mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-08-02 08:11:04 +07:00
Code Issues Packages Projects Releases Wiki Activity

add matchwhitelist feature

Browse Source 
add "/usr/lib/virtualbox/ matchwhitelist"
This commit is contained in:
Patrick Schleizer
2019-12-20 12:57:24 -05:00
parent 3fab387669
commit 17e8605119
2 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
etc/permission-hardening.d/30_default.conf
View File

@ -13,7 +13,7 @@
## To remove all SUID/SGID binaries in a directory, you can use the "nosuid"
## argument.
## SUID whitelist.
## SUID exact match whitelist.
## TODO: white spaces inside file name untested
/usr/bin/sudo whitelist
/bin/sudo whitelist
@ -33,6 +33,10 @@
## https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qfile-unpacker.c
/usr/lib/qubes/qfile-unpacker whitelist
## SUID regex match whitelist.
## TODO: white spaces inside file name untested
/usr/lib/virtualbox/ matchwhitelist
## Permission hardening.
/home/ 0755 root root
/home/user/ 0700 user user