Patrick Schleizer
a9dd592a8b
bumped changelog version
2024-12-10 19:19:10 +00:00
Patrick Schleizer
58722324ec
Merge remote-tracking branch 'ArrayBolt3/arraybolt3/no-recovery-mode'
2024-12-10 14:18:50 -05:00
Patrick Schleizer
518224b8cf
bumped changelog version
2024-12-10 19:17:10 +00:00
Aaron Rainbolt
439fa7f3be
Harden/disable recovery mode options
2024-12-08 03:42:54 -06:00
Patrick Schleizer
7902311c57
do not create /etc/sysctl.d/30-lkrg-virtualbox.conf if LKRG is not installed
2024-12-07 04:54:47 -05:00
Patrick Schleizer
1ce37d42cd
.
2024-12-07 04:50:40 -05:00
Patrick Schleizer
59299a6639
bumped changelog version
2024-11-25 21:07:42 +00:00
Patrick Schleizer
98d7c245ee
"|| exit 1" no longer required thanks to errexit
2024-11-25 15:57:30 -05:00
Patrick Schleizer
f9b5d7d3f4
use strict shell options
2024-11-25 15:48:01 -05:00
Patrick Schleizer
d32cb8c95b
use TMP, sponge, refactoring
2024-11-25 15:44:00 -05:00
Patrick Schleizer
62a551cfe3
Merge remote-tracking branch 'ArrayBolt3/arraybolt3/sudoers'
2024-11-25 15:38:01 -05:00
Aaron Rainbolt
d7475e252a
Make apt-get-update able to be terminated securely
2024-11-21 20:03:42 -06:00
Patrick Schleizer
af43472d0c
bumped changelog version
2024-11-14 22:24:50 +00:00
Patrick Schleizer
c7e9460b2a
output
2024-11-14 16:31:12 -05:00
Patrick Schleizer
31804e30ec
bumped changelog version
2024-11-14 20:46:26 +00:00
Patrick Schleizer
ef95b3f9a5
Revert "fix panic-on-oops.service
"
...
This reverts commit 862d23cb10
.
2024-11-14 14:41:14 -05:00
Patrick Schleizer
57e1edde23
bumped changelog version
2024-11-12 09:11:57 +00:00
Patrick Schleizer
7987a3914d
deleted no longer used and out-commented /etc/sudoers.d/xfce-security-misc
leftover
2024-11-12 02:29:42 -05:00
Patrick Schleizer
8c2e8e6979
deleted no longer used and out-commented etc/sudoers.d/pkexec-security-misc
leftover
2024-11-12 01:41:12 -05:00
Patrick Schleizer
65fc0419a8
bumped changelog version
2024-11-11 11:07:57 +00:00
Patrick Schleizer
50161f5d79
moved /etc/dkms/framework.conf.d/30_security-misc.conf (renamed) to usability-misc
2024-11-11 05:48:11 -05:00
Patrick Schleizer
7c06e22c7d
deleted /usr/bin/pkexec.security-misc
...
This was not used anymore for anything. In the past, we used to `config-package-dev` `replace` `/usr/bin/pkexec` with `/usr/bin/pkexec.security-misc` for the purpose of:
> Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid.
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040
* https://forums.whonix.org/t/cannot-use-pkexec/8129
This was a worthwhile effort, interesting approach but ultimately a dead-end.
2024-11-11 05:43:25 -05:00
Patrick Schleizer
ef05b1a160
disable legacy matroxfb_base framebuffer driver
...
fix typo matroxfb_bases -> matroxfb_base
Thanks to @ArrayBolt3 for the bug report!
2024-11-11 05:40:41 -05:00
Patrick Schleizer
862d23cb10
fix panic-on-oops.service
...
remove `After=multi-user.target` because already using `WantedBy=multi-user.target`
Thanks to @ArrayBolt3 for the bug report!
2024-11-11 05:36:41 -05:00
Patrick Schleizer
29ae5f5980
fix optional opt-in harden-module-loading.service
...
by making `/usr/libexec/security-misc/disable-kernel-module-loading` executable
Thanks to @ArrayBolt3 for the bug report!
2024-11-11 05:28:31 -05:00
Patrick Schleizer
4c649577f0
bumped changelog version
2024-11-10 11:52:42 +00:00
Patrick Schleizer
29b1f1ec5f
Merge remote-tracking branch 'github-kicksecure/master'
2024-11-10 06:32:30 -05:00
Patrick Schleizer
5bd0a277bf
fix permission-hardener issue "Removing capabilities failed. File: '/bin/ping'"
...
no longer user end-of-options marker (`--`) for `setcap`
since setcap does not support it
Fixes https://github.com/QubesOS/qubes-issues/issues/9569
https://forums.whonix.org/t/permission-hardener-error/20719
2024-11-10 06:29:17 -05:00
Patrick Schleizer
238f32e81d
Merge pull request #280 from raja-grewal/ssbd
...
Enable `ssbd=force-on`
2024-11-08 07:39:40 -05:00
raja-grewal
8107782fa5
Enable ssbd=force-on
2024-11-08 15:36:04 +11:00
Patrick Schleizer
3af2684134
bumped changelog version
2024-10-30 09:43:05 +00:00
Patrick Schleizer
71c58442ca
minor
2024-10-28 05:10:19 -04:00
Patrick Schleizer
cfe19e31d8
shell options
2024-10-28 05:09:53 -04:00
Patrick Schleizer
0d50615658
local
2024-10-28 05:07:00 -04:00
Patrick Schleizer
ef0eb5f7a0
refactoring
2024-10-28 05:06:26 -04:00
Patrick Schleizer
fdd1f4b7f8
refactoring
2024-10-28 05:06:05 -04:00
Patrick Schleizer
d00235897d
hide-hardware-info: also parse /usr/local/etc/hide-hardware-info.d/*.conf
2024-10-28 05:03:59 -04:00
Patrick Schleizer
6c2e808b9f
refactoring
2024-10-28 05:03:20 -04:00
Patrick Schleizer
b44e507900
bumped changelog version
2024-10-23 09:56:05 +00:00
Patrick Schleizer
566cda5e4b
output
2024-10-21 05:47:38 -04:00
Patrick Schleizer
5991a23049
comment
2024-10-21 05:47:25 -04:00
Patrick Schleizer
fd34baff8f
Merge remote-tracking branch 'ArrayBolt3/master'
2024-10-21 05:43:53 -04:00
Aaron Rainbolt
690e8dd826
Avoid faillock lock/tally reset on reboot or timeout
2024-10-19 23:52:51 -05:00
Patrick Schleizer
b6433309fd
use end-of-options
2024-10-18 12:45:02 -04:00
Patrick Schleizer
0cfcdf4f89
bumped changelog version
2024-10-16 10:57:20 +00:00
Patrick Schleizer
0adb9b7c06
Merge remote-tracking branch 'github-kicksecure/master'
2024-10-16 06:31:09 -04:00
Patrick Schleizer
e50ad807c0
Merge pull request #276 from raja-grewal/KSPP_header
...
Clarify KSPP compliance header
2024-10-16 06:29:25 -04:00
raja-grewal
eb72163d57
README.md: Make line lengths consistent
2024-10-14 03:01:15 +00:00
raja-grewal
a9f238fe04
README.md: Split optional setting to new line
2024-10-14 02:57:31 +00:00
raja-grewal
09fe46adc9
Clarify KSPP compliance header for the undocumented case
2024-10-14 02:54:30 +00:00