Commit Graph

203 Commits

Author SHA1 Message Date
Patrick Schleizer
5fb4eb8e56
undo Disabling TCP SACK, DSACK, FACK
https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/5
2019-10-05 07:00:47 -04:00
madaidan
ec5fcf813b
Update control 2019-10-03 20:50:48 +00:00
Patrick Schleizer
619550da23
description 2019-09-15 14:00:24 +00:00
Patrick Schleizer
b95b66e429
description 2019-09-15 13:56:37 +00:00
Patrick Schleizer
ae804a15e7
description 2019-09-15 13:21:02 +00:00
Patrick Schleizer
f13a73e569
undo SysRq restrictions
https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079
2019-09-10 12:35:42 -04:00
Patrick Schleizer
661bcd8603
allow loading unsigned modules due to issues
https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
2019-09-07 05:39:56 +00:00
Patrick Schleizer
5960c1682a
description 2019-09-06 11:46:22 +00:00
Patrick Schleizer
fccfacfdaf
description 2019-09-06 11:45:54 +00:00
Patrick Schleizer
0e20e33d16
description 2019-09-05 02:31:57 -04:00
Patrick Schleizer
0b3dcef13d
description 2019-09-05 02:30:40 -04:00
Patrick Schleizer
f2e5883b4c
description 2019-09-05 02:29:48 -04:00
Patrick Schleizer
a4913ae092
description 2019-09-05 02:28:43 -04:00
Patrick Schleizer
3a5bdddf5c
depend on adduser 2019-08-31 08:43:46 -04:00
Patrick Schleizer
0ae5c5ff14
remove umask changes since these are causing issues are are not needed anymore
thanks to home folder permission lockdown

https://forums.whonix.org/t/change-default-umask/7416/45
2019-08-24 12:14:22 -04:00
Patrick Schleizer
a74b983283
remove LLC - IEEE 802.2 from blacklist
since required by KVM

https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107

https://forums.whonix.org/t/blacklist-uncommon-network-protocols/7391/22

https://github.com/Whonix/security-misc/pull/29
2019-08-19 12:46:59 +00:00
Patrick Schleizer
e535232728
description 2019-08-17 10:37:49 +00:00
Patrick Schleizer
7ffdd7c240
description 2019-08-17 10:37:42 +00:00
Patrick Schleizer
207399439f
description 2019-08-17 10:37:36 +00:00
Patrick Schleizer
d4fb485e70
description 2019-08-17 10:35:31 +00:00
Patrick Schleizer
ed90d8b025
change default umask to 027
as per:

https://forums.whonix.org/t/change-default-umask/7416/47
2019-08-17 09:55:20 +00:00
Patrick Schleizer
f9e3825e91
fix lintian warning 2019-08-16 16:05:09 +00:00
Patrick Schleizer
224f95799c
sudo default umask 006
https://forums.whonix.org/t/change-default-umask/7416/43
2019-08-16 11:15:25 -04:00
Patrick Schleizer
85502ad430
Merge branch 'master' into patch-21 2019-08-16 14:35:51 +00:00
Patrick Schleizer
ff9bc1d7ea
informational output during PAM:
* Show failed and remaining password attempts.
* Document unlock procedure if Linux user account got locked.
* Point out, that there is no password feedback for `su`.
* Explain locked (root) account if locked.
* /usr/share/pam-configs/tally2-security-misc
* /usr/lib/security-misc/pam_tally2-info
2019-08-15 13:37:28 +00:00
Patrick Schleizer
a7c25a451c
remove unneeded dependency on libpam-cgfs 2019-08-14 11:50:53 +00:00
Patrick Schleizer
0feb54b28e
add Depends: apparmor-profile-anondist to fix apparmor issue
sudo[19806]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied
sudo[18961]: pam_exec(sudo:session): /usr/lib/security-misc/permission-lockdown failed: exit code 13
kernel: audit: type=1400 audit(1565780860.972:224): apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=19806 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
2019-08-14 11:10:18 +00:00
Patrick Schleizer
01b3a0bfae
description 2019-08-14 09:52:53 +00:00
Patrick Schleizer
dee195d89e
description 2019-08-14 09:40:41 +00:00
Patrick Schleizer
42f2d5f666
description 2019-08-14 07:39:28 +00:00
Patrick Schleizer
f210294f40
description 2019-08-14 07:24:24 +00:00
Patrick Schleizer
a82448d46a
description 2019-08-14 07:01:25 +00:00
Patrick Schleizer
aacd9c7679
description 2019-08-11 10:34:38 +00:00
Patrick Schleizer
c0b5c70de4
description 2019-08-11 10:33:22 +00:00
madaidan
4a6f87f3fa
Update control 2019-07-31 18:33:28 +00:00
Patrick Schleizer
ac1220e14b
depend on sudo so group sudo exists during postinst 2019-07-31 07:32:59 +00:00
Patrick Schleizer
09f75fb1ff
description 2019-07-31 07:32:36 +00:00
Patrick Schleizer
2ad087dcd9
description 2019-07-31 07:30:40 +00:00
Patrick Schleizer
404f597c0a
description 2019-07-31 07:29:42 +00:00
Patrick Schleizer
c921872016
description 2019-07-31 07:27:13 +00:00
Patrick Schleizer
39e1b1c5f0
update file path 2019-07-31 07:26:25 +00:00
Patrick Schleizer
c0a4a10d6b
description 2019-07-17 21:05:11 +00:00
Patrick Schleizer
7352b2ac31
description 2019-07-17 21:03:54 +00:00
Patrick Schleizer
4bf2360b95
description 2019-07-17 21:02:27 +00:00
Patrick Schleizer
9f2e300e72
description 2019-07-17 20:48:33 +00:00
Patrick Schleizer
d044780c04
description 2019-07-17 20:42:14 +00:00
Patrick Schleizer
75e5714d18
description 2019-07-17 20:40:01 +00:00
Patrick Schleizer
8c2f983578
description 2019-07-17 20:39:42 +00:00
Patrick Schleizer
2499ae0890
description 2019-07-16 07:28:50 -04:00
Patrick Schleizer
d0124b24d1
description 2019-07-16 07:27:56 -04:00
Patrick Schleizer
5c741d2149
shuffle 2019-07-15 13:02:30 +00:00
Patrick Schleizer
d247b7534b
sort description by categories 2019-07-15 13:01:46 +00:00
Patrick Schleizer
168ea5a660
shuffle 2019-07-15 08:48:17 -04:00
Patrick Schleizer
ea90f95f1c
cleanup 2019-07-13 16:26:40 +00:00
Patrick Schleizer
ea8b22ee78
shuffle 2019-07-13 16:26:14 +00:00
Patrick Schleizer
ca7e0e0161
description 2019-07-13 16:25:08 +00:00
Patrick Schleizer
ffb5a9c482
formatting 2019-07-13 16:23:39 +00:00
Patrick Schleizer
41675ddcff
removed: The amount of hashing rounds used by shadow is bumped to 65536.
This increases the security of hashed passwords.

Since we do not do that currently.

https://forums.whonix.org/t/restrict-root-access/7658/37
2019-07-13 16:21:34 +00:00
Patrick Schleizer
3f031a297d
Removes read, write and execute access for others for all users who have home
folders under folder /home by running for example "chmod o-rwx /home/user"
 during package installation or upgrade. This will be done only once per folder
 in folder /home so users who wish to relax file permissions are free to do so.
 This is to protect previously created files in user home folder which were
 previously created with lax file permissions prior installation of this
 package.
2019-07-13 16:20:14 +00:00
Patrick Schleizer
aee6b34635
fix lintian warning 2019-07-11 18:26:17 +00:00
madaidan
1aee08fa5e
Update control 2019-07-11 15:30:09 +00:00
madaidan
853c2eb377
Update control 2019-07-11 15:26:14 +00:00
Patrick Schleizer
0057c0dd8c
fix lintian warning 2019-07-11 07:07:01 +00:00
madaidan
1e4d349516
Update control 2019-07-10 14:28:39 +00:00
madaidan
a8b44c75f9
Update control 2019-07-09 21:57:07 +00:00
Patrick Schleizer
0f15303eb4
Merge branch 'master' into patch-16 2019-07-09 10:54:24 +00:00
madaidan
24b326d906
Update control 2019-07-08 23:24:41 +00:00
madaidan
45f8102d56
Update control 2019-07-08 23:04:47 +00:00
Patrick Schleizer
223b691833
add 'Depends: libpam-cgfs'
https://forums.whonix.org/t/change-default-umask/7416/30?u=patrick
2019-07-07 23:39:58 +00:00
Patrick Schleizer
d4c79cce69
add "Depends: libpam-runtime" so pam-auth-update is available
for Debian maintainer script
2019-07-07 21:09:26 +00:00
Patrick Schleizer
3cd1a5ec09
fix lintian warning 2019-07-06 13:56:00 +00:00
madaidan
8888147e1e
Update control 2019-07-04 14:26:31 +00:00
Patrick Schleizer
48e511347c
fix lintian warning 2019-07-01 13:37:55 +00:00
Patrick Schleizer
93c0821054
config-package-dev displace files for change umask
https://forums.whonix.org/t/change-default-umask/7416
2019-07-01 13:35:45 +00:00
madaidan
cfaafe400c
Update control 2019-06-30 13:16:12 +00:00
Patrick Schleizer
85f61758c5
fix package description 2019-06-30 04:11:38 -04:00
Patrick Schleizer
67de5247c8
Merge branch 'master' into patch-13 2019-06-30 08:10:04 +00:00
madaidan
dbfb9e1cdf
Update control 2019-06-30 00:21:46 +00:00
madaidan
024a698249
Update control 2019-06-30 00:20:38 +00:00
madaidan
22267c895b
Update control 2019-06-29 22:30:41 +00:00
Patrick Schleizer
befa03fea8
fix lintian warning 2019-06-29 10:34:48 +00:00
madaidan
9e9c854d27
Update control 2019-06-28 11:34:35 +00:00
madaidan
b26d861dff
Update control 2019-06-28 11:33:48 +00:00
Patrick Schleizer
4e32438d75
debian/control syntax fix 2019-06-23 19:47:05 +00:00
madaidan
1a07d90ed2
Update control 2019-06-23 19:26:03 +00:00
Patrick Schleizer
a985581c68
port to debian buster 2019-04-04 05:51:06 -04:00
Patrick Schleizer
4ecd32ef99
description 2018-10-31 02:26:13 -04:00
Patrick Schleizer
73e5319711
'Depends: libglib2.0-bin' - contains glib-compile-schemas (required by postinst) 2018-09-14 10:46:00 +00:00
Patrick Schleizer
5b3fc2f6b9
update copyright 2018-01-29 15:22:05 +00:00
Patrick Schleizer
ff28f5932c
update copyright 2018-01-29 15:09:42 +00:00
Patrick Schleizer
2130b4c654
use python rather than unbuffer
because unbuffer eats exit code when process is killed
2017-02-27 23:16:32 +00:00
Patrick Schleizer
966e90ebe2
add missing dependency tcl8.6 (which is required by unbuffer [package expect]) 2017-02-27 00:17:36 +00:00
Patrick Schleizer
5653b7732a
fix, show progress during apt-get-wrapper
fix, propagate signals to apt-get child process
2017-02-26 23:57:17 +00:00
Patrick Schleizer
0228e87d47
minor 2017-02-19 22:37:10 +00:00
Patrick Schleizer
0bb059093f
remove faketime from Build-Depends:
since no longer used for reproducible builds
2017-02-10 15:47:52 +00:00
Patrick Schleizer
d80d576953
fix lintian warning 2017-01-15 13:11:38 +00:00
Patrick Schleizer
59633fbc60
packaging, bumped Standards-Version from 3.9.6 to 3.9.8 for jessie support 2017-01-15 08:35:40 +01:00
Patrick Schleizer
9d7ad9e97e
fixed package description and package description linitan warnings 2016-03-31 15:53:40 +00:00
Patrick Schleizer
d5e61eb4b1
added 'Replaces: tcp-timestamps-disable'
https://phabricator.whonix.org/T486
2016-03-31 15:36:59 +00:00
HulaHoopWhonix
989f2f54e2 Update control 2016-03-31 03:18:05 +00:00
HulaHoopWhonix
c7d88571e4 Update control 2016-03-31 03:16:10 +00:00
Patrick Schleizer
c47f9697b4
deactivate preview in Nautilus 2015-12-15 04:14:00 +00:00
Patrick Schleizer
d3ccf0eeaf
initial commit 2015-12-15 02:00:24 +00:00