mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-13 09:19:32 +07:00
Code Issues Packages Projects Releases Wiki Activity
NaN Commits 4 Branches 456 Tags
2b40ea75e9c3f679fd09ae331a56f294c3ac7607
Commit Graph

782 Commits

Author SHA1 Message Date
Patrick Schleizer
cf5f0edbb8 Merge remote-tracking branch 'raja/sysctl' 2024-07-17 07:59:35 -04:00
Raja Grewal
39fd125eb0 Provide explanation on the disabling of IPv6 Privacy Extensions 2024-07-17 21:44:44 +10:00
Raja Grewal
693b47e623 Clarify ICMP redirect acceptance and sending 2024-07-17 14:58:30 +10:00
Raja Grewal
824d9b82e5 Uncomment redundant disabling of TCP FACK` 2024-07-17 00:36:18 +10:00
Raja Grewal
d1119c38b6 Apply changes from code review 2024-07-17 00:31:23 +10:00
Patrick Schleizer
6e63fc8985 Merge remote-tracking branch 'ben-grande/fuzz' 2024-07-15 17:14:25 -04:00
Raja Grewal
61941da375 Create disabled-intelpmt-by-security-misc 2024-07-15 22:38:09 +10:00
Raja Grewal
a8bc1144c3 Updated wording of error files for disabled modules 2024-07-15 21:10:13 +10:00
Raja Grewal
fda3832eaf Replace bash file presented for disabling of miscellaneous modules 2024-07-15 21:08:45 +10:00
Raja Grewal
c52b1a3fd2 Create disabled-miscellaneous-by-security-misc 2024-07-15 20:58:45 +10:00
Raja Grewal
1c2afc1f25 Update presentation of the kernel.printk sysctl 2024-07-15 15:01:48 +10:00
Raja Grewal
2b9e174c9d Remove empty lines 2024-07-14 16:22:52 +10:00
Raja Grewal
dd1741c4a1 Some documentation additions and fixes 2024-07-14 13:40:53 +10:00
Raja Grewal
565597c9a2 Minor documentation changes and fixes 2024-07-14 01:21:24 +10:00
Raja Grewal
2de3a79599 Refactor existing sysctl for clarity 2024-07-13 22:41:40 +10:00
Raja Grewal
f31dc8aebc Fix error in error script 2024-07-12 16:21:03 +10:00
Raja Grewal
b02230a783 Split modprobe into blacklisted and disabled configurations 2024-07-12 02:42:37 +10:00
Ben Grande
b7796a5334 Unify method to find SUID files 2024-07-11 11:04:22 +02:00
Raja Grewal
1bb843ec38 Update Copyright (C) to 2024 2024-05-11 13:18:36 +10:00
Patrick Schleizer
9b589bc311 comment 2024-05-10 06:49:34 -04:00
Patrick Schleizer
8d01fc2d35 chmod +x 2024-05-10 06:48:26 -04:00
Patrick Schleizer
547757f451 Merge pull request #220 from raja-grewal/block_gps 
Block Several GPS-related Modules
 2024-05-10 06:45:34 -04:00
raja-grewal
f3800a4e2b Create disabled-gps-by-security-misc 2024-05-09 02:25:46 +00:00
raja-grewal
132b41ae73 Revert logging of martians 2024-05-09 02:16:50 +00:00
Patrick Schleizer
7dba3fb7be no longer disable MSR by default 
fixes https://github.com/Kicksecure/security-misc/issues/215
 2024-04-01 02:56:27 -04:00
Patrick Schleizer
ecaa024f22 lower debugging 2024-03-18 11:01:56 -04:00
Patrick Schleizer
a5206bde33 proc-hidepid.service add gid=proc 
This allows users that are a member of the `proc` group to be excluded from `hidepid` protections.

https://github.com/Kicksecure/security-misc/issues/208
 2024-03-10 08:44:53 -04:00
Patrick Schleizer
6b76373395 fix panic-on-oops started every 10s in Qubes-Whonix 
by changing from a /etc/profile.d etc. related mechanism to start to a systemd unit file based approach

Thanks to @marmarek for the bug report!

https://forums.whonix.org/t/panic-on-oops-started-every-10s/19450
 2024-03-04 06:44:26 -05:00
Patrick Schleizer
808e72f24b use long options 
https://github.com/Kicksecure/security-misc/issues/172
 2024-02-26 08:11:26 -05:00
Patrick Schleizer
2d1d1b246f improve output 
https://github.com/Kicksecure/security-misc/issues/172
 2024-02-26 08:07:29 -05:00
Patrick Schleizer
d8f5376c4f improve output 
https://github.com/Kicksecure/security-misc/issues/172
 2024-02-26 07:58:06 -05:00
Patrick Schleizer
cf84762a3a improve output 
https://github.com/Kicksecure/security-misc/issues/172
 2024-02-26 07:52:41 -05:00
Patrick Schleizer
f2958bbfa5 comment 2024-02-26 07:49:30 -05:00
Patrick Schleizer
b23d167342 Merge pull request #204 from DanWin/sysfs-mount 
Make /sys hardening optional and allow access to /sys/fs to make polkit work
 2024-02-26 07:46:02 -05:00
Patrick Schleizer
d13d1aa7ec comments 2024-02-22 15:07:53 -05:00
Patrick Schleizer
c3dd178b19 output 2024-02-22 14:57:50 -05:00
Daniel Winzen
ef44ecea44 Add option to disabe /sys hardening 2024-02-22 17:27:46 +01:00
Daniel Winzen
3bc1765dbb Allow access to /sys/fs for polkit 2024-02-22 17:27:45 +01:00
Patrick Schleizer
37a7abdf0c ConditionKernelCommandLine=!remountsecure=0 2024-02-22 11:07:01 -05:00
Patrick Schleizer
c0924321b8 fix systemd unit ExecStart 2024-02-22 09:52:36 -05:00
Patrick Schleizer
6d7cf3c12a output 2024-02-22 09:49:48 -05:00
Patrick Schleizer
f7831db197 do not exit non-zero if folder does not exist 2024-02-22 09:17:41 -05:00
Patrick Schleizer
5bdd7b8475 output 2024-02-22 09:14:52 -05:00
Patrick Schleizer
44a15cd97d mount --make-private 
https://github.com/Kicksecure/security-misc/issues/172
 2024-02-22 09:13:56 -05:00
Patrick Schleizer
c0f98b05b6 comment 
https://github.com/Kicksecure/security-misc/pull/202
 2024-02-22 06:03:59 -05:00
Patrick Schleizer
1e1613aa93 allow /opt exec as usually optional binaries are placed there such as firefox 
https://github.com/Kicksecure/security-misc/pull/202
 2024-02-22 06:02:28 -05:00
Patrick Schleizer
7c7b4b24b4 fix home_noexec_maybe -> most_noexec_maybe 
https://github.com/Kicksecure/security-misc/pull/202
 2024-02-22 06:02:00 -05:00
Patrick Schleizer
38783faf60 add more bind mounts of mount options hardening 
as suggested in https://github.com/Kicksecure/security-misc/pull/202
 2024-02-22 05:58:53 -05:00
Patrick Schleizer
3048e0ac76 usrmerge 
https://github.com/Kicksecure/security-misc/issues/190
 2024-01-17 13:54:07 -05:00
Patrick Schleizer
0efee2f50f usrmerge 
fixes https://github.com/Kicksecure/security-misc/issues/190
 2024-01-17 13:39:56 -05:00