|
|
6f19af1542
|
add shebang /bin/sh
to fix lintian warning
security-misc: executable-not-elf-or-script usr/lib/dracut/modules.d/40sdmem-security-misc/wipe.sh
|
2022-06-29 09:35:08 -04:00 |
|
|
|
38cdf2722b
|
- Wipe LUKS Disk Encryption Key for Root Disk from RAM during Shutdown to defeat Cold Boot Attacks
- Confirm in console output if encrypted mounts (root disk) is unmounted. (Because that is a pre-condition for wiping the LUKS full disk encryption key from RAM.)
Thanks to @friedy10!
https://github.com/friedy10/dracut/tree/master/modules.d/40sdmem
https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix-cold-boot-attack-defense/5596
|
2022-06-29 09:32:55 -04:00 |
|
|
|
2d37e3a1af
|
copyright
|
2022-05-20 14:46:38 -04:00 |
|
|
|
4fadaad8c0
|
lintian FHS
|
2021-08-03 12:52:10 -04:00 |
|
|
|
6607c1e4bd
|
move /usr/lib/helper-scripts and /usr/lib/curl-scripts to /usr/libexec/helper-scripts as per lintian FHS
|
2021-08-03 12:48:57 -04:00 |
|
|
|
240ec7672a
|
replace no longer required /usr/lib/security-misc/apt-get-wrapper with apt-get --error-on=any
|
2021-08-03 12:19:26 -04:00 |
|
|
|
bb3e65f7a8
|
bullseye
|
2021-08-03 03:25:35 -04:00 |
|
|
|
74e39cbf69
|
pam-abort-on-locked-password: more descriptive error handling
https://forums.whonix.org/t/restrict-root-access/7658/1
|
2021-06-20 11:18:56 -04:00 |
|
|
|
a67007f4b7
|
copyright
|
2021-03-17 09:45:21 -04:00 |
|
|
|
a1819e8cab
|
comment
|
2021-03-01 09:15:44 -05:00 |
|
|
|
4db7d6be64
|
hide-hardware-info: allow unrestricting selinuxfs
On SELinux systems, the /sys/fs/selinux directory must be visible to
userspace utilities in order to function properly.
|
2021-02-06 03:02:08 -05:00 |
|
|
|
af3244741d
|
comment
|
2021-01-29 23:15:52 -05:00 |
|
|
|
b0b7f569ee
|
comment
|
2021-01-28 02:11:54 -05:00 |
|
|
|
9622f28e25
|
skip counting failed login attempts from dovecot
Failed dovecot logins should not result in account getting locked.
revert "use pam_tally2 only for login"
|
2021-01-27 05:49:34 -05:00 |
|
|
|
c5097ed599
|
comment
|
2020-12-06 04:23:09 -05:00 |
|
|
|
c031f22995
|
SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists
`whitelists_disable_all=true`
|
2020-12-01 05:14:48 -05:00 |
|
|
|
b09cc0de6a
|
Revert "SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists"
This reverts commit 36a471ebce.
|
2020-12-01 05:10:26 -05:00 |
|
|
|
36a471ebce
|
SUID Disabler and Permission Hardener: introduce configuration option to disable all whitelists
`whitelists_disable_all=true`
|
2020-12-01 05:02:34 -05:00 |
|
|
|
28a326a8a1
|
add feature /usr/lib/security-misc/permission-hardening-undo /path/to/filename
to allow removing 1 SUID
fix, show INFO message if file does not exist during removal rather than ERROR
|
2020-11-28 05:31:12 -05:00 |
|
|
|
abae787186
|
usability: pam abort when attempting to login to root when root password is locked
|
2020-11-05 06:47:16 -05:00 |
|
|
|
581e31af81
|
comment
|
2020-11-05 06:46:57 -05:00 |
|
|
|
dfe9b0f6c7
|
fix, no longer unconditionally abort pam for user accounts with locked passwords
as locked user accounts might have valid sudoers exceptions
Thanks to @mimp for the bug report!
https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521
|
2020-11-05 06:42:47 -05:00 |
|
|
|
211769dc65
|
comment
|
2020-11-05 06:41:51 -05:00 |
|
|
|
7952139731
|
comment
|
2020-11-05 06:39:32 -05:00 |
|
|
|
bb72c1278d
|
copyright
|
2020-11-05 06:36:39 -05:00 |
|
|
|
1188a44f47
|
port to python 3.7
|
2020-04-04 16:49:30 -04:00 |
|
|
|
2ceea8d1fe
|
update copyright year
|
2020-04-01 08:49:59 -04:00 |
|
|
|
9bbae903fe
|
remove-system.map: lower verbosity output
|
2020-02-15 05:29:48 -05:00 |
|
|
|
31009f0bfa
|
Shred System.map files
|
2020-02-14 23:46:19 +00:00 |
|
|
|
1f6ed2cc70
|
add support for passing parameters to usr/lib/security-misc/apt-get-update
|
2020-02-03 08:55:20 -05:00 |
|
|
|
8627c9f76d
|
/usr/lib/security-misc/apt-get-update increase default timeout_after="600"
|
2020-01-31 12:18:02 -05:00 |
|
|
|
829e28aa90
|
/usr/lib/security-misc/apt-get-update environment variable timeout_after kill_after support
|
2020-01-31 12:17:07 -05:00 |
|
|
|
d4a37b6df2
|
remove-system.map: source /usr/lib/helper-scripts/pre.bsh
|
2020-01-24 03:18:17 -05:00 |
|
|
|
18041efa2f
|
fix pam tally2 check when read-only disk boot without ro-mode-init or grub-live
|
2020-01-21 10:01:17 -05:00 |
|
|
|
5031e7cc4b
|
better output if trying to login with non-existing user
|
2019-12-31 08:18:38 -05:00 |
|
|
|
20697db3ee
|
improve console lockdown info output
|
2019-12-31 02:53:02 -05:00 |
|
|
|
788914de95
|
group ssh check was removed
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/27
|
2019-12-31 02:46:32 -05:00 |
|
|
|
1a0f7a7733
|
debugging
|
2019-12-29 04:43:32 -05:00 |
|
|
|
5271892cb1
|
debugging
|
2019-12-29 04:42:54 -05:00 |
|
|
|
683028049c
|
debugging
|
2019-12-29 04:41:23 -05:00 |
|
|
|
e3e1ff2a31
|
exit with error if a config line cannot be processed rather than skipping
https://forums.whonix.org/t/disable-suid-binaries/7706/59
|
2019-12-29 04:35:46 -05:00 |
|
|
|
d5c99f3a60
|
output
|
2019-12-29 04:27:21 -05:00 |
|
|
|
04f438f75d
|
comment
|
2019-12-24 18:09:37 -05:00 |
|
|
|
9da0e428ed
|
debugging
|
2019-12-24 17:54:31 -05:00 |
|
|
|
e18ec533c3
|
comment
|
2019-12-24 17:54:02 -05:00 |
|
|
|
f8f2e6c704
|
fix disablewhitelist feature
|
2019-12-23 02:35:13 -05:00 |
|
|
|
47ddcad0c0
|
rename keyword whitelist to exactwhitelist
add new keyword disablewhitelist
refactoring
|
2019-12-23 02:29:47 -05:00 |
|
|
|
34bf245713
|
output
|
2019-12-23 01:35:45 -05:00 |
|
|
|
ba30e45d15
|
output
|
2019-12-23 01:32:42 -05:00 |
|
|
|
ee9c5742da
|
output
|
2019-12-23 01:29:48 -05:00 |
|
