mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-23 01:23:36 +07:00
Code Issues Packages Projects Releases Wiki Activity

comments

Browse Source
This commit is contained in:
Patrick Schleizer 2024-02-22 15:07:53 -05:00
parent a1f898e3b3
commit d13d1aa7ec
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
usr/bin/remount-secure
View File

@ -1,11 +1,28 @@
#!/bin/bash
## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## features:
## - nodev,nosuid where appropriate
## - optional noexec for most except /home
## - optional noexec for all including /home
## - idempotent (script can be safely re-run)
## - can be run from:
## - systemd
## - dracut
## - manually from command line
## - can safely handle non-existing folders
## - error handling
## - log output:
## - shows each and every command executed
## - shows old mount options prior running remount-secure
## - shows new mount options after running remount-secure
## noexec in /tmp and/or /home can break some malware but also legitimate
## applications.
## https://www.kicksecure.com/wiki/Noexec
## https://www.kicksecure.com/wiki/Dev/remount-secure
## https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707