1dbca1ea2d
add usr/bin/hardening-enable
2019-12-08 02:27:09 -05:00
24423b42f0
description
2019-12-08 02:03:05 -05:00
6b01e5be14
comment
2019-12-08 02:01:22 -05:00
66bebefc9f
description
2019-12-08 02:00:23 -05:00
52e0f104cc
comment
2019-12-08 01:59:55 -05:00
731d486fa0
refactoring
2019-12-08 01:58:58 -05:00
221a2df2a2
refactoring
2019-12-08 01:58:37 -05:00
b871421a54
usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc
2019-12-08 01:57:43 -05:00
d36669596f
comment
2019-12-08 01:56:30 -05:00
1a0f353708
comment
2019-12-08 01:47:40 -05:00
eed1f0a462
comment
2019-12-08 01:46:32 -05:00
2491b62393
refactoring, add all groups first before adding any users to any groups
2019-12-08 01:43:45 -05:00
1464f01d19
description
2019-12-08 01:30:42 -05:00
c1800b13fe
separate group "ssh" for incoming ssh console permission
...
Thanks to @madaidan
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16
2019-12-07 11:26:39 -05:00
55225aa30e
description
2019-12-07 07:16:07 -05:00
34a2bc16c8
description
2019-12-07 07:15:58 -05:00
d823f06c78
description
2019-12-07 07:13:42 -05:00
090ddbe96a
description
2019-12-07 06:00:41 -05:00
6479c883bf
Console Lockdown.
...
Allow members of group 'console' to use tty1 to tty7. Everyone else except
members of group 'console-unrestricted' are restricted from using console
using ancient, unpopular login methods such as using /bin/login over networks,
which might be exploitable. (CVE-2001-0797)
Not enabled by default in this package since this package does not know which
users shall be added to group 'console'.
In new Whonix builds, user 'user" will be added to group 'console' and
pam console-lockdown enabled by package anon-base-files.
/usr/share/pam-configs/console-lockdown
/etc/security/access-security-misc.conf
https://forums.whonix.org/t/etc-security-hardening/8592
2019-12-07 05:40:20 -05:00
52934c9288
bumped changelog version
2019-12-07 02:02:32 -05:00
6d92d03b31
description
2019-12-07 01:54:50 -05:00
0afcc5e798
bumped changelog version
2019-12-06 12:43:21 -05:00
af0cf058e7
bumped changelog version
2019-12-06 11:18:20 -05:00
bff425fec2
bumped changelog version
2019-12-06 09:32:18 -05:00
470cad6e91
remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
...
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
2019-12-06 05:14:02 -05:00
af9e19c51f
Update control
2019-12-05 20:14:55 +00:00
0c25a96b59
description / comments
2019-12-03 02:18:32 -05:00
8d63da3cef
Update control
2019-12-02 16:46:12 +00:00
6ca48fffdc
bumped changelog version
2019-11-28 10:22:41 -05:00
25aed91eb1
description
2019-11-28 09:20:46 -05:00
0c4e5df3e0
description
2019-11-28 09:18:05 -05:00
5ac2a6f9ac
description
2019-11-28 09:17:32 -05:00
ff3412fbe0
fix, make sure to undo pam changes on package removal
...
Thanks to minimal for the bug report!
https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/11
2019-11-27 10:22:31 -05:00
9091f69edd
bumped changelog version
2019-11-25 08:51:36 +00:00
aa5451c8cd
Lock user accounts after 50 rather than 100 failed login attempts.
...
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19
2019-11-25 01:39:53 -05:00
6277db1383
bumped changelog version
2019-11-23 14:07:45 +00:00
fe1f1b73a7
load jitterentropy_rng kernel module for better entropy collection
...
https://www.whonix.org/wiki/Dev/Entropy
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972
https://forums.whonix.org/t/jitterentropy-rngd/7204
2019-11-23 11:20:32 +00:00
e76e1475b0
comment
2019-11-22 12:24:35 -05:00
a99dfd067a
bumped changelog version
2019-11-19 15:31:55 +00:00
8ad8dbea5a
bumped changelog version
2019-11-18 19:16:16 +00:00
d1d61b106b
bumped changelog version
2019-11-09 18:44:50 +00:00
6b7df973f6
bumped changelog version
2019-11-09 12:57:45 +00:00
6e28774f95
bumped changelog version
2019-11-09 12:23:15 +00:00
b55c2fd62e
Enables punycode (network.IDN_show_punycode) by default in Thunderbird
...
to make phising attacks more difficult. Fixing URL not showing real Domain
Name (Homograph attack).
https://forums.whonix.org/t/enable-network-idn-show-punycode-by-default-in-thunderbird-to-fix-url-not-showing-real-domain-name-homograph-attack-punycode/8415
2019-11-03 02:50:51 -05:00
bf62306d4f
bumped changelog version
2019-10-31 16:34:35 +00:00
6e5d8b357d
bumped changelog version
2019-10-31 16:06:51 +00:00
203d5cfa68
copyright
2019-10-31 11:19:44 -04:00
0699747fcb
Debian packaging
2019-10-28 14:24:37 +00:00
fe4e29d392
Depend on dh-apparmor
2019-10-28 14:22:47 +00:00
d832ab91bd
bumped changelog version
2019-10-23 10:22:03 +00:00
