036f518ddc
improvement
2022-06-30 13:56:29 -04:00
0e2fae2b69
skip ram wipe inside VMs
...
https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596/40
2022-06-30 13:50:18 -04:00
e06405c7be
undo
2022-06-29 16:56:16 -04:00
1b97d9cb76
fix
2022-06-29 16:30:31 -04:00
92c543e71f
output
2022-06-29 16:24:52 -04:00
d4161b2748
output
2022-06-29 16:23:42 -04:00
1ce7b27297
improvement
2022-06-29 16:23:12 -04:00
f5e0c1742a
credits
2022-06-29 16:02:05 -04:00
42e24f3c24
update file names
2022-06-29 15:54:49 -04:00
52aaac9b6d
rename
2022-06-29 15:53:52 -04:00
619bb3cf4d
rename
2022-06-29 15:53:24 -04:00
2a8504cf1b
move
2022-06-29 15:51:14 -04:00
af8b211c23
improvements
2022-06-29 15:50:20 -04:00
e9cd5d934b
copyright
2022-06-29 15:24:27 -04:00
9ab81d4581
do not power off too fast so wipe ram messages can be read
2022-06-29 15:22:00 -04:00
19439033de
copyright
2022-06-29 15:19:56 -04:00
fc202ede16
delete no longer required usr/lib/dracut/modules.d/40sdmem-security-misc/README.md
2022-06-29 15:18:28 -04:00
6d3a08a936
improvements
2022-06-29 15:17:40 -04:00
8a072437cc
ram wipe on shutdown: fix, added need_shutdown hook
...
Otherwise dracut does not run on shutdown.
Without `need_shutdown` file `/run/initramfs/.need_shutdown` does not get created.
And without that file `/usr/lib/dracut/dracut-initramfs-restore`,
which itself is started by `/lib/systemd/system/dracut-shutdown.service` does nothing.
2022-06-29 14:13:30 -04:00
924077e04c
verbose
2022-06-29 13:02:53 -04:00
db301dfd7f
comment
2022-06-29 13:02:39 -04:00
73d2ada0de
comment
2022-06-29 13:02:01 -04:00
295811a88f
improvements
2022-06-29 11:14:52 -04:00
024d52a67e
improve usr/lib/dracut/modules.d/40sdmem-security-misc/module-setup.sh
2022-06-29 09:52:53 -04:00
29253004b6
minor
2022-06-29 09:38:18 -04:00
6f19af1542
add shebang /bin/sh
...
to fix lintian warning
security-misc: executable-not-elf-or-script usr/lib/dracut/modules.d/40sdmem-security-misc/wipe.sh
2022-06-29 09:35:08 -04:00
38cdf2722b
- Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks
...
- Confirm in console output if encrypted mounts (root disk) is unmounted. (Because that is a pre-condition for wiping the LUKS full disk encryption key from RAM.)
Thanks to @friedy10!
https://github.com/friedy10/dracut/tree/master/modules.d/40sdmem
https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596
2022-06-29 09:32:55 -04:00
2d37e3a1af
copyright
2022-05-20 14:46:38 -04:00
4fadaad8c0
lintian FHS
2021-08-03 12:52:10 -04:00
6607c1e4bd
move /usr/lib/helper-scripts and /usr/lib/curl-scripts to /usr/libexec/helper-scripts as per lintian FHS
2021-08-03 12:48:57 -04:00
240ec7672a
replace no longer required /usr/lib/security-misc/apt-get-wrapper with apt-get --error-on=any
2021-08-03 12:19:26 -04:00
bb3e65f7a8
bullseye
2021-08-03 03:25:35 -04:00
74e39cbf69
pam-abort-on-locked-password: more descriptive error handling
...
https://forums.whonix.org/t/restrict-root-access/7658/1
2021-06-20 11:18:56 -04:00
a67007f4b7
copyright
2021-03-17 09:45:21 -04:00
a1819e8cab
comment
2021-03-01 09:15:44 -05:00
4db7d6be64
hide-hardware-info: allow unrestricting selinuxfs
...
On SELinux systems, the /sys/fs/selinux directory must be visible to
userspace utilities in order to function properly.
2021-02-06 03:02:08 -05:00
af3244741d
comment
2021-01-29 23:15:52 -05:00
b0b7f569ee
comment
2021-01-28 02:11:54 -05:00
9622f28e25
skip counting failed login attempts from dovecot
...
Failed dovecot logins should not result in account getting locked.
revert "use pam_tally2 only for login"
2021-01-27 05:49:34 -05:00
c5097ed599
comment
2020-12-06 04:23:09 -05:00
c031f22995
SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists
...
`whitelists_disable_all=true`
2020-12-01 05:14:48 -05:00
b09cc0de6a
Revert "SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists"
...
This reverts commit 36a471ebce
2020-12-01 05:10:26 -05:00
36a471ebce
SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists
...
`whitelists_disable_all=true`
2020-12-01 05:02:34 -05:00
28a326a8a1
add feature /usr/lib/security-misc/permission-hardening-undo /path/to/filename
...
to allow removing 1 SUID
fix, show INFO message if file does not exist during removal rather than ERROR
2020-11-28 05:31:12 -05:00
abae787186
usability: pam abort when attempting to login to root when root password is locked
2020-11-05 06:47:16 -05:00
581e31af81
comment
2020-11-05 06:46:57 -05:00
dfe9b0f6c7
fix, no longer unconditionally abort pam for user accounts with locked passwords
...
as locked user accounts might have valid sudoers exceptions
Thanks to @mimp for the bug report!
https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521
2020-11-05 06:42:47 -05:00
211769dc65
comment
2020-11-05 06:41:51 -05:00
7952139731
comment
2020-11-05 06:39:32 -05:00
bb72c1278d
copyright
2020-11-05 06:36:39 -05:00
