security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-22 20:23:35 +07:00

Author	SHA1	Message	Date
Patrick Schleizer	721b100fb6	bumped changelog version	2024-12-19 10:58:50 +00:00
Patrick Schleizer	175b442d5b	use long option name	2024-12-19 05:56:50 -05:00
Patrick Schleizer	c99021bb0c	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sysmaint'	2024-12-19 05:56:01 -05:00
Patrick Schleizer	95b535764c	bumped changelog version	2024-12-19 09:43:26 +00:00
Patrick Schleizer	daf0a0900b	fix apt-get-update for non-English locale https://forums.kicksecure.com/t/systemcheck-reports-warning-debian-package-update-check-result-apt-get-reports-that-packages-can-be-updated-but-system-is-already-fully-upgraded/785	2024-12-19 04:39:34 -05:00
Patrick Schleizer	e9a5b14a0d	bumped changelog version	2024-12-19 06:57:42 +00:00
Patrick Schleizer	3135a03e21	Merge remote-tracking branch 'github-kicksecure/master'	2024-12-19 00:34:56 -05:00
Patrick Schleizer	c7f7196471	Merge pull request #287 from raja-grewal/patch Refactor and add two CPU mitigations	2024-12-19 00:31:25 -05:00
Patrick Schleizer	f0c611d9ed	comment	2024-12-19 00:18:25 -05:00
Patrick Schleizer	4f681be774	Merge remote-tracking branch 'github-kicksecure/master'	2024-12-19 00:17:44 -05:00
Patrick Schleizer	e5b67e044b	Merge pull request #279 from raja-grewal/arp Provide network-related hardening options via `sysctl`'s	2024-12-19 00:15:02 -05:00
Patrick Schleizer	4cf5757575	Merge pull request #282 from ArrayBolt3/arraybolt3/umask Enable umask hardening	2024-12-19 00:08:56 -05:00
Aaron Rainbolt	9d69cd1912	Add sysmaint account lock detection	2024-12-18 21:34:37 -06:00
raja-grewal	3749f8ff09	Update presentation on user namespaces	2024-12-18 03:36:09 +00:00
raja-grewal	0dff2cd28f	Minor additions	2024-12-18 03:32:35 +00:00
raja-grewal	3e96fdd9cc	Enable `kvm.mitigate_smt_rsb=1`	2024-12-17 11:44:11 +00:00
raja-grewal	45355aabdc	Enable `kvm-intel.vmentry_l1d_flush=always`	2024-12-17 11:42:52 +00:00
raja-grewal	defba1f245	Refactor CPU mitigations	2024-12-17 11:42:03 +00:00
raja-grewal	943c421889	Minor refactoring	2024-12-17 11:40:38 +00:00
raja-grewal	ca3a73ac13	Typo	2024-12-17 11:37:10 +00:00
Aaron Rainbolt	4c3ca68453	Disable unnecessary sudoers exceptions	2024-12-16 02:56:52 -05:00
Patrick Schleizer	9d06341c91	Merge pull request #285 from Kicksecure/permission-hardener-mount Permission Hardener: treat mount same as umount	2024-12-14 15:18:56 -05:00
raja-grewal	c116796854	`arp_ignore`: Add reference to 2024-12-10 Mullvad VPN audit details	2024-12-12 06:36:47 +00:00
Patrick Schleizer	a9dd592a8b	bumped changelog version	2024-12-10 19:19:10 +00:00
Patrick Schleizer	58722324ec	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/no-recovery-mode'	2024-12-10 14:18:50 -05:00
Patrick Schleizer	518224b8cf	bumped changelog version	2024-12-10 19:17:10 +00:00
Aaron Rainbolt	439fa7f3be	Harden/disable recovery mode options	2024-12-08 03:42:54 -06:00
Patrick Schleizer	7902311c57	do not create /etc/sysctl.d/30-lkrg-virtualbox.conf if LKRG is not installed	2024-12-07 04:54:47 -05:00
Patrick Schleizer	1ce37d42cd	.	2024-12-07 04:50:40 -05:00
Patrick Schleizer	5b88e92e5c	permission hardner: treat `mount` the same way we treat `umount` Thanks to @the-moog for the bug report! fixes https://github.com/Kicksecure/security-misc/issues/284	2024-12-06 09:48:58 -05:00
Patrick Schleizer	93b51819d4	permission hardener mount chmod change from `745` to `755` https://github.com/Kicksecure/security-misc/issues/284	2024-12-06 09:47:08 -05:00
Aaron Rainbolt	1708a03e1e	Enable umask hardening	2024-11-28 15:39:59 -06:00
Patrick Schleizer	59299a6639	bumped changelog version	2024-11-25 21:07:42 +00:00
Patrick Schleizer	98d7c245ee	"\|\| exit 1" no longer required thanks to errexit	2024-11-25 15:57:30 -05:00
Patrick Schleizer	f9b5d7d3f4	use strict shell options	2024-11-25 15:48:01 -05:00
Patrick Schleizer	d32cb8c95b	use TMP, sponge, refactoring	2024-11-25 15:44:00 -05:00
Patrick Schleizer	62a551cfe3	Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sudoers'	2024-11-25 15:38:01 -05:00
Aaron Rainbolt	d7475e252a	Make apt-get-update able to be terminated securely	2024-11-21 20:03:42 -06:00
Patrick Schleizer	af43472d0c	bumped changelog version	2024-11-14 22:24:50 +00:00
Patrick Schleizer	c7e9460b2a	output	2024-11-14 16:31:12 -05:00
Patrick Schleizer	31804e30ec	bumped changelog version	2024-11-14 20:46:26 +00:00
Patrick Schleizer	ef95b3f9a5	Revert "fix `panic-on-oops.service`" This reverts commit `862d23cb10`.	2024-11-14 14:41:14 -05:00
raja-grewal	412b371e85	Merge branch 'Kicksecure:master' into arp	2024-11-13 16:47:57 +11:00
raja-grewal	141b84c40d	Provide option to deny sending and receiving shared media redirects	2024-11-13 05:42:56 +00:00
raja-grewal	18aec201bf	Provide option to harden response to ARP requests	2024-11-13 05:41:25 +00:00
raja-grewal	a25d4f8df8	Provide option to enable ARP filtering	2024-11-13 05:40:21 +00:00
raja-grewal	c2aae73ce1	Add reference and move text	2024-11-13 05:38:03 +00:00
Patrick Schleizer	57e1edde23	bumped changelog version	2024-11-12 09:11:57 +00:00
Patrick Schleizer	7987a3914d	deleted no longer used and out-commented `/etc/sudoers.d/xfce-security-misc` leftover	2024-11-12 02:29:42 -05:00
Patrick Schleizer	8c2e8e6979	deleted no longer used and out-commented `etc/sudoers.d/pkexec-security-misc` leftover	2024-11-12 01:41:12 -05:00

1 2 3 4 5 ...

2492 Commits