security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-08 23:09:26 +07:00

Author	SHA1	Message	Date
Patrick Schleizer	2d37e3a1af	copyright	2022-05-20 14:46:38 -04:00
Patrick Schleizer	7d73b3ffa0	add hardened malloc compatibility for haveged workaround `/lib/systemd/system/haveged.service.d/30_security-misc.conf` `SystemCallFilter=getrandom` Otherwise haveged will exit with a core dump.	2021-08-17 15:21:26 -04:00
Patrick Schleizer	50bdd097df	move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS	2021-08-03 12:56:31 -04:00
Patrick Schleizer	5a65c35479	port LKRG compatibility settings automation for VirtualBox hosts from systemd to dpkg trigger	2021-08-01 13:11:18 -04:00
Patrick Schleizer	257cef24ba	add LKRG compatibility settings automation for VirtualBox hosts https://github.com/openwall/lkrg/issues/82	2021-07-24 18:03:40 -04:00
Patrick Schleizer	41734ec523	systemd RemainAfterExit=yes for better usability https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618/33	2021-04-03 11:44:13 -04:00
Patrick Schleizer	a67007f4b7	copyright	2021-03-17 09:45:21 -04:00
Patrick Schleizer	8851c9ed29	fix: disable proc-hidepid.service	2020-04-14 12:39:34 -04:00
Patrick Schleizer	72be31e870	disable proc-hidepid by default because incompatible with pkexec and undo pkexec wrapper	2020-04-12 16:48:13 -04:00
Patrick Schleizer	2ceea8d1fe	update copyright year	2020-04-01 08:49:59 -04:00
Patrick Schleizer	a37da1c968	add digits to drop-in file names	2020-01-24 04:39:06 -05:00
Patrick Schleizer	9c0d6b6057	copyright	2019-12-29 05:09:07 -05:00
Patrick Schleizer	edc08988f2	copyright	2019-12-29 05:08:53 -05:00
Patrick Schleizer	9156d3584c	Description	2019-12-29 04:59:05 -05:00
Patrick Schleizer	3ea946b365	RemainAfterExit=yes	2019-12-29 04:56:51 -05:00
Patrick Schleizer	2787ae9765	copyright	2019-12-29 04:56:35 -05:00
Patrick Schleizer	6d56eb9ef0	minor	2019-12-29 04:56:18 -05:00
Patrick Schleizer	0e14706f32	copyright	2019-12-29 04:45:26 -05:00
Patrick Schleizer	617c0a0e15	disable remount-secure.service - Disable for now until development finished / tested.	2019-12-23 07:21:26 -05:00
Patrick Schleizer	7f20160477	comment	2019-12-20 05:24:00 -05:00
Patrick Schleizer	a135ae9400	use must manually enable permission-hardening.service until development finished	2019-12-20 05:22:59 -05:00
Patrick Schleizer	d80bf036f3	Disable permission hardening now until development finished / tested.	2019-12-09 03:50:43 -05:00
madaidan	d7e2deae92	Create permission-hardening.service	2019-12-08 16:50:54 +00:00
Patrick Schleizer	1227ccd1f7	After=qubes-sysinit.service	2019-12-08 04:37:53 -05:00
Patrick Schleizer	2954dcbccf	minor	2019-12-06 12:24:55 -05:00
Patrick Schleizer	f3647e7478	RemainAfterExit=yes	2019-12-06 12:18:18 -05:00
Patrick Schleizer	470cad6e91	remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in) https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707	2019-12-06 05:14:02 -05:00
madaidan	e92022a21c	Remove systemd sandboxing	2019-11-16 14:56:28 +00:00
Patrick Schleizer	203d5cfa68	copyright	2019-10-31 11:19:44 -04:00
madaidan	42c1701d5c	Whitelist user@.service	2019-10-15 21:00:03 +00:00
Patrick Schleizer	c87fc75f2a	fix, run remove-system-map.service during sysinit.target	2019-10-05 09:36:21 +00:00
Patrick Schleizer	25b6746784	fix systemd unit file proc-hidepid.service: WantedBy=sysinit.target	2019-10-05 09:14:54 +00:00
madaidan	7345287560	Use sysinit.target instead	2019-10-04 17:32:52 +00:00
madaidan	e06eeec678	Disable hide-hardware-info.service by default	2019-10-03 21:42:06 +00:00
madaidan	b06ab912c0	Add licensing	2019-10-03 21:37:29 +00:00
madaidan	ce97e5ed82	Create hide-hardware-info.service	2019-10-03 20:45:29 +00:00
Patrick Schleizer	fbd1a5bde9	hidepid before sysinit.target	2019-09-10 12:23:00 -04:00
madaidan	932524cbd1	Move disable-coredumps.conf to correct position	2019-07-10 15:28:48 +00:00
Patrick Schleizer	f82731698c	re-enable PrivateNetwork=true	2019-07-01 14:53:01 +00:00
Patrick Schleizer	24cc8e380d	comment out proc-hidepid.service hardening for now since broken in Qubes Debian AppVMs https://forums.whonix.org/t/kernel-hardening/7296/104	2019-07-01 03:43:02 -04:00
Patrick Schleizer	0bffc7a930	Merge remote-tracking branch 'origin/master'	2019-07-01 03:08:26 -04:00
Patrick Schleizer	3c176ce158	allow permissions openat mkdir since required in Qubes Debian templates	2019-07-01 03:07:14 -04:00
madaidan	b8f2aee905	Add licensing	2019-06-30 13:22:43 +00:00
Patrick Schleizer	67de5247c8	Merge branch 'master' into patch-13	2019-06-30 08:10:04 +00:00
madaidan	c6b669f1a5	Create disable-coredumps.conf	2019-06-30 00:11:13 +00:00
madaidan	a2c676ed48	Update proc-hidepid.service	2019-06-29 22:28:41 +00:00
madaidan	dcf57bebf0	Create proc-hidepid.service	2019-06-29 22:27:24 +00:00
Patrick Schleizer	36c2b1d283	fix lintian warning	2019-06-28 07:18:30 +00:00
madaidan	b809185008	Update remove-system-map.service	2019-06-27 16:09:52 +00:00
madaidan	3116a56f13	Create remove-system-map.service	2019-06-25 19:25:32 +00:00

50 Commits