|
|
b31d8cd3fc
|
fix
|
2019-12-20 03:03:40 -05:00 |
|
|
|
c626290673
|
refactoring
|
2019-12-20 03:02:26 -05:00 |
|
|
|
d5ff1d6f28
|
refactoring
|
2019-12-20 03:00:39 -05:00 |
|
|
|
640ca1d24d
|
skip symlinks
https://forums.whonix.org/t/kernel-hardening/7296/323?
|
2019-12-20 02:57:57 -05:00 |
|
|
|
cc8f795799
|
comment
|
2019-12-20 02:47:04 -05:00 |
|
|
|
4e5b222a08
|
comment
|
2019-12-20 02:43:33 -05:00 |
|
|
|
fa895ee11e
|
refactoring
|
2019-12-20 02:40:42 -05:00 |
|
|
|
2c163bf439
|
check string length of permission variable
https://forums.whonix.org/t/kernel-hardening/7296/322
|
2019-12-20 02:39:53 -05:00 |
|
|
|
a89befd902
|
code simplification
|
2019-12-20 02:20:54 -05:00 |
|
|
|
72812da63f
|
comment
|
2019-12-20 02:16:32 -05:00 |
|
|
|
39a41cc27b
|
refactoring
|
2019-12-20 02:14:45 -05:00 |
|
|
|
2ed6452590
|
downgrade to info
|
2019-12-20 02:12:43 -05:00 |
|
|
|
a5e55dfcfc
|
quotes
|
2019-12-20 02:11:39 -05:00 |
|
|
|
3187cee4fb
|
output
|
2019-12-20 02:10:13 -05:00 |
|
|
|
5160b4c781
|
disable xtrace
|
2019-12-20 02:08:05 -05:00 |
|
|
|
27bfe95d25
|
add echo wrapper
|
2019-12-20 02:07:49 -05:00 |
|
|
|
a6988f3fb8
|
output
|
2019-12-20 02:06:31 -05:00 |
|
|
|
1819577b88
|
fix
|
2019-12-20 02:04:34 -05:00 |
|
|
|
278c60c5a0
|
exit non-zero if some line cannot be parsed
therefore make systemd notice this
therefore allow the sysadmin to notice this
|
2019-12-20 02:01:36 -05:00 |
|
|
|
66bcba8313
|
improve character whitelisting
|
2019-12-20 01:58:35 -05:00 |
|
|
|
8f14e808a9
|
send error messages to stderr
|
2019-12-20 01:32:49 -05:00 |
|
|
|
d8c9fac2e5
|
output
|
2019-12-20 01:32:08 -05:00 |
|
|
|
f19abaf627
|
refactoring
|
2019-12-20 01:31:37 -05:00 |
|
|
|
3c2ca0257f
|
Support for removing SUID bits
|
2019-12-19 17:01:08 +00:00 |
|
|
|
4ca9fc5920
|
fix
|
2019-12-16 03:53:10 -05:00 |
|
|
|
f68efd53cf
|
remount /sys/kernel/security with nodev,nosuid[,noexec]
as suggested by @madaidan
http://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/238
|
2019-12-16 03:52:09 -05:00 |
|
|
|
729fa26eca
|
use pam_acccess only for /etc/pam.d/login
remove "Allow members of group 'ssh' to login."
remove "+:ssh:ALL EXCEPT LOCAL"
|
2019-12-12 09:00:08 -05:00 |
|
|
|
b72eb30056
|
quotes
|
2019-12-09 02:32:05 -05:00 |
|
|
|
c258376b7e
|
use read (built-in) rather than awk (external)
|
2019-12-09 02:31:10 -05:00 |
|
|
|
02165201ab
|
read -r; refactoring
as per https://mywiki.wooledge.org/BashFAQ/001
|
2019-12-09 02:23:43 -05:00 |
|
|
|
7467252122
|
quotes
|
2019-12-09 02:22:16 -05:00 |
|
|
|
61e19fa5f1
|
Create permission-hardening
|
2019-12-08 16:49:28 +00:00 |
|
|
|
50ac03363f
|
output
|
2019-12-08 03:18:32 -05:00 |
|
|
|
3bd0b3f837
|
notify when attempting to use ssh but user is member of group ssh
|
2019-12-08 03:10:41 -05:00 |
|
|
|
6846a94327
|
Check for more locations of System.map
|
2019-12-07 19:38:12 +00:00 |
|
|
|
668b6420de
|
Remove hyphen
|
2019-12-07 14:15:02 +00:00 |
|
|
|
9ba84f34c6
|
comment
|
2019-12-07 06:51:59 -05:00 |
|
|
|
dc1dfc8c20
|
output
|
2019-12-07 06:51:16 -05:00 |
|
|
|
532a1525c2
|
comment
|
2019-12-07 06:26:55 -05:00 |
|
|
|
14aa6c5077
|
comment
|
2019-12-07 06:26:23 -05:00 |
|
|
|
8b3f5a555b
|
add console lockdown to pam info output
|
2019-12-07 06:25:45 -05:00 |
|
|
|
5a4eda0d05
|
also support /usr/local/etc/remount-disable and /usr/local/etc/noexec
|
2019-12-07 01:53:33 -05:00 |
|
|
|
9b14f24d5e
|
refactoring
|
2019-12-06 11:17:32 -05:00 |
|
|
|
a6133f5912
|
output
|
2019-12-06 11:16:43 -05:00 |
|
|
|
c1ea35e2ef
|
output
|
2019-12-06 11:15:54 -05:00 |
|
|
|
4bec41379d
|
fix remount with noexec if /etc/noexec exists
|
2019-12-06 11:15:13 -05:00 |
|
|
|
470cad6e91
|
remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
|
2019-12-06 05:14:02 -05:00 |
|
|
|
aa5451c8cd
|
Lock user accounts after 50 rather than 100 failed login attempts.
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19
|
2019-11-25 01:39:53 -05:00 |
|
|
|
fe1f1b73a7
|
load jitterentropy_rng kernel module for better entropy collection
https://www.whonix.org/wiki/Dev/Entropy
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972
https://forums.whonix.org/t/jitterentropy-rngd/7204
|
2019-11-23 11:20:32 +00:00 |
|
|
|
74293bcd2f
|
output
|
2019-11-05 01:59:25 -05:00 |
|
