Commit Graph

133 Commits

Author SHA1 Message Date
3bf1f26c0b downgrade warning of non-existing folders to info
to avoid all users by default getting a warning for expected non-existing folders
2024-07-24 11:20:26 -04:00
151ca659a9 output 2024-07-24 11:19:15 -04:00
c9fd2ceb61 downgrade warning of non-existing files to info
to avoid all users by default getting a warning for expected non-existing files
2024-07-24 11:13:35 -04:00
721392901b remove duplicate test 2024-07-24 11:12:39 -04:00
9712b5b4e3 output 2024-07-24 11:12:18 -04:00
00911df5c1 modify call of stat to use NUL delimiter
for more robust string parsing
2024-07-24 11:10:56 -04:00
d536683511 local clean_output_prefix clean_output 2024-07-24 11:03:28 -04:00
a6e517736b local stat_output 2024-07-24 11:02:25 -04:00
ced02fb9e0 add sanity test for file_name output from stat 2024-07-24 11:01:24 -04:00
b9dfe70a01 check first if file_name is empty 2024-07-24 10:58:05 -04:00
1cbda79981 check first if array is empty before parsing further 2024-07-24 10:57:13 -04:00
a077ae54ea modify call of stat to use NUL delimiter
for more robust string parsing
2024-07-24 10:56:08 -04:00
7200e9bd8c output 2024-07-24 09:15:02 -04:00
1b6161c2dc Merge remote-tracking branch 'ben-grande/fuzz' 2024-07-24 09:13:48 -04:00
8be21b6eff Handle newlines in file names 2024-07-23 19:36:12 +02:00
aa99de68d3 Log output with defined levels 2024-07-23 18:50:16 +02:00
06fbcdac1d Prettify log messages 2024-07-23 09:55:02 +02:00
7ee1ea2cc7 Unify functions that evaluate commands 2024-07-22 17:06:07 +02:00
9c3566f524 Delimit file names with null terminator 2024-07-22 16:56:42 +02:00
8f3896c3da Upgrade hyperlinks to HTTPS 2024-07-17 23:44:37 +10:00
df80385289 Merge pull request #237 from raja-grewal/intel_pmt
Disable some Intel PMT kernel modules
2024-07-17 09:04:18 -04:00
6e63fc8985 Merge remote-tracking branch 'ben-grande/fuzz' 2024-07-15 17:14:25 -04:00
61941da375 Create disabled-intelpmt-by-security-misc 2024-07-15 22:38:09 +10:00
a8bc1144c3 Updated wording of error files for disabled modules 2024-07-15 21:10:13 +10:00
fda3832eaf Replace bash file presented for disabling of miscellaneous modules 2024-07-15 21:08:45 +10:00
c52b1a3fd2 Create disabled-miscellaneous-by-security-misc 2024-07-15 20:58:45 +10:00
f31dc8aebc Fix error in error script 2024-07-12 16:21:03 +10:00
b02230a783 Split modprobe into blacklisted and disabled configurations 2024-07-12 02:42:37 +10:00
b7796a5334 Unify method to find SUID files 2024-07-11 11:04:22 +02:00
1bb843ec38 Update Copyright (C) to 2024 2024-05-11 13:18:36 +10:00
8d01fc2d35 chmod +x 2024-05-10 06:48:26 -04:00
f3800a4e2b Create disabled-gps-by-security-misc 2024-05-09 02:25:46 +00:00
7dba3fb7be no longer disable MSR by default
fixes https://github.com/Kicksecure/security-misc/issues/215
2024-04-01 02:56:27 -04:00
d13d1aa7ec comments 2024-02-22 15:07:53 -05:00
c3dd178b19 output 2024-02-22 14:57:50 -05:00
6d7cf3c12a output 2024-02-22 09:49:48 -05:00
f7831db197 do not exit non-zero if folder does not exist 2024-02-22 09:17:41 -05:00
5bdd7b8475 output 2024-02-22 09:14:52 -05:00
44a15cd97d mount --make-private
https://github.com/Kicksecure/security-misc/issues/172
2024-02-22 09:13:56 -05:00
c0f98b05b6 comment
https://github.com/Kicksecure/security-misc/pull/202
2024-02-22 06:03:59 -05:00
1e1613aa93 allow /opt exec as usually optional binaries are placed there such as firefox
https://github.com/Kicksecure/security-misc/pull/202
2024-02-22 06:02:28 -05:00
7c7b4b24b4 fix home_noexec_maybe -> most_noexec_maybe
https://github.com/Kicksecure/security-misc/pull/202
2024-02-22 06:02:00 -05:00
38783faf60 add more bind mounts of mount options hardening
as suggested in https://github.com/Kicksecure/security-misc/pull/202
2024-02-22 05:58:53 -05:00
0efee2f50f usrmerge
fixes https://github.com/Kicksecure/security-misc/issues/190
2024-01-17 13:39:56 -05:00
3ba8fe586e update permission-hardener.service
Which is now only an additional opt-in systemd unit,
because permission-hardener is run by default at security-misc
package installation time.

https://github.com/Kicksecure/security-misc/pull/181
2024-01-16 09:23:54 -05:00
bc02c72018 Fix unbound variable
- Run messages preceded by INFO;
- Comment unknown unused variables;
- Remove unnecessary variables; and
- Deal with unbound variable due to subshell by writing to a file;
2024-01-02 17:08:45 +01:00
abf72c2ee4 Rename file permission hardening script
Hardener as the script is the agent that is hardening the file
permissions.
2024-01-02 13:34:29 +01:00
f138cf0f78 Refactor permission-hardener
- Organize comments from default configuration;
- Apply and undo changes from a single file controlled by parameters;
- Arrays should be evaluated as arrays and not normal variables;
- Quote variables;
- Brackets around variables;
- Standardize test cases to "test" command;
- Test against empty or non-empty variables with "-z" and "-n";
- Show a usage message when necessary;
- Require root to run the script with informative message;
- Permit the user to see the help message without running as root;
- Do not create root directories without passing root check;
- Use long options for "set" command;
2024-01-02 12:17:16 +01:00
b0dd967611 usrmerge
https://github.com/Kicksecure/security-misc/issues/157
2023-12-25 09:28:08 -05:00
a1e00be0e0 update link 2023-11-06 16:58:23 -05:00