mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-03 12:55:52 +07:00
Code Issues Packages Projects Releases Wiki Activity

Harden/disable recovery mode options

Browse Source
This commit is contained in:
Aaron Rainbolt 2024-12-08 03:21:27 -06:00
parent 7902311c57
commit 439fa7f3be
No known key found for this signature in database
GPG Key ID: A709160D73C79109
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
etc/default/grub.d/41_recovery_restrict.cfg Normal file
View File

@ -0,0 +1,16 @@
## Copyright (C) 2024 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## Definitions:
## KSPP=yes: compliant with recommendations by the KSPP
## KSPP=partial: partially compliant with recommendations by the KSPP
## KSPP=no: not (currently) compliant with recommendations by the KSPP
## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
## Disable access to single-user mode (i.e. recovery mode).
## https://forums.kicksecure.com/t/remove-linux-recovery-mode-boot-option-from-default-grub-boot-menu/727
GRUB_DISABLE_RECOVERY='true'
## Disable access to Dracut's recovery console.
## https://forums.kicksecure.com/t/harden-dracut-initramfs-generator-by-disabling-recovery-console/724
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT rd.shell=0 rd.emergency=halt"