mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-29 06:10:47 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'ben-grande/clean'

Browse Source
This commit is contained in:
Patrick Schleizer
2024-01-16 08:19:28 -05:00
parent dc8d9eece3 bc02c72018
commit 862bf6b5ab
26 changed files with 731 additions and 715 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -433,23 +433,23 @@ include but are not limited to:
- Protecting the information of sudoers from others.
- Protecting various system relevant files and modules.
##### permission-hardening #####
##### permission-hardener #####
`permission-hardener` removes SUID / SGID bits from non-essential binaries as
these are often used in privilege escalation attacks. It runs at package
installation and upgrade time.
There is also an optional systemd unit which does the same at boot time that
can be enabled by running `systemctl enable permission-hardening.service` as
can be enabled by running `systemctl enable permission-hardener.service` as
root. The hardening at boot time is not the default because this slows down
the boot too much.
See:
* `/usr/bin/permission-hardening`
* `/usr/bin/permission-hardener`
* `debian/security-misc.postinst`
* `/lib/systemd/system/permission-hardening.service`
* `/etc/permission-hardening.d`
* `/lib/systemd/system/permission-hardener.service`
* `/etc/permission-hardener.d`
* https://forums.whonix.org/t/disable-suid-binaries/7706
* https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener