mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-12 08:50:39 +07:00
Code Issues Packages Projects Releases Wiki Activity
NaN Commits 4 Branches 456 Tags
84376d23fc17d2ced890ffca0b05d15907d42a6f
Commit Graph

472 Commits

Author SHA1 Message Date
Patrick Schleizer
1199871d7b undo IPv6 privacy due to potential server issues 
https://github.com/Kicksecure/security-misc/issues/184
 2024-01-07 06:37:34 -05:00
Patrick Schleizer
128bb01b35 undo IPv6 privacy due to potential server issues 
https://github.com/Kicksecure/security-misc/issues/184
 2024-01-07 06:36:25 -05:00
Patrick Schleizer
3f1304403f disable MAC randomization in Network Manager (NM) because it breaks VirtualBox DHCP 
https://github.com/Kicksecure/security-misc/issues/184
 2024-01-06 08:15:31 -05:00
Raja Grewal
74afcc9c63 Clarify validity of disabling io_uring 2024-01-03 17:52:23 +11:00
Raja Grewal
f055fe5da2 Disable asynchronous I/O 
io_uring creation is disabled for all processes. io_uring_setup always fails with -EPERM. Existing io_uring instances can still be used.
 2023-12-15 08:33:36 +00:00
Patrick Schleizer
5a73817a95 move to /usr/lib/issue.d/20_security-misc.issue 
https://github.com/Kicksecure/security-misc/pull/167
 2023-12-04 11:38:49 -05:00
Patrick Schleizer
dc04040cb3 typo 2023-12-04 10:36:48 -05:00
Patrick Schleizer
2634dbff2b shuffle 2023-12-04 10:36:21 -05:00
Patrick Schleizer
d4494fd3c3 disable remount-secure dracut modules 
pending new systemd based implementation

https://github.com/Kicksecure/security-misc/pull/152
 2023-11-05 15:27:09 -05:00
Patrick Schleizer
55ba5d4832 renamed: usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf -> usr/lib/NetworkManager/conf.d/80_ipv6-privacy.conf 
renamed:    usr/lib/NetworkManager/conf.d/99_randomize-mac.conf -> usr/lib/NetworkManager/conf.d/80_randomize-mac.conf
renamed:    usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf -> usr/lib/systemd/networkd.conf.d/80_ipv6-privacy-extensions.conf
 2023-11-05 14:51:31 -05:00
Patrick Schleizer
5a75bcfb19 Merge pull request #145 from monsieuremre/wifi-and-bluetooth 
Wifi and Bluetooth Patch | Security and Privacy
 2023-11-05 14:49:00 -05:00
monsieuremre
ac224b270a disable sysrq 2023-11-02 13:01:55 +00:00
monsieuremre
229032d691 Rename etc/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf to usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf 2023-11-01 17:54:05 +00:00
monsieuremre
1049298e7b Update and rename etc/NetworkManager/conf.d/99_randomize-mac.conf to usr/lib/NetworkManager/conf.d/99_randomize-mac.conf 2023-11-01 17:52:40 +00:00
monsieuremre
76e684cc0a Update and rename etc/NetworkManager/conf.d/99_ipv6-privacy.conf to usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf 2023-11-01 17:51:27 +00:00
monsieuremre
c975c3c0ff new lines 990-security-misc.conf 
added new recommended hardening settings with comments
 2023-10-27 11:07:53 +00:00
Patrick Schleizer
1123d23114 remount-secure: disable debugging to save space in initrd 2023-10-26 18:45:07 -04:00
Patrick Schleizer
e5d989af5a comment 2023-10-26 12:04:13 -04:00
Patrick Schleizer
6a22351d29 renamed: usr/lib/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/990-security-misc.conf 2023-10-25 17:30:07 -04:00
Patrick Schleizer
b7c52800f4 renamed: etc/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/30_security-misc.conf 
renamed:    etc/sysctl.d/30_security-misc_kexec-disable.conf -> usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
renamed:    etc/sysctl.d/30_silent-kernel-printk.conf -> usr/lib/sysctl.d/30_silent-kernel-printk.conf
 2023-10-25 17:28:43 -04:00
Patrick Schleizer
5182d7502b improve remount-secure 2023-10-22 16:08:21 -04:00
Patrick Schleizer
52fa7db087 output 2023-10-22 13:57:38 -04:00
Patrick Schleizer
8a592c2e37 fix remountsecure kernel parameter logic 2023-10-22 13:56:17 -04:00
Patrick Schleizer
4288e10554 fix, rework remount-secure kernel parameters parsing 2023-10-22 13:25:31 -04:00
Patrick Schleizer
b0181af099 fix 2023-10-22 13:12:25 -04:00
Patrick Schleizer
28cb53341d remount-secure dracut module: improve output 2023-10-22 13:11:44 -04:00
Patrick Schleizer
84ca0ac8a0 improve remount-secure 2023-10-22 12:54:25 -04:00
Patrick Schleizer
d5cb7ecec9 use findmnt 2023-10-22 10:22:21 -04:00
Patrick Schleizer
b81a991731 fix 2023-10-22 10:15:11 -04:00
Patrick Schleizer
bb57b1a289 fix 2023-10-22 10:10:51 -04:00
Patrick Schleizer
33d97a2560 improve output of remount-secure dracut module 2023-10-22 09:39:54 -04:00
Patrick Schleizer
c409e3221e implement remount-secure 2023-10-22 09:36:03 -04:00
Patrick Schleizer
90f2b5e11c code simplification 2023-10-22 08:51:37 -04:00
Patrick Schleizer
e065f85c88 add remount-secure dracut module 2023-10-22 08:10:48 -04:00
Raja Grewal
7a4212dd76 Update copyright 2023-03-30 17:08:47 +11:00
Patrick Schleizer
7bda2ad3e8 move ram-wipe scripts to dedicated ram-wipe package 2023-01-24 06:34:17 -05:00
Patrick Schleizer
d769099db1 use warn instead of info for now 
because dracut does not show info messages when kernel parameter quiet is set
 2023-01-09 05:34:07 -05:00
Patrick Schleizer
2fd302f580 output 2023-01-07 18:02:21 -05:00
Patrick Schleizer
080abe574b output 2023-01-07 17:48:21 -05:00
Patrick Schleizer
5689c07f97 comment 2023-01-07 17:37:46 -05:00
Patrick Schleizer
8e2db269b0 cleanup 2023-01-07 17:36:51 -05:00
Patrick Schleizer
539156c0da drop_caches 2023-01-07 17:23:25 -05:00
Patrick Schleizer
02f44459ad DRACUT_QUIET=no 2023-01-07 17:22:45 -05:00
Patrick Schleizer
ab89d0e06e cleanup 2023-01-07 16:59:00 -05:00
Patrick Schleizer
2e833b40a1 prevent "wait: pid 55 is not a child of this shell" 2023-01-07 16:43:09 -05:00
Patrick Schleizer
3777ecba85 comment 2023-01-07 16:34:19 -05:00
Patrick Schleizer
e0ded5e69d comment 2023-01-07 16:34:04 -05:00
Patrick Schleizer
4fca8f4225 comment 2023-01-07 16:28:11 -05:00
Patrick Schleizer
2456fed361 output 2023-01-07 16:00:42 -05:00
Patrick Schleizer
c0b5fea680 protect against wipe RAM reboot loop 2023-01-07 15:59:52 -05:00