mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-14 01:42:01 +07:00
Code Issues Packages Projects Releases Wiki Activity
NaN Commits 4 Branches 456 Tags
2b40ea75e9c3f679fd09ae331a56f294c3ac7607
Commit Graph

150 Commits

Author SHA1 Message Date
Patrick Schleizer
d13d1aa7ec comments 2024-02-22 15:07:53 -05:00
Patrick Schleizer
c3dd178b19 output 2024-02-22 14:57:50 -05:00
Patrick Schleizer
6d7cf3c12a output 2024-02-22 09:49:48 -05:00
Patrick Schleizer
f7831db197 do not exit non-zero if folder does not exist 2024-02-22 09:17:41 -05:00
Patrick Schleizer
5bdd7b8475 output 2024-02-22 09:14:52 -05:00
Patrick Schleizer
44a15cd97d mount --make-private 
https://github.com/Kicksecure/security-misc/issues/172
 2024-02-22 09:13:56 -05:00
Patrick Schleizer
c0f98b05b6 comment 
https://github.com/Kicksecure/security-misc/pull/202
 2024-02-22 06:03:59 -05:00
Patrick Schleizer
1e1613aa93 allow /opt exec as usually optional binaries are placed there such as firefox 
https://github.com/Kicksecure/security-misc/pull/202
 2024-02-22 06:02:28 -05:00
Patrick Schleizer
7c7b4b24b4 fix home_noexec_maybe -> most_noexec_maybe 
https://github.com/Kicksecure/security-misc/pull/202
 2024-02-22 06:02:00 -05:00
Patrick Schleizer
38783faf60 add more bind mounts of mount options hardening 
as suggested in https://github.com/Kicksecure/security-misc/pull/202
 2024-02-22 05:58:53 -05:00
Patrick Schleizer
0efee2f50f usrmerge 
fixes https://github.com/Kicksecure/security-misc/issues/190
 2024-01-17 13:39:56 -05:00
Patrick Schleizer
3ba8fe586e update permission-hardener.service 
Which is now only an additional opt-in systemd unit,
because permission-hardener is run by default at security-misc
package installation time.

https://github.com/Kicksecure/security-misc/pull/181
 2024-01-16 09:23:54 -05:00
Ben Grande
bc02c72018 Fix unbound variable 
- Run messages preceded by INFO;
- Comment unknown unused variables;
- Remove unnecessary variables; and
- Deal with unbound variable due to subshell by writing to a file;
 2024-01-02 17:08:45 +01:00
Ben Grande
abf72c2ee4 Rename file permission hardening script 
Hardener as the script is the agent that is hardening the file
permissions.
 2024-01-02 13:34:29 +01:00
Ben Grande
f138cf0f78 Refactor permission-hardener 
- Organize comments from default configuration;
- Apply and undo changes from a single file controlled by parameters;
- Arrays should be evaluated as arrays and not normal variables;
- Quote variables;
- Brackets around variables;
- Standardize test cases to "test" command;
- Test against empty or non-empty variables with "-z" and "-n";
- Show a usage message when necessary;
- Require root to run the script with informative message;
- Permit the user to see the help message without running as root;
- Do not create root directories without passing root check;
- Use long options for "set" command;
 2024-01-02 12:17:16 +01:00
Patrick Schleizer
b0dd967611 usrmerge 
https://github.com/Kicksecure/security-misc/issues/157
 2023-12-25 09:28:08 -05:00
Patrick Schleizer
a1e00be0e0 update link 2023-11-06 16:58:23 -05:00
Patrick Schleizer
df5f3e8056 output 2023-11-06 16:36:22 -05:00
Patrick Schleizer
4219347f0a fix permission-hardener config parsing issue 2023-11-05 16:43:44 -05:00
Patrick Schleizer
e72f79236b refactoring 2023-11-05 16:41:41 -05:00
Patrick Schleizer
dea0d9a78a fix permission-hardener config parsing issue 2023-11-05 16:40:49 -05:00
Patrick Schleizer
017ae18ad7 fix permission-hardener config parsing issue 2023-11-05 16:39:10 -05:00
Patrick Schleizer
65e3c14643 fix permission-hardener config parsing issue 2023-11-05 16:35:11 -05:00
Patrick Schleizer
4a19fbae0b move permission-hardening to /usr/bin to make it more easily accessible 2023-11-05 15:13:01 -05:00
Patrick Schleizer
1123d23114 remount-secure: disable debugging to save space in initrd 2023-10-26 18:45:07 -04:00
monsieuremre
f0857fd560 Fix double mount issue for /var/log and /var/tmp 
Mounting var with bind and mounting a subdirectory causes /var/tmp and /var/log bind mounted twice each. can be checked with lsblk. When we bind mount var only after having mounted the subdirectories, everything is mounted only one.
 2023-10-23 15:33:05 +00:00
Patrick Schleizer
d2e8a6dad3 debugging 2023-10-22 19:21:51 -04:00
Patrick Schleizer
e7aafd64d4 refactoring 2023-10-22 19:16:12 -04:00
Patrick Schleizer
d521662d04 comment 2023-10-22 16:49:36 -04:00
Patrick Schleizer
0e80acf38d fix 2023-10-22 16:45:10 -04:00
Patrick Schleizer
5182d7502b improve remount-secure 2023-10-22 16:08:21 -04:00
Patrick Schleizer
a88c0a3ad2 fix 2023-10-22 15:44:30 -04:00
Patrick Schleizer
a7629b98cf fix 2023-10-22 15:40:49 -04:00
Patrick Schleizer
7112eac3be output 2023-10-22 15:37:21 -04:00
Patrick Schleizer
f80b5fe376 fix 2023-10-22 15:36:16 -04:00
Patrick Schleizer
ce0babce21 comment 2023-10-22 15:35:03 -04:00
Patrick Schleizer
70cbe4daaa fix 2023-10-22 15:33:11 -04:00
Patrick Schleizer
9b9e9ce1c0 fix 2023-10-22 15:27:01 -04:00
Patrick Schleizer
3731716a49 fix 2023-10-22 15:14:22 -04:00
Patrick Schleizer
eec87a0508 fix 2023-10-22 15:11:26 -04:00
Patrick Schleizer
f3286cf440 fix 2023-10-22 15:10:21 -04:00
Patrick Schleizer
eb90d38d8c fix 2023-10-22 15:05:33 -04:00
Patrick Schleizer
7f03c2b137 fix 2023-10-22 14:45:45 -04:00
Patrick Schleizer
c85db586ca improve 2023-10-22 14:44:58 -04:00
Patrick Schleizer
7c0ea4324a fix 2023-10-22 14:39:52 -04:00
Patrick Schleizer
6198ae317c fix 2023-10-22 14:29:02 -04:00
Patrick Schleizer
245fad0986 fix 2023-10-22 14:00:06 -04:00
Patrick Schleizer
619f1705e1 output 2023-10-22 13:58:55 -04:00
Patrick Schleizer
e689f38ad0 todo 2023-10-22 13:31:44 -04:00
Patrick Schleizer
6675a2e931 fix 2023-10-22 13:30:50 -04:00