mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-22 20:33:35 +07:00
Code Issues Packages Projects Releases Wiki Activity
2,492 Commits 4 Branches 407 Tags 14 MiB
master
Commit Graph

907 Commits

Author SHA1 Message Date
Patrick Schleizer
ecaa024f22
lower debugging 2024-03-18 11:01:56 -04:00
Patrick Schleizer
a5206bde33
proc-hidepid.service add gid=proc 
This allows users that are a member of the `proc` group to be excluded from `hidepid` protections.

https://github.com/Kicksecure/security-misc/issues/208
 2024-03-10 08:44:53 -04:00
Patrick Schleizer
6b76373395
fix panic-on-oops started every 10s in Qubes-Whonix 
by changing from a /etc/profile.d etc. related mechanism to start to a systemd unit file based approach

Thanks to @marmarek for the bug report!

https://forums.whonix.org/t/panic-on-oops-started-every-10s/19450
 2024-03-04 06:44:26 -05:00
Patrick Schleizer
808e72f24b
use long options 
https://github.com/Kicksecure/security-misc/issues/172
 2024-02-26 08:11:26 -05:00
Patrick Schleizer
2d1d1b246f
improve output 
https://github.com/Kicksecure/security-misc/issues/172
 2024-02-26 08:07:29 -05:00
Patrick Schleizer
d8f5376c4f
improve output 
https://github.com/Kicksecure/security-misc/issues/172
 2024-02-26 07:58:06 -05:00
Patrick Schleizer
cf84762a3a
improve output 
https://github.com/Kicksecure/security-misc/issues/172
 2024-02-26 07:52:41 -05:00
Patrick Schleizer
f2958bbfa5
comment 2024-02-26 07:49:30 -05:00
Patrick Schleizer
b23d167342
Merge pull request #204 from DanWin/sysfs-mount 
Make /sys hardening optional and allow access to /sys/fs to make polkit work
 2024-02-26 07:46:02 -05:00
Patrick Schleizer
d13d1aa7ec
comments 2024-02-22 15:07:53 -05:00
Patrick Schleizer
c3dd178b19
output 2024-02-22 14:57:50 -05:00
Daniel Winzen
ef44ecea44
Add option to disabe /sys hardening 2024-02-22 17:27:46 +01:00
Daniel Winzen
3bc1765dbb
Allow access to /sys/fs for polkit 2024-02-22 17:27:45 +01:00
Patrick Schleizer
37a7abdf0c
ConditionKernelCommandLine=!remountsecure=0 2024-02-22 11:07:01 -05:00
Patrick Schleizer
c0924321b8
fix systemd unit ExecStart 2024-02-22 09:52:36 -05:00
Patrick Schleizer
6d7cf3c12a
output 2024-02-22 09:49:48 -05:00
Patrick Schleizer
f7831db197
do not exit non-zero if folder does not exist 2024-02-22 09:17:41 -05:00
Patrick Schleizer
5bdd7b8475
output 2024-02-22 09:14:52 -05:00
Patrick Schleizer
44a15cd97d
mount --make-private 
https://github.com/Kicksecure/security-misc/issues/172
 2024-02-22 09:13:56 -05:00
Patrick Schleizer
c0f98b05b6
comment 
https://github.com/Kicksecure/security-misc/pull/202
 2024-02-22 06:03:59 -05:00
Patrick Schleizer
1e1613aa93
allow /opt exec as usually optional binaries are placed there such as firefox 
https://github.com/Kicksecure/security-misc/pull/202
 2024-02-22 06:02:28 -05:00
Patrick Schleizer
7c7b4b24b4
fix home_noexec_maybe -> most_noexec_maybe 
https://github.com/Kicksecure/security-misc/pull/202
 2024-02-22 06:02:00 -05:00
Patrick Schleizer
38783faf60
add more bind mounts of mount options hardening 
as suggested in https://github.com/Kicksecure/security-misc/pull/202
 2024-02-22 05:58:53 -05:00
Patrick Schleizer
3048e0ac76
usrmerge 
https://github.com/Kicksecure/security-misc/issues/190
 2024-01-17 13:54:07 -05:00
Patrick Schleizer
0efee2f50f
usrmerge 
fixes https://github.com/Kicksecure/security-misc/issues/190
 2024-01-17 13:39:56 -05:00
Patrick Schleizer
3ba8fe586e
update permission-hardener.service 
Which is now only an additional opt-in systemd unit,
because permission-hardener is run by default at security-misc
package installation time.

https://github.com/Kicksecure/security-misc/pull/181
 2024-01-16 09:23:54 -05:00
Patrick Schleizer
862bf6b5ab
Merge remote-tracking branch 'ben-grande/clean' 2024-01-16 08:19:28 -05:00
Patrick Schleizer
1199871d7b
undo IPv6 privacy due to potential server issues 
https://github.com/Kicksecure/security-misc/issues/184
 2024-01-07 06:37:34 -05:00
Patrick Schleizer
128bb01b35
undo IPv6 privacy due to potential server issues 
https://github.com/Kicksecure/security-misc/issues/184
 2024-01-07 06:36:25 -05:00
Patrick Schleizer
86f91e3030
revert umask 027 by default 
because broken because this also happens for root while it should not

https://github.com/Kicksecure/security-misc/issues/185
 2024-01-06 09:11:54 -05:00
Patrick Schleizer
3f1304403f
disable MAC randomization in Network Manager (NM) because it breaks VirtualBox DHCP 
https://github.com/Kicksecure/security-misc/issues/184
 2024-01-06 08:15:31 -05:00
Raja Grewal
74afcc9c63
Clarify validity of disabling io_uring 2024-01-03 17:52:23 +11:00
Ben Grande
bc02c72018
Fix unbound variable 
- Run messages preceded by INFO;
- Comment unknown unused variables;
- Remove unnecessary variables; and
- Deal with unbound variable due to subshell by writing to a file;
 2024-01-02 17:08:45 +01:00
Ben Grande
abf72c2ee4
Rename file permission hardening script 
Hardener as the script is the agent that is hardening the file
permissions.
 2024-01-02 13:34:29 +01:00
Ben Grande
f138cf0f78
Refactor permission-hardener 
- Organize comments from default configuration;
- Apply and undo changes from a single file controlled by parameters;
- Arrays should be evaluated as arrays and not normal variables;
- Quote variables;
- Brackets around variables;
- Standardize test cases to "test" command;
- Test against empty or non-empty variables with "-z" and "-n";
- Show a usage message when necessary;
- Require root to run the script with informative message;
- Permit the user to see the help message without running as root;
- Do not create root directories without passing root check;
- Use long options for "set" command;
 2024-01-02 12:17:16 +01:00
Patrick Schleizer
8daf97ab01
Merge pull request #178 from raja-grewal/io_uring 
Disable asynchronous I/O
 2024-01-02 05:29:35 -05:00
Patrick Schleizer
5b36599c0c
/dev/, /dev/shm, /tmp 
https://github.com/Kicksecure/security-misc/issues/157#issuecomment-1869073716
 2023-12-29 14:57:38 -05:00
Patrick Schleizer
c86c83cef7
formatting 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 10:31:58 -05:00
Patrick Schleizer
971ff687b1
do not mount /dev/cdrom by default 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 10:30:35 -05:00
Patrick Schleizer
9fce67fcd9
remove superfluous, broken remount mount option 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 10:28:47 -05:00
Patrick Schleizer
40fd8cb608
no nofail mount option to avoid breaking the boot of a system 
unit testing belongs elsewhere

https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:51:09 -05:00
Patrick Schleizer
4aa645f29f
comment 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:46:33 -05:00
Patrick Schleizer
2b7aeedb4a
mount /dev/cdrom to /mnt/cdrom (instead of /mnt/cdrom0) and 
nodev,nosuid,noexec

as per:
https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html

https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:44:51 -05:00
Patrick Schleizer
0d9e9780da
formatting 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:37:14 -05:00
Patrick Schleizer
00f9ab4394
/dev devtmpfs 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:36:05 -05:00
Patrick Schleizer
55709b3aa0
/tmp tmpfs 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:30:57 -05:00
Patrick Schleizer
b0dd967611
usrmerge 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:28:08 -05:00
Patrick Schleizer
269fada14a
combine bind lines 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:25:14 -05:00
Raja Grewal
f055fe5da2
Disable asynchronous I/O 
io_uring creation is disabled for all processes. io_uring_setup always fails with -EPERM. Existing io_uring instances can still be used.
 2023-12-15 08:33:36 +00:00
Patrick Schleizer
039de1dc9b
add hardened fstab /usr/share/doc/security-misc/fstab-vm 
to the documentation folder as an example

not directly used by security-misc

will later be used by Kicksecure VM build process

https://github.com/Kicksecure/security-misc/issues/157
 2023-12-12 11:50:11 -05:00
Patrick Schleizer
5a73817a95
move to /usr/lib/issue.d/20_security-misc.issue 
https://github.com/Kicksecure/security-misc/pull/167
 2023-12-04 11:38:49 -05:00
Patrick Schleizer
dc04040cb3
typo 2023-12-04 10:36:48 -05:00
Patrick Schleizer
2634dbff2b
shuffle 2023-12-04 10:36:21 -05:00
Patrick Schleizer
a1e00be0e0
update link 2023-11-06 16:58:23 -05:00
Patrick Schleizer
df5f3e8056
output 2023-11-06 16:36:22 -05:00
Patrick Schleizer
3bc831a1f7
lintian 2023-11-06 16:27:29 -05:00
Patrick Schleizer
ad010ef5b4
debugging 2023-11-05 17:52:44 -05:00
Patrick Schleizer
3130a39d8c
set -e 2023-11-05 17:43:07 -05:00
Patrick Schleizer
36f3c30440
Merge pull request #148 from monsieuremre/module-loading-hardening 
Harden the loading of new modules to the kernel after install
 2023-11-05 17:41:56 -05:00
Patrick Schleizer
4219347f0a
fix permission-hardener config parsing issue 2023-11-05 16:43:44 -05:00
Patrick Schleizer
e72f79236b
refactoring 2023-11-05 16:41:41 -05:00
Patrick Schleizer
dea0d9a78a
fix permission-hardener config parsing issue 2023-11-05 16:40:49 -05:00
Patrick Schleizer
017ae18ad7
fix permission-hardener config parsing issue 2023-11-05 16:39:10 -05:00
Patrick Schleizer
65e3c14643
fix permission-hardener config parsing issue 2023-11-05 16:35:11 -05:00
Patrick Schleizer
d4494fd3c3
disable remount-secure dracut modules 
pending new systemd based implementation

https://github.com/Kicksecure/security-misc/pull/152
 2023-11-05 15:27:09 -05:00
Patrick Schleizer
4a19fbae0b
move permission-hardening to /usr/bin to make it more easily accessible 2023-11-05 15:13:01 -05:00
Patrick Schleizer
c75f80b29f
lower verbosity of permission hardener 
fixes https://github.com/Kicksecure/security-misc/issues/158
 2023-11-05 15:09:29 -05:00
Patrick Schleizer
55ba5d4832
renamed: usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf -> usr/lib/NetworkManager/conf.d/80_ipv6-privacy.conf 
renamed:    usr/lib/NetworkManager/conf.d/99_randomize-mac.conf -> usr/lib/NetworkManager/conf.d/80_randomize-mac.conf
renamed:    usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf -> usr/lib/systemd/networkd.conf.d/80_ipv6-privacy-extensions.conf
 2023-11-05 14:51:31 -05:00
Patrick Schleizer
5a75bcfb19
Merge pull request #145 from monsieuremre/wifi-and-bluetooth 
Wifi and Bluetooth Patch | Security and Privacy
 2023-11-05 14:49:00 -05:00
Patrick Schleizer
d9b5d770cf
Merge pull request #150 from monsieuremre/sysreq 
Disable SysRq by default
 2023-11-05 14:31:26 -05:00
monsieuremre
19eceaa810
more fix 2023-11-04 20:56:46 +00:00
Patrick Schleizer
d71ac03d96
comment 2023-11-03 10:36:15 -04:00
Patrick Schleizer
b85d48eb83
do not change default umask for root 
since this causes permission issues in `/etc/`

https://github.com/Kicksecure/security-misc/pull/151
 2023-11-03 10:31:59 -04:00
Patrick Schleizer
07540db90d
Revert "Revert "set default umask to 027"" 
This reverts commit f8913ceb2e.
 2023-11-03 09:45:12 -04:00
Patrick Schleizer
f8913ceb2e
Revert "set default umask to 027" 
This reverts commit cd216095eb.
 2023-11-03 09:43:44 -04:00
Patrick Schleizer
cd216095eb
set default umask to 027 
using package libpam-umask

https://www.debian.org/doc/manuals/securing-debian-manual/ch04s11.en.html#id-1.5.14.19

https://github.com/Kicksecure/security-misc/pull/151
 2023-11-03 09:12:24 -04:00
monsieuremre
ac224b270a
disable sysrq 2023-11-02 13:01:55 +00:00
monsieuremre
9f063584c1
disable-kernel-module-loading 2023-11-02 10:28:41 +00:00
monsieuremre
229032d691
Rename etc/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf to usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf 2023-11-01 17:54:05 +00:00
monsieuremre
1049298e7b
Update and rename etc/NetworkManager/conf.d/99_randomize-mac.conf to usr/lib/NetworkManager/conf.d/99_randomize-mac.conf 2023-11-01 17:52:40 +00:00
monsieuremre
76e684cc0a
Update and rename etc/NetworkManager/conf.d/99_ipv6-privacy.conf to usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf 2023-11-01 17:51:27 +00:00
monsieuremre
c975c3c0ff
new lines 990-security-misc.conf 
added new recommended hardening settings with comments
 2023-10-27 11:07:53 +00:00
Patrick Schleizer
a330a9fd75
refactor permission-lockdown 2023-10-26 19:20:21 -04:00
Patrick Schleizer
8bf5ff82be
Merge remote-tracking branch 'github-kicksecure/master' 2023-10-26 19:15:04 -04:00
Patrick Schleizer
1123d23114
remount-secure: disable debugging to save space in initrd 2023-10-26 18:45:07 -04:00
monsieuremre
91c445244c
actually we do it once indeed 2023-10-26 19:41:07 +00:00
monsieuremre
88f396264c
avoiding /etc/passwd 2023-10-26 19:35:59 +00:00
monsieuremre
b5ba03247a
readability 2023-10-26 19:31:25 +00:00
monsieuremre
f487752ba1
not limiting ourselves. we do not do this not just once. 2023-10-26 19:30:58 +00:00
monsieuremre
88cd5a905d
strip unnecessary 2023-10-26 19:25:24 +00:00
monsieuremre
d9f10c221a
new permission-lockdown 2023-10-26 18:17:50 +00:00
Patrick Schleizer
e5d989af5a
comment 2023-10-26 12:04:13 -04:00
Patrick Schleizer
6a22351d29
renamed: usr/lib/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/990-security-misc.conf 2023-10-25 17:30:07 -04:00
Patrick Schleizer
b7c52800f4
renamed: etc/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/30_security-misc.conf 
renamed:    etc/sysctl.d/30_security-misc_kexec-disable.conf -> usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
renamed:    etc/sysctl.d/30_silent-kernel-printk.conf -> usr/lib/sysctl.d/30_silent-kernel-printk.conf
 2023-10-25 17:28:43 -04:00
monsieuremre
f0857fd560
Fix double mount issue for /var/log and /var/tmp 
Mounting var with bind and mounting a subdirectory causes /var/tmp and /var/log bind mounted twice each. can be checked with lsblk. When we bind mount var only after having mounted the subdirectories, everything is mounted only one.
 2023-10-23 15:33:05 +00:00
Patrick Schleizer
d2e8a6dad3
debugging 2023-10-22 19:21:51 -04:00
Patrick Schleizer
e7aafd64d4
refactoring 2023-10-22 19:16:12 -04:00
Patrick Schleizer
d521662d04
comment 2023-10-22 16:49:36 -04:00
Patrick Schleizer
0e80acf38d
fix 2023-10-22 16:45:10 -04:00
Patrick Schleizer
5182d7502b
improve remount-secure 2023-10-22 16:08:21 -04:00
Patrick Schleizer
a88c0a3ad2
fix 2023-10-22 15:44:30 -04:00
Patrick Schleizer
a7629b98cf
fix 2023-10-22 15:40:49 -04:00
Patrick Schleizer
7112eac3be
output 2023-10-22 15:37:21 -04:00
Patrick Schleizer
f80b5fe376
fix 2023-10-22 15:36:16 -04:00
Patrick Schleizer
ce0babce21
comment 2023-10-22 15:35:03 -04:00
Patrick Schleizer
70cbe4daaa
fix 2023-10-22 15:33:11 -04:00
Patrick Schleizer
9b9e9ce1c0
fix 2023-10-22 15:27:01 -04:00
Patrick Schleizer
3731716a49
fix 2023-10-22 15:14:22 -04:00
Patrick Schleizer
eec87a0508
fix 2023-10-22 15:11:26 -04:00
Patrick Schleizer
f3286cf440
fix 2023-10-22 15:10:21 -04:00
Patrick Schleizer
eb90d38d8c
fix 2023-10-22 15:05:33 -04:00
Patrick Schleizer
7f03c2b137
fix 2023-10-22 14:45:45 -04:00
Patrick Schleizer
c85db586ca
improve 2023-10-22 14:44:58 -04:00
Patrick Schleizer
7c0ea4324a
fix 2023-10-22 14:39:52 -04:00
Patrick Schleizer
6198ae317c
fix 2023-10-22 14:29:02 -04:00
Patrick Schleizer
245fad0986
fix 2023-10-22 14:00:06 -04:00
Patrick Schleizer
619f1705e1
output 2023-10-22 13:58:55 -04:00
Patrick Schleizer
52fa7db087
output 2023-10-22 13:57:38 -04:00
Patrick Schleizer
8a592c2e37
fix remountsecure kernel parameter logic 2023-10-22 13:56:17 -04:00
Patrick Schleizer
e689f38ad0
todo 2023-10-22 13:31:44 -04:00
Patrick Schleizer
6675a2e931
fix 2023-10-22 13:30:50 -04:00
Patrick Schleizer
4288e10554
fix, rework remount-secure kernel parameters parsing 2023-10-22 13:25:31 -04:00
Patrick Schleizer
b0181af099
fix 2023-10-22 13:12:25 -04:00
Patrick Schleizer
28cb53341d
remount-secure dracut module: improve output 2023-10-22 13:11:44 -04:00
Patrick Schleizer
84ca0ac8a0
improve remount-secure 2023-10-22 12:54:25 -04:00
Patrick Schleizer
e7d30955e8
debugging 2023-10-22 11:28:08 -04:00
Patrick Schleizer
8eb4607a0e
improve 2023-10-22 11:12:54 -04:00
Patrick Schleizer
f1da0ce746
fix 2023-10-22 11:11:10 -04:00
Patrick Schleizer
26826e8398
fix 2023-10-22 11:06:34 -04:00
Patrick Schleizer
233fa4625b
output 2023-10-22 10:49:53 -04:00
Patrick Schleizer
3ebe8cf4de
refactoring 2023-10-22 10:41:42 -04:00
Patrick Schleizer
24d2e26397
no longer reproducible 2023-10-22 10:40:19 -04:00
Patrick Schleizer
fcba70df2e
refactoring 2023-10-22 10:38:48 -04:00
Patrick Schleizer
a05bd3dd0e
/home last because most likely to fail 2023-10-22 10:37:02 -04:00
Patrick Schleizer
41077c94fb
improve remount-secure 2023-10-22 10:32:24 -04:00
Patrick Schleizer
ef69e512bd
refactoring 2023-10-22 10:25:57 -04:00
Patrick Schleizer
d5cb7ecec9
use findmnt 2023-10-22 10:22:21 -04:00
Patrick Schleizer
45ce0ff74d
debugging 2023-10-22 10:16:43 -04:00
Patrick Schleizer
b81a991731
fix 2023-10-22 10:15:11 -04:00
Patrick Schleizer
292a5c3a8a
fix 2023-10-22 10:11:31 -04:00
Patrick Schleizer
bb57b1a289
fix 2023-10-22 10:10:51 -04:00
Patrick Schleizer
181a642479
root check 2023-10-22 10:01:38 -04:00
Patrick Schleizer
84fd41931c
/var/run -> /run 2023-10-22 09:44:17 -04:00
Patrick Schleizer
33d97a2560
improve output of remount-secure dracut module 2023-10-22 09:39:54 -04:00
Patrick Schleizer
c409e3221e
implement remount-secure 2023-10-22 09:36:03 -04:00
Patrick Schleizer
90f2b5e11c
code simplification 2023-10-22 08:51:37 -04:00
Patrick Schleizer
167683ce76
code simplification 2023-10-22 08:50:57 -04:00
Patrick Schleizer
e065f85c88
add remount-secure dracut module 2023-10-22 08:10:48 -04:00
Patrick Schleizer
f0ee470ecd
comment 2023-10-22 07:51:05 -04:00
Patrick Schleizer
e257f2a380
remount-secure: 
no longer use /usr/libexec/helper-scripts/pre.bsh as not simple with dracut
 2023-10-22 07:50:14 -04:00
Patrick Schleizer
ed11c68ac6
move remount-secure to /usr/bin/remount-secure to make it easier to manually run 2023-10-22 06:51:52 -04:00
Patrick Schleizer
6f4bf57ff2
remount-secure: add support for --force; output 2023-10-22 06:48:56 -04:00
Patrick Schleizer
6dec5cb1d6
debugging 2023-10-22 06:32:19 -04:00
Patrick Schleizer
bc768aa196
output 2023-10-22 06:31:57 -04:00
Patrick Schleizer
c069c73109
refactoring 2023-10-22 06:29:38 -04:00
Patrick Schleizer
abc3592734
remount-secure: stricter error handling 2023-10-22 06:23:48 -04:00
Patrick Schleizer
25760f7024
bookworm 2023-06-13 08:34:41 +00:00
Jeremy Rand
6ab400c9d9
mmap-rnd-bits: Fix typo in error message 2023-05-09 10:55:31 +00:00
Patrick Schleizer
0c10b3f038
output 2023-05-06 11:59:59 +00:00
Patrick Schleizer
5d4d04a2eb
output 2023-05-06 11:54:00 +00:00
Patrick Schleizer
2d465c6249
refactoring 2023-05-06 11:51:25 +00:00
Patrick Schleizer
014a28ba07
comment 2023-05-05 15:04:21 +00:00
Patrick Schleizer
ec01c1a996
minor mmap-rnd-bits improvements 2023-05-05 15:02:31 +00:00
Patrick Schleizer
3dc406f138
minor 2023-05-05 15:01:22 +00:00
Patrick Schleizer
40e940ec58
minor mmap-rnd-bits improvements 2023-05-05 14:54:24 +00:00
Patrick Schleizer
f4fd0f9012
minor mmap-rnd-bits improvements 2023-05-05 14:53:07 +00:00
Patrick Schleizer
a8e4121bef
minor mmap-rnd-bits improvements 2023-05-05 14:52:07 +00:00
Patrick Schleizer
9184e6bb92
fix 2023-05-05 14:51:19 +00:00
Patrick Schleizer
89168ef40c
minor mmap-rnd-bits improvements 2023-05-05 14:49:56 +00:00
Patrick Schleizer
d6d79e96c9
minor mmap-rnd-bits improvements 2023-05-05 14:44:29 +00:00
Jeremy Rand
48a68ba237
mmap-rnd-bits: Handle unwritable /etc/sysctl.d/ 2023-04-24 23:07:40 +00:00
Jeremy Rand
434cfb427f
mmap-rnd-bits: Check that configs are valid integers 2023-04-24 23:07:40 +00:00
Jeremy Rand
76ca8a27f9
mmap-rnd-bits: Handle missing kernel config file 2023-04-24 23:07:40 +00:00
Jeremy Rand
61f63255ac
vm.mmap_rnd_bits: Fix ppc64le 
Probably fixes a bunch of other non-x86_64 arches too.
 2023-04-24 23:07:39 +00:00
Raja Grewal
7a4212dd76
Update copyright 2023-03-30 17:08:47 +11:00
Patrick Schleizer
b87d9eb865
lintian 2023-01-24 07:08:13 -05:00
Patrick Schleizer
7bda2ad3e8
move ram-wipe scripts to dedicated ram-wipe package 2023-01-24 06:34:17 -05:00
Patrick Schleizer
d769099db1
use warn instead of info for now 
because dracut does not show info messages when kernel parameter quiet is set
 2023-01-09 05:34:07 -05:00
Patrick Schleizer
f3b84e15be
refactoring 2023-01-08 07:16:18 -05:00
Patrick Schleizer
96d6ca7ae0
improve kernel and initrd file detection 2023-01-08 07:09:09 -05:00
Patrick Schleizer
8367b27a0d
output 2023-01-08 07:08:18 -05:00
Patrick Schleizer
da0fc9f5bd
improve kernel and initrd file detection 2023-01-08 07:07:43 -05:00
Patrick Schleizer
5b11eecaec
refactoring 2023-01-08 06:45:10 -05:00
Patrick Schleizer
938b87d26c
comment 2023-01-07 18:06:10 -05:00
Patrick Schleizer
0b1310a219
output 2023-01-07 18:05:47 -05:00
Patrick Schleizer
2fd302f580
output 2023-01-07 18:02:21 -05:00
Patrick Schleizer
080abe574b
output 2023-01-07 17:48:21 -05:00
Patrick Schleizer
5689c07f97
comment 2023-01-07 17:37:46 -05:00
Patrick Schleizer
8e2db269b0
cleanup 2023-01-07 17:36:51 -05:00
Patrick Schleizer
a07af63155
output 2023-01-07 17:35:56 -05:00
Patrick Schleizer
539156c0da
drop_caches 2023-01-07 17:23:25 -05:00
Patrick Schleizer
02f44459ad
DRACUT_QUIET=no 2023-01-07 17:22:45 -05:00
Patrick Schleizer
ab89d0e06e
cleanup 2023-01-07 16:59:00 -05:00
Patrick Schleizer
2e833b40a1
prevent "wait: pid 55 is not a child of this shell" 2023-01-07 16:43:09 -05:00
Patrick Schleizer
3777ecba85
comment 2023-01-07 16:34:19 -05:00
Patrick Schleizer
e0ded5e69d
comment 2023-01-07 16:34:04 -05:00
Patrick Schleizer
996c6af2d8
lower debugging 2023-01-07 16:31:23 -05:00
Patrick Schleizer
4fca8f4225
comment 2023-01-07 16:28:11 -05:00
Patrick Schleizer
2bd9cc5bc1
output 2023-01-07 16:08:12 -05:00
Patrick Schleizer
2456fed361
output 2023-01-07 16:00:42 -05:00
Patrick Schleizer
c0b5fea680
protect against wipe RAM reboot loop 2023-01-07 15:59:52 -05:00
Patrick Schleizer
91aedb234a
output 2023-01-07 15:36:36 -05:00
Patrick Schleizer
368ad8e636
cleanup 2023-01-07 15:36:05 -05:00
Patrick Schleizer
d8bf40f7a2
refactoring 2023-01-07 15:35:45 -05:00
Patrick Schleizer
166a6863a1
output 2023-01-07 15:35:15 -05:00
Patrick Schleizer
20596488be
long options 2023-01-07 15:34:20 -05:00
Patrick Schleizer
b0630f58c1
debugging 2023-01-07 15:24:05 -05:00
Patrick Schleizer
dde01f3663
long options 2023-01-07 15:23:23 -05:00
Patrick Schleizer
6e0926eece
long options 2023-01-07 15:22:58 -05:00
Patrick Schleizer
51a5f68c76
refactoring 2023-01-07 15:22:25 -05:00
Patrick Schleizer
83800fcb4f
--no-legend 2023-01-07 15:18:58 -05:00
Patrick Schleizer
822cf64618
output 2023-01-07 15:13:36 -05:00
Patrick Schleizer
bb2f0a3c44
minor 2023-01-07 15:12:15 -05:00
Patrick Schleizer
c3a822af0e
test if readable 2023-01-07 15:09:25 -05:00
Patrick Schleizer
227871c12c
output 2023-01-07 15:07:34 -05:00
Patrick Schleizer
c09f4da192
code simplification 2023-01-07 15:06:56 -05:00
Patrick Schleizer
01fee8a7b4
refactoring 2023-01-07 15:06:31 -05:00
Patrick Schleizer
f675f8da0d
quotes 2023-01-07 15:05:58 -05:00
Patrick Schleizer
d0daf75db3
quotes 2023-01-07 15:05:24 -05:00
Patrick Schleizer
8bcf7e3c23
minor 2023-01-07 15:04:57 -05:00
Patrick Schleizer
2cc3c6c59c
lower debugging 2023-01-07 15:04:42 -05:00
Patrick Schleizer
10932bb5d8
minor 2023-01-07 15:04:23 -05:00
Patrick Schleizer
c88e95ce33
output 2023-01-07 15:04:07 -05:00
Patrick Schleizer
06034d2e4f
fix 2023-01-07 15:03:06 -05:00
Patrick Schleizer
059ebb212d
comment 2023-01-07 14:35:30 -05:00
Patrick Schleizer
c0304ec029
minor 2023-01-07 14:35:09 -05:00
Patrick Schleizer
d31c17ea04
fix 2023-01-07 14:31:14 -05:00
Patrick Schleizer
41d116aa2f
lintian 2023-01-07 14:30:12 -05:00
Patrick Schleizer
e83ba18553
minor 2023-01-07 14:29:12 -05:00
Patrick Schleizer
bb121e52bb
chmod +x 2023-01-07 14:27:22 -05:00
Patrick Schleizer
d37b19fb6b
comment 2023-01-07 12:55:05 -05:00
Patrick Schleizer
0367250dc7
comment 2023-01-07 12:54:35 -05:00
Patrick Schleizer
c1df2fd601
comment 2023-01-07 12:52:14 -05:00
Patrick Schleizer
c2b20603fd
output 2023-01-07 12:49:18 -05:00
Patrick Schleizer
999a82ed94
output 2023-01-07 12:46:21 -05:00
Patrick Schleizer
2860560edb
minor 2023-01-07 12:43:07 -05:00
Friedrich Doku
b8e82fffca Get rid of /dev/kmsg 2023-01-07 11:31:02 -05:00
Friedrich Doku
78a4fad667 Change echo to info. Included more reliable way of getting initrd and kernel. Allow user custom kexec 2023-01-07 11:14:31 -05:00
Friedrich Doku
8da3b9c40c fix last line 2023-01-06 21:40:17 -05:00
Friedrich Doku
7cf51a1b43 Checking job queue instead of dbus 2023-01-06 21:32:57 -05:00
Friedrich Doku
4b7053a635
Update wipe-ram.sh 2023-01-06 13:53:28 -05:00
Friedrich Doku
779ad24b57
Update wipe-ram-needshutdown.sh 2023-01-06 13:53:18 -05:00
Friedrich Doku
d45ba826bc
Update module-setup.sh 2023-01-06 13:53:10 -05:00
Friedrich Doku
b3d4314a06
Update wipe-ram.sh 2023-01-06 13:52:51 -05:00
Friedrich Doku
3387725017
Update wipe-ram-needshutdown.sh 2023-01-06 13:52:42 -05:00
Friedrich Doku
ec68ee6ded
Update module-setup.sh 2023-01-06 13:52:32 -05:00
Friedrich Doku
62dcdcf764
Update cold-boot-attack-defense-kexec-prepare 2023-01-06 13:51:45 -05:00
Friedrich Doku
14abfbfccd
Update cold-boot-attack-defense-kexec-prepare 2023-01-06 13:48:03 -05:00
Friedrich Doku
37a5264696
Update wipe-ram.sh 2023-01-06 13:47:34 -05:00
Friedrich Doku
7ac45acd0f
Update wipe-ram-needshutdown.sh 2023-01-06 13:47:23 -05:00