Merge branch 'master' into sysctl-initramfs

debian/changelog

@@ -1,3 +1,15 @@
+security-misc (3:14.5-1) unstable; urgency=medium
+
+  * New upstream version (local package).
+
+ -- Patrick Schleizer <adrelanos@riseup.net>  Tue, 14 Jan 2020 14:28:28 +0000
+
+security-misc (3:14.4-1) unstable; urgency=medium
+
+  * New upstream version (local package).
+
+ -- Patrick Schleizer <adrelanos@riseup.net>  Tue, 14 Jan 2020 14:20:36 +0000
+
 security-misc (3:14.3-1) unstable; urgency=medium
 
   * New upstream version (local package).

debian/control

@@ -119,6 +119,9 @@ Description: enhances misc security settings
  .
   * An initramfs hook sets the sysctl values in /etc/sysctl.d before init
  is executed so our hardening is enabled as early as possible.
+ .
+  * The kernel panics on oopses to prevent it from continuing to run a flawed
+ process and to deter brute forcing.
  .
  Improve Entropy Collection
  .

debian/security-misc.preinst

@@ -102,7 +102,7 @@ console_users_check() {
    fi
 
    console_users="$(getent group console | cut -d: -f4)"
-   ## example ssh_users:
+   ## example console_users:
    ## user
    console_unrestricted_users="$(getent group console-unrestricted | cut -d: -f4)"
 
@@ -150,7 +150,7 @@ legacy() {
       continue_yes=true
    fi
 
-   if [ "$continue_yes" = "yes" ]; then
+   if [ ! "$continue_yes" = "yes" ]; then
       return 0
    fi
 
@@ -165,6 +165,11 @@ legacy() {
 
    user_to_be_created=user
 
+   if ! id "$user_to_be_created" &>/dev/null ; then
+      true "INFO: user '$user_to_be_created' does not exist. Skipping addgroup console and pam-auth-update."
+      return 0
+   fi
+
    addgroup "$user_to_be_created" console
 
    pam-auth-update --enable console-lockdown-security-misc