mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-23 01:13:40 +07:00
Code Issues Packages Projects Releases Wiki Activity

description

Browse Source
This commit is contained in:
Patrick Schleizer 2019-12-20 06:53:03 -05:00
parent 0ae3e689b5
commit 24ea70384b
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
debian/control vendored
View File

@ -217,6 +217,15 @@ Description: enhances misc security settings
debian/security-misc.postinst
/usr/lib/security-misc/permission-lockdown
/usr/share/pam-configs/mkhomedir-security-misc
.
* SUID / GUID removal and permission hardening.
A systemd service removed SUID / GUID from non-essential binaries as these are
often used in privilege escalation attacks.
It is disabled by default for now during testing and can optionally be enabled
by running `systemctl enable permission-hardening.service` as root.
/usr/lib/security-misc/permission-hardening
/lib/systemd/system/permission-hardening.service
/etc/permission-hardening.d/30_default.conf
.
access rights relaxations:
.