mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-13 09:19:32 +07:00
Code Issues Packages Projects Releases Wiki Activity
NaN Commits 4 Branches 456 Tags
305467c652af933bb5aa5a677b10a992a5f19cab
Commit Graph

482 Commits

Author SHA1 Message Date
Raja Grewal
565597c9a2 Minor documentation changes and fixes 2024-07-14 01:21:24 +10:00
Raja Grewal
2de3a79599 Refactor existing sysctl for clarity 2024-07-13 22:41:40 +10:00
Raja Grewal
1bb843ec38 Update Copyright (C) to 2024 2024-05-11 13:18:36 +10:00
Patrick Schleizer
9b589bc311 comment 2024-05-10 06:49:34 -04:00
raja-grewal
132b41ae73 Revert logging of martians 2024-05-09 02:16:50 +00:00
Patrick Schleizer
a5206bde33 proc-hidepid.service add gid=proc 
This allows users that are a member of the `proc` group to be excluded from `hidepid` protections.

https://github.com/Kicksecure/security-misc/issues/208
 2024-03-10 08:44:53 -04:00
Patrick Schleizer
6b76373395 fix panic-on-oops started every 10s in Qubes-Whonix 
by changing from a /etc/profile.d etc. related mechanism to start to a systemd unit file based approach

Thanks to @marmarek for the bug report!

https://forums.whonix.org/t/panic-on-oops-started-every-10s/19450
 2024-03-04 06:44:26 -05:00
Patrick Schleizer
37a7abdf0c ConditionKernelCommandLine=!remountsecure=0 2024-02-22 11:07:01 -05:00
Patrick Schleizer
c0924321b8 fix systemd unit ExecStart 2024-02-22 09:52:36 -05:00
Patrick Schleizer
0efee2f50f usrmerge 
fixes https://github.com/Kicksecure/security-misc/issues/190
 2024-01-17 13:39:56 -05:00
Patrick Schleizer
1199871d7b undo IPv6 privacy due to potential server issues 
https://github.com/Kicksecure/security-misc/issues/184
 2024-01-07 06:37:34 -05:00
Patrick Schleizer
128bb01b35 undo IPv6 privacy due to potential server issues 
https://github.com/Kicksecure/security-misc/issues/184
 2024-01-07 06:36:25 -05:00
Patrick Schleizer
3f1304403f disable MAC randomization in Network Manager (NM) because it breaks VirtualBox DHCP 
https://github.com/Kicksecure/security-misc/issues/184
 2024-01-06 08:15:31 -05:00
Raja Grewal
74afcc9c63 Clarify validity of disabling io_uring 2024-01-03 17:52:23 +11:00
Raja Grewal
f055fe5da2 Disable asynchronous I/O 
io_uring creation is disabled for all processes. io_uring_setup always fails with -EPERM. Existing io_uring instances can still be used.
 2023-12-15 08:33:36 +00:00
Patrick Schleizer
5a73817a95 move to /usr/lib/issue.d/20_security-misc.issue 
https://github.com/Kicksecure/security-misc/pull/167
 2023-12-04 11:38:49 -05:00
Patrick Schleizer
dc04040cb3 typo 2023-12-04 10:36:48 -05:00
Patrick Schleizer
2634dbff2b shuffle 2023-12-04 10:36:21 -05:00
Patrick Schleizer
d4494fd3c3 disable remount-secure dracut modules 
pending new systemd based implementation

https://github.com/Kicksecure/security-misc/pull/152
 2023-11-05 15:27:09 -05:00
Patrick Schleizer
55ba5d4832 renamed: usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf -> usr/lib/NetworkManager/conf.d/80_ipv6-privacy.conf 
renamed:    usr/lib/NetworkManager/conf.d/99_randomize-mac.conf -> usr/lib/NetworkManager/conf.d/80_randomize-mac.conf
renamed:    usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf -> usr/lib/systemd/networkd.conf.d/80_ipv6-privacy-extensions.conf
 2023-11-05 14:51:31 -05:00
Patrick Schleizer
5a75bcfb19 Merge pull request #145 from monsieuremre/wifi-and-bluetooth 
Wifi and Bluetooth Patch | Security and Privacy
 2023-11-05 14:49:00 -05:00
monsieuremre
ac224b270a disable sysrq 2023-11-02 13:01:55 +00:00
monsieuremre
229032d691 Rename etc/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf to usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf 2023-11-01 17:54:05 +00:00
monsieuremre
1049298e7b Update and rename etc/NetworkManager/conf.d/99_randomize-mac.conf to usr/lib/NetworkManager/conf.d/99_randomize-mac.conf 2023-11-01 17:52:40 +00:00
monsieuremre
76e684cc0a Update and rename etc/NetworkManager/conf.d/99_ipv6-privacy.conf to usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf 2023-11-01 17:51:27 +00:00
monsieuremre
c975c3c0ff new lines 990-security-misc.conf 
added new recommended hardening settings with comments
 2023-10-27 11:07:53 +00:00
Patrick Schleizer
1123d23114 remount-secure: disable debugging to save space in initrd 2023-10-26 18:45:07 -04:00
Patrick Schleizer
e5d989af5a comment 2023-10-26 12:04:13 -04:00
Patrick Schleizer
6a22351d29 renamed: usr/lib/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/990-security-misc.conf 2023-10-25 17:30:07 -04:00
Patrick Schleizer
b7c52800f4 renamed: etc/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/30_security-misc.conf 
renamed:    etc/sysctl.d/30_security-misc_kexec-disable.conf -> usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
renamed:    etc/sysctl.d/30_silent-kernel-printk.conf -> usr/lib/sysctl.d/30_silent-kernel-printk.conf
 2023-10-25 17:28:43 -04:00
Patrick Schleizer
5182d7502b improve remount-secure 2023-10-22 16:08:21 -04:00
Patrick Schleizer
52fa7db087 output 2023-10-22 13:57:38 -04:00
Patrick Schleizer
8a592c2e37 fix remountsecure kernel parameter logic 2023-10-22 13:56:17 -04:00
Patrick Schleizer
4288e10554 fix, rework remount-secure kernel parameters parsing 2023-10-22 13:25:31 -04:00
Patrick Schleizer
b0181af099 fix 2023-10-22 13:12:25 -04:00
Patrick Schleizer
28cb53341d remount-secure dracut module: improve output 2023-10-22 13:11:44 -04:00
Patrick Schleizer
84ca0ac8a0 improve remount-secure 2023-10-22 12:54:25 -04:00
Patrick Schleizer
d5cb7ecec9 use findmnt 2023-10-22 10:22:21 -04:00
Patrick Schleizer
b81a991731 fix 2023-10-22 10:15:11 -04:00
Patrick Schleizer
bb57b1a289 fix 2023-10-22 10:10:51 -04:00
Patrick Schleizer
33d97a2560 improve output of remount-secure dracut module 2023-10-22 09:39:54 -04:00
Patrick Schleizer
c409e3221e implement remount-secure 2023-10-22 09:36:03 -04:00
Patrick Schleizer
90f2b5e11c code simplification 2023-10-22 08:51:37 -04:00
Patrick Schleizer
e065f85c88 add remount-secure dracut module 2023-10-22 08:10:48 -04:00
Raja Grewal
7a4212dd76 Update copyright 2023-03-30 17:08:47 +11:00
Patrick Schleizer
7bda2ad3e8 move ram-wipe scripts to dedicated ram-wipe package 2023-01-24 06:34:17 -05:00
Patrick Schleizer
d769099db1 use warn instead of info for now 
because dracut does not show info messages when kernel parameter quiet is set
 2023-01-09 05:34:07 -05:00
Patrick Schleizer
2fd302f580 output 2023-01-07 18:02:21 -05:00
Patrick Schleizer
080abe574b output 2023-01-07 17:48:21 -05:00
Patrick Schleizer
5689c07f97 comment 2023-01-07 17:37:46 -05:00