolved in favor of the GPLv3 by adding `Notwithstanding any other provision of this License` (as mentioned in GPL FAQ [3]) at the beginning of the additional terms.
|
||
|
||
[1] https://www.debian.org/social_contract#guidelines
|
||
[2] https://www.fsf.org/news/canonical-updated-licensing-terms
|
||
[3] https://www.gnu.org/licenses/gpl-faq.html#v3Notwithstanding
|
||
|
||
For more considerations, see also:
|
||
https://www.whonix.org/wiki/Dev/Licensing
|
||
|
||
commit 2298d0f6b0a7214ae4f6ecc7a56734905cdb9352
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Nov 28 06:33:14 2018 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 63b080f40bab38bdb1c91519b90c3988640970d9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Nov 19 06:27:52 2018 -0500
|
||
|
||
fix hiding network bookmark in thunar by default
|
||
|
||
Thanks to @Algernon for suggesting the fix!
|
||
|
||
commit daf7fc002b2d946c2946b9effe3fecc5cebe4cf2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Nov 19 03:08:20 2018 -0500
|
||
|
||
Disables network bookmark by default.
|
||
|
||
commit 2bd6dabc7c523d7680917753e61130cf78d7067e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 8 09:55:41 2018 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 0c020af885b3dfb2924102e6cf41a5af114cc140
|
||
Merge: f9e1877 6f240c0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 8 09:53:47 2018 +0000
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 6f240c0c4c88df2946fdd673f833ee05dd8340bb
|
||
Merge: f9e1877 f84f988
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 8 04:53:25 2018 -0500
|
||
|
||
Merge pull request #4 from Algernon-01/master
|
||
|
||
Enable hidden files and volume management again.
|
||
|
||
commit f84f988118e30a2a3d4d74ed008c1a626c35c365
|
||
Author: Algernon-01 <33966997+Algernon-01@users.noreply.github.com>
|
||
Date: Thu Nov 8 07:22:35 2018 +0000
|
||
|
||
Enabled hidden files and volume management.
|
||
|
||
commit 5aebf292149cca72cba3416c0de0f927d76d3281
|
||
Author: Algernon-01 <33966997+Algernon-01@users.noreply.github.com>
|
||
Date: Fri Nov 2 10:16:09 2018 +0000
|
||
|
||
Security and general settings for Thunar.
|
||
|
||
commit f9e18772d72abeb1d14e3dc2740950f91900ee69
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Nov 1 07:42:29 2018 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 4ecd32ef9996442532b78ae1d46694d0e452cec0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Oct 31 02:26:13 2018 -0400
|
||
|
||
description
|
||
|
||
commit 008a97d9e7f891a706a277c8e9bb2e3a958d1e63
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Oct 31 02:22:43 2018 -0400
|
||
|
||
disable previews in thunar
|
||
|
||
commit 256e4bac52d6c93a957ef47d07be2b7a0add8435
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 14 13:20:11 2018 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 73e5319711b897beb8fecae57f7552d764e438e5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Sep 14 10:46:00 2018 +0000
|
||
|
||
'Depends: libglib2.0-bin' - contains glib-compile-schemas (required by postinst)
|
||
|
||
commit 64b5e55d8cfc27c56c64b56837e7cf291a5473e0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Aug 27 16:49:44 2018 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 1211aee0206b0d829b1101348b2a9836996ceef9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Aug 21 05:18:37 2018 +0800
|
||
|
||
readme
|
||
|
||
commit c296cba838f64ad4bf96b281c2e2de410a3db589
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Feb 1 15:18:55 2018 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit edbf198a930de31a1423b962979583a1d9775e70
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jan 29 15:50:36 2018 +0000
|
||
|
||
readme
|
||
|
||
commit 6b94612ca4e29921186c1d9e26bf7dcd887cd13a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jan 29 15:38:57 2018 +0000
|
||
|
||
update copyright
|
||
|
||
commit 5b3fc2f6b943a50f305299ea0d940ccf13474e1c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jan 29 15:22:05 2018 +0000
|
||
|
||
update copyright
|
||
|
||
commit c3b6a44e97674fc6553aad33e8d8abd6e8e4df44
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jan 29 15:15:17 2018 +0000
|
||
|
||
update copyright
|
||
|
||
commit ff28f5932c0fc5ba9eac4bda8e01ccaa71291021
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Jan 29 15:09:42 2018 +0000
|
||
|
||
update copyright
|
||
|
||
commit 674d2d8abf38842d43a1ea10668d860b258c7f70
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Dec 21 20:35:29 2017 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 776bf9d6954fd7c33e2743e1d8e6dbd865c954d7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Dec 21 20:26:29 2017 +0000
|
||
|
||
readme
|
||
|
||
commit 7b2d3c9e2f61e34248aa1192ec5325b544e1124c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Jul 26 14:37:34 2017 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit dc2c9a9992551f5967e09b31a90721a9aadaf962
|
||
Merge: 61bd4d0 91ff0c2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Mar 14 13:43:18 2017 +0000
|
||
|
||
Merge remote-tracking branch 'origin/master'
|
||
|
||
commit 91ff0c2571b41710440006e770b8295c03b3a295
|
||
Merge: 61bd4d0 6e5e5d6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Mar 14 13:42:37 2017 +0000
|
||
|
||
Merge pull request #2 from HulaHoopWhonix/patch-2
|
||
|
||
Update README.md
|
||
|
||
commit 6e5e5d6ea65a0fee4c76e5ad74c444344ff1f462
|
||
Author: HulaHoopWhonix <bancfc@openmailbox.org>
|
||
Date: Tue Mar 14 13:11:44 2017 +0000
|
||
|
||
Update README.md
|
||
|
||
commit 61bd4d05b76088657e392cb311983617b8a68750
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Mar 6 16:16:32 2017 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 99bb1e877ec84bf7d3c6873f0369aed2fb92be4b
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Mar 6 15:00:33 2017 +0000
|
||
|
||
"$@"
|
||
|
||
commit f6bc1884855d84599ee731f694e0073f1df73ce1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Feb 28 15:22:54 2017 +0100
|
||
|
||
comment
|
||
|
||
commit 18e23af784e69e1bd40725a23acac9aaa3b167ab
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 27 23:59:37 2017 +0000
|
||
|
||
cleanup
|
||
|
||
commit 6195450eb2721d987f185f127a5435e8c7f798cc
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 27 23:57:04 2017 +0000
|
||
|
||
No longer ignore duplicate apt sources in apt-get-wrapper.
|
||
|
||
No longer acceptable because these generate lots of noise in the terminal.
|
||
|
||
commit 191918027c1971bfb871abb438c4917e5b98bb74
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 27 23:43:02 2017 +0000
|
||
|
||
adjust apt-get-wrapper for Debian stretch's apt-get
|
||
|
||
commit 2130b4c654ae5e3f94e7febe00a47e3969858770
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 27 23:16:32 2017 +0000
|
||
|
||
use python rather than unbuffer
|
||
|
||
because unbuffer eats exit code when process is killed
|
||
|
||
commit cc351165dc78a8b7158a2b9bfdd9e4f0b3866239
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 27 19:36:38 2017 +0000
|
||
|
||
apt-get-wrapper:
|
||
- fix exit code handling
|
||
- code simplification
|
||
|
||
commit 1fb48e3548499d8a2891ec40314ffad8b6f1811e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 27 02:04:00 2017 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 966e90ebe2d5cd930ebb9367fdbcd0f8e46a0adb
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 27 00:17:36 2017 +0000
|
||
|
||
add missing dependency tcl8.6 (which is required by unbuffer [package expect])
|
||
|
||
commit 5653b7732ae47b7e8e38e2c363aff4ef724c0484
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Feb 26 23:57:17 2017 +0000
|
||
|
||
fix, show progress during apt-get-wrapper
|
||
|
||
fix, propagate signals to apt-get child process
|
||
|
||
commit 49cde21078ccc9f623add6f587ee719843647ee7
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Feb 21 19:54:41 2017 +0000
|
||
|
||
Whonix 14 KDE plasma 5 fixes
|
||
|
||
https://phabricator.whonix.org/T633
|
||
|
||
commit 0228e87d477f634d1e1db7c1cf6f213275d40dd9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Feb 19 22:37:10 2017 +0000
|
||
|
||
minor
|
||
|
||
commit dfe8a569b639dd09ef4cd7f35c05efd7ea080406
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Feb 19 22:32:04 2017 +0000
|
||
|
||
override glib-compile-schemas with || true in postinst
|
||
|
||
https://phabricator.whonix.org/T500
|
||
|
||
commit 5ba2a5b6ff53df37ad38f082ad86ff2227158d93
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Feb 19 22:25:28 2017 +0000
|
||
|
||
disable previews in nautilus by default for better security
|
||
|
||
copied solution by @unman
|
||
|
||
https://github.com/QubesOS/qubes-issues/issues/1108
|
||
|
||
https://github.com/QubesOS/qubes-core-agent-linux/pull/39
|
||
|
||
https://phabricator.whonix.org/T500
|
||
|
||
commit 91adab0d1bab6c6b31903f1e165944b3f8c8adb1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Feb 17 14:08:56 2017 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit c59d15d48f1950697d4e1da13282688f4f483ea5
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Feb 15 20:46:22 2017 +0000
|
||
|
||
Debian stretch / kde plasma5 fix: KDEDIRS -> XDG_CONFIG_DIRS
|
||
|
||
https://phabricator.whonix.org/T633
|
||
|
||
commit bddbba84a6fad680359bc8eee0c395fcc4d79ca9
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Feb 14 17:30:31 2017 +0000
|
||
|
||
"$@"
|
||
|
||
commit 9b0d3e34fc8e1981cf59b17aed8abcc38052fc61
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Feb 14 02:37:08 2017 +0000
|
||
|
||
add usr/lib/security-misc/apt-get-update-sanity-test
|
||
|
||
a CVE-2016-1252 sanity test script
|
||
|
||
commit 5e076415536e1513463c59dba6e8afc4e90b7f1a
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Feb 13 17:26:59 2017 +0000
|
||
|
||
readme
|
||
|
||
commit 0bb059093f7b4940836057b069bbec3a51ed91ac
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Feb 10 15:47:52 2017 +0000
|
||
|
||
remove faketime from Build-Depends:
|
||
|
||
since no longer used for reproducible builds
|
||
|
||
commit be8084ad1c136ee4a18cb24abcc0c14c522b8089
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Fri Feb 10 15:35:25 2017 +0000
|
||
|
||
remove debian/gain-root-command workaround
|
||
|
||
commit 90f175e117d9ca2b84072bee129539569143e10c
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Wed Feb 8 14:26:26 2017 +0000
|
||
|
||
double apt-get-update wrapper timeout from 120 to 240 seconds
|
||
|
||
since it takes a bit longer than 120 seconds for me on a fast connection
|
||
|
||
commit 1e66e03da14ae2e3f7b315e443836c35f954b84f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jan 15 15:35:31 2017 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit d80d576953ccea7f183bfe4b1e13655ebc03e557
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jan 15 13:11:38 2017 +0000
|
||
|
||
fix lintian warning
|
||
|
||
commit 59633fbc604207947427839004afcbc8c8d5e4d4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Jan 15 08:35:40 2017 +0100
|
||
|
||
packaging, bumped Standards-Version from 3.9.6 to 3.9.8 for jessie support
|
||
|
||
commit 814d6c5f74dd4808f28a0650909672be62639cd1
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Jan 12 02:56:55 2017 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 0cf6524f0fac00c1b9bde836b7e7cc62cb3e41f4
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 25 02:33:44 2016 +0000
|
||
|
||
apt-get-update: implement SIGINIT trap; hide 'ps' output
|
||
|
||
commit c4089d8d4017f713631fbc5f09ccf7047dcb7008
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 25 01:36:04 2016 +0000
|
||
|
||
update path to /usr/lib/security-misc/apt-get-wrapper
|
||
|
||
commit 7b01fb934140afdcd8f7275c92cd557a1080d18e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 25 01:35:17 2016 +0000
|
||
|
||
remove obsolete comments
|
||
|
||
commit 8160cfe1d720707895172a18608366ddd65f9ec6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sun Dec 25 01:29:31 2016 +0000
|
||
|
||
moved apt-get-update and apt-get-wrapper from whonixcheck to security-misc
|
||
|
||
commit 7b3ef3a00f28592852ee701d4ce3803348de6999
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Sat Dec 10 02:30:50 2016 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 4416ea5cf904b296749ad53a7a04b0b6d40b5bcf
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Nov 21 17:42:55 2016 +0000
|
||
|
||
readme
|
||
|
||
commit 6cda8b1496795422d4c0bfcea2ea2bf29c32daa0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Oct 10 16:10:30 2016 +0000
|
||
|
||
disable conntrack helper for better security
|
||
|
||
https://phabricator.whonix.org/T486
|
||
|
||
commit 0d66fc60b9ea65e826560986698c11cea7ca4ea6
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Apr 25 23:27:58 2016 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 192d1e0cee505a59c5f62d01022562b12ca6646e
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Mon Apr 25 23:19:54 2016 +0000
|
||
|
||
/etc/sysctl.d/nf_conntrack_helper.conf disabled for now as it needs more work
|
||
|
||
https://phabricator.whonix.org/T486
|
||
|
||
commit 492ce128909cfda8645738b092fd9e8722c64aa0
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Apr 7 22:54:45 2016 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit 9d7ad9e97ed6b341e72ed6d6d2104c840c73b37f
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Mar 31 15:53:40 2016 +0000
|
||
|
||
fixed package description and package description linitan warnings
|
||
|
||
commit d5e61eb4b12106f9ee3fdf8938686e89a8c7e465
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Mar 31 15:36:59 2016 +0000
|
||
|
||
added 'Replaces: tcp-timestamps-disable'
|
||
|
||
https://phabricator.whonix.org/T486
|
||
|
||
commit 7b54755841907c2b86b12eed5035860e17445193
|
||
Merge: 10c87b8 be086ae
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Mar 31 15:35:07 2016 +0000
|
||
|
||
merged tcp-timestamps-disable package into security-misc package
|
||
|
||
disable conntrack helper for better security
|
||
|
||
https://phabricator.whonix.org/T486
|
||
|
||
commit be086aea597ff5e4db29f56fa57399c67568d4b6
|
||
Merge: 10c87b8 d0eceae
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Thu Mar 31 15:34:17 2016 +0000
|
||
|
||
Merge pull request #1 from HulaHoopWhonix/patch-1
|
||
|
||
Create tcp_timestamps.conf
|
||
|
||
commit d0eceae0c84a42bce4ade28c593fd6ba002a67b9
|
||
Author: HulaHoopWhonix <bancfc@openmailbox.org>
|
||
Date: Thu Mar 31 03:18:38 2016 +0000
|
||
|
||
Update README.md
|
||
|
||
commit 989f2f54e22ff676df83463edaca439a4695af49
|
||
Author: HulaHoopWhonix <bancfc@openmailbox.org>
|
||
Date: Thu Mar 31 03:18:05 2016 +0000
|
||
|
||
Update control
|
||
|
||
commit c7d88571e48fface5fc24d7d471724303e374f37
|
||
Author: HulaHoopWhonix <bancfc@openmailbox.org>
|
||
Date: Thu Mar 31 03:16:10 2016 +0000
|
||
|
||
Update control
|
||
|
||
commit 27200cd98f6d2be7e55765a8d17a075299db7b2e
|
||
Author: HulaHoopWhonix <bancfc@openmailbox.org>
|
||
Date: Thu Mar 31 02:57:15 2016 +0000
|
||
|
||
Update README.md
|
||
|
||
commit 92d738db56f048f2ee5de0239ddd6ba141373f99
|
||
Author: HulaHoopWhonix <bancfc@openmailbox.org>
|
||
Date: Thu Mar 31 02:53:12 2016 +0000
|
||
|
||
Create nf_conntrack_helper.conf
|
||
|
||
commit 5992a7f026b1ee22c1ab82411048b58e89ed0dc2
|
||
Author: HulaHoopWhonix <bancfc@openmailbox.org>
|
||
Date: Thu Mar 31 02:48:06 2016 +0000
|
||
|
||
Create tcp_timestamps.conf
|
||
|
||
commit 10c87b84e2d3b0eec7a6a3d283d3b1e02f080e58
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 15 21:05:03 2015 +0000
|
||
|
||
updated README.md
|
||
|
||
commit ba7b06ce302006a12fe7886c4338b5e44a571fa2
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 15 04:16:14 2015 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit c47f9697b4af46f713e49eb026f1c5ab4b77ad20
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 15 04:14:00 2015 +0000
|
||
|
||
deactivate preview in Nautilus
|
||
|
||
commit 4b7d8a4bd88bd7b8a904d0b48fddf2803457ab47
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 15 02:00:39 2015 +0000
|
||
|
||
bumped changelog version
|
||
|
||
commit d3ccf0eeaf9802fa09e70633efb45dcc2b767cba
|
||
Author: Patrick Schleizer <adrelanos@riseup.net>
|
||
Date: Tue Dec 15 02:00:24 2015 +0000
|
||
|
||
initial commit
|