mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-13 09:19:32 +07:00
Code Issues Packages Projects Releases Wiki Activity

readme

Browse Source
This commit is contained in:
Patrick Schleizer
2019-08-11 11:39:32 +00:00
parent aacd9c7679
commit 52cee91283
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -91,7 +91,7 @@ restricts access to the root account:
* `su` is restricted to only users within the group `sudo` which prevents * `su` is restricted to only users within the group `sudo` which prevents
users from using `su` to gain root access or to switch user accounts. users from using `su` to gain root access or to switch user accounts.
/usr/share/pam-configs/security-misc /usr/share/pam-configs/wheel-security-misc
(Which results in a change in file `/etc/pam.d/common-auth`.) (Which results in a change in file `/etc/pam.d/common-auth`.)
* Add user `root` to group `sudo`. This is required to make above work so * Add user `root` to group `sudo`. This is required to make above work so
@ -99,7 +99,7 @@ login as a user in a virtual console is still possible.
debian/security-misc.postinst debian/security-misc.postinst
* Lock user accounts after 5 failed login attempts using pam_tally2. * Lock user accounts after 5 failed login attempts using pam_tally2.
/usr/share/pam-configs/security-misc /usr/share/pam-configs/tally2-security-misc
* Logging into the root account from a virtual, serial, whatnot console is * Logging into the root account from a virtual, serial, whatnot console is
prevented by shipping an existing and empty /etc/securetty. prevented by shipping an existing and empty /etc/securetty.
@ -115,7 +115,11 @@ to read and write to newly created files.
* Enables pam_umask.so usergroups so group permissions are same as user * Enables pam_umask.so usergroups so group permissions are same as user
permissions. Debian by default uses User Private Groups (UPG). permissions. Debian by default uses User Private Groups (UPG).
https://wiki.debian.org/UserPrivateGroups https://wiki.debian.org/UserPrivateGroups
/usr/share/pam-configs/usergroups /usr/share/pam-configs/usergroups-security-misc
* Create home directory on login with umask 006 using
pam_mkhomedir.so umask=006
/usr/share/pam-configs/mkhomedir-security-misc
* Removes read, write and execute access for others for all users who have * Removes read, write and execute access for others for all users who have
home folders under folder /home by running for example home folders under folder /home by running for example