|
|
78a9956b73
|
Merge remote-tracking branch 'github-kicksecure/master'
|
2022-05-19 19:41:33 -04:00 |
|
|
|
7651308787
|
Merge pull request #103 from 0xC0ncord/bugfix/selinuxfs_restrictions
hide-hardware-info: re-enable restrictions on sysfs when using SELinux
|
2022-05-19 19:39:42 -04:00 |
|
|
|
4a3ed17160
|
readme
|
2022-05-19 17:25:58 -04:00 |
|
|
|
bb0307290b
|
update link
|
2022-04-16 14:18:35 -04:00 |
|
|
|
2677db34ba
|
readme
|
2022-04-10 12:40:16 -04:00 |
|
|
|
93efa506da
|
hide-hardware-info: disable selinux whitelist by default
|
2022-03-17 11:41:57 -04:00 |
|
|
|
0051a6935a
|
bumped changelog version
23.0-1
|
2022-02-10 14:06:54 -05:00 |
|
|
|
b0a0004a85
|
output
|
2022-02-10 13:47:10 -05:00 |
|
|
|
4f6f588fb5
|
fix, skip deletion of system.map files on read-only filesystems
This is required for Qubes /lib/modules read-only implementation at time of writing.
Thanks to @marmarek for the bug report!
https://forums.whonix.org/t/remove-system-map-cannot-work-lib-modules-is-mounted-read-only/13324
|
2022-02-10 13:44:55 -05:00 |
|
|
|
356232677a
|
readme
|
2021-11-09 14:32:33 -05:00 |
|
|
|
4172232eb7
|
hide-hardware-info: make indentation consistent
|
2021-10-10 16:03:40 -04:00 |
|
|
|
060d7d890a
|
hide-hardware-info: re-enable restrictions on sysfs when using SELinux
When using SELinux, restrict the parts of sysfs explicitly to ensure
restrictions are working as expected.
|
2021-10-10 16:03:07 -04:00 |
|
|
|
96026a5e90
|
bumped changelog version
22.9-1
|
2021-09-14 14:18:52 -04:00 |
|
|
|
c72567dbd2
|
fix
|
2021-09-14 14:18:44 -04:00 |
|
|
|
03276fbec5
|
bumped changelog version
22.8-1
|
2021-09-12 11:57:20 -04:00 |
|
|
|
d62bbaab82
|
fix, unduplicate kernel command line
|
2021-09-12 11:40:58 -04:00 |
|
|
|
fb0540650c
|
readme
|
2021-09-11 16:33:14 -04:00 |
|
|
|
64e9f0016a
|
bumped changelog version
22.7-1
|
2021-09-09 12:35:37 -04:00 |
|
|
|
bd31b4085c
|
remove Debian buster support in /etc/default/grub.d
|
2021-09-09 12:16:18 -04:00 |
|
|
|
d16d9a5455
|
bumped changelog version
22.6-1
|
2021-09-06 09:46:20 -04:00 |
|
|
|
ac0c492663
|
do not set kernel parameter quiet loglevel=0 for recovery boot option
for easier debugging
|
2021-09-06 08:22:55 -04:00 |
|
|
|
49902b8c56
|
move grub quiet to separate config file /etc/default/grub.d/41_quiet.cfg
|
2021-09-06 08:19:41 -04:00 |
|
|
|
bb3a3178f1
|
bumped changelog version
22.5-1
|
2021-09-06 04:55:23 -04:00 |
|
|
|
f5b0e4b5b8
|
debugging
|
2021-09-06 04:55:16 -04:00 |
|
|
|
a67d1754d4
|
bumped changelog version
22.4-1
|
2021-09-05 16:04:28 -04:00 |
|
|
|
6257bfa926
|
debugging
|
2021-09-05 15:54:20 -04:00 |
|
|
|
1b09d56718
|
bumped changelog version
22.3-1
|
2021-09-04 18:29:00 -04:00 |
|
|
|
a4e18a2ae8
|
dracut reproducible=yes
|
2021-09-04 18:28:37 -04:00 |
|
|
|
1a10293b04
|
bumped changelog version
22.2-1
|
2021-09-04 12:00:55 -04:00 |
|
|
|
e2810f348b
|
Depends: libpam-modules-bin
|
2021-09-04 11:50:31 -04:00 |
|
|
|
3c64ec8f91
|
bumped changelog version
22.1-1
|
2021-09-02 14:36:53 -04:00 |
|
|
|
be8c10496f
|
fix faillock implementation
dovecot / ssh are exempted
|
2021-09-01 15:55:53 -04:00 |
|
|
|
8b104f544a
|
fix, add sshd to pam_service_exclusion_list
to avoid faillock
|
2021-09-01 15:45:36 -04:00 |
|
|
|
224ae730c1
|
bumped changelog version
22.0-1
|
2021-08-22 05:32:18 -04:00 |
|
|
|
db43cedcfd
|
LANG=C str_replace
|
2021-08-22 05:23:24 -04:00 |
|
|
|
ef2b067c03
|
bumped changelog version
21.9-1
|
2021-08-17 15:24:12 -04:00 |
|
|
|
08adf4a07d
|
readme
|
2021-08-17 15:23:49 -04:00 |
|
|
|
7d73b3ffa0
|
add hardened malloc compatibility for haveged workaround
`/lib/systemd/system/haveged.service.d/30_security-misc.conf`
`SystemCallFilter=getrandom`
Otherwise haveged will exit with a core dump.
|
2021-08-17 15:21:26 -04:00 |
|
|
|
8676beef90
|
bumped changelog version
21.8-1
|
2021-08-10 18:26:32 -04:00 |
|
|
|
582492d6d8
|
port from pam_tally2 to pam_faillock
since pam_tally2 was deprecated upstream
|
2021-08-10 17:13:00 -04:00 |
|
|
|
2bf0e7471c
|
port from pam_tally2 to pam_faillock
since pam_tally2 was deprecated upstream
|
2021-08-10 15:11:01 -04:00 |
|
|
|
2aea74bd71
|
renamed: usr/libexec/security-misc/pam_tally2-info -> usr/libexec/security-misc/pam-info
renamed: usr/libexec/security-misc/pam_tally2_not_if_x -> usr/libexec/security-misc/pam_faillock_not_if_x
renamed: usr/share/pam-configs/tally2-security-misc -> usr/share/pam-configs/faillock-security-misc
|
2021-08-10 15:06:04 -04:00 |
|
|
|
6376bbff80
|
bumped changelog version
21.7-1
|
2021-08-05 17:03:43 -04:00 |
|
|
|
3756016f42
|
lintian --suppress-tags obsolete-command-in-modprobe.d-file
https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/24
|
2021-08-03 13:04:34 -04:00 |
|
|
|
50bdd097df
|
move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS
|
2021-08-03 12:56:31 -04:00 |
|
|
|
4fadaad8c0
|
lintian FHS
|
2021-08-03 12:52:10 -04:00 |
|
|
|
6607c1e4bd
|
move /usr/lib/helper-scripts and /usr/lib/curl-scripts to /usr/libexec/helper-scripts as per lintian FHS
|
2021-08-03 12:48:57 -04:00 |
|
|
|
0492f28aa1
|
enable "apt-get --error-on=any" by default
makes apt exit non-zero for transient failures
`/etc/apt/apt.conf.d/40error-on-any`
https://forums.whonix.org/t/debian-bullseye-apt-get-error-on-any/12068
|
2021-08-03 12:37:39 -04:00 |
|
|
|
240ec7672a
|
replace no longer required /usr/lib/security-misc/apt-get-wrapper with apt-get --error-on=any
|
2021-08-03 12:19:26 -04:00 |
|
|
|
8eae635668
|
update lintian tag name
|
2021-08-03 11:51:31 -04:00 |
|
