2d37e3a1af
copyright
2022-05-20 14:46:38 -04:00
50bdd097df
move /usr/lib/security-misc to /usr/libexec/security-misc as per lintian FHS
2021-08-03 12:56:31 -04:00
6607c1e4bd
move /usr/lib/helper-scripts and /usr/lib/curl-scripts to /usr/libexec/helper-scripts as per lintian FHS
2021-08-03 12:48:57 -04:00
5a65c35479
port LKRG compatibility settings automation for VirtualBox hosts from systemd to dpkg trigger
2021-08-01 13:11:18 -04:00
a67007f4b7
copyright
2021-03-17 09:45:21 -04:00
5c81e1f23f
import from anon-gpg-conf
2020-04-06 09:25:45 -04:00
2ceea8d1fe
update copyright year
2020-04-01 08:49:59 -04:00
d2f6ac0491
fix, do user/group modifications in preinst rather than postinst
2019-12-10 03:50:23 -05:00
6b01e5be14
comment
2019-12-08 02:01:22 -05:00
52e0f104cc
comment
2019-12-08 01:59:55 -05:00
731d486fa0
refactoring
2019-12-08 01:58:58 -05:00
221a2df2a2
refactoring
2019-12-08 01:58:37 -05:00
b871421a54
usr/share/pam-configs/console-lockdown -> usr/share/pam-configs/console-lockdown-security-misc
2019-12-08 01:57:43 -05:00
d36669596f
comment
2019-12-08 01:56:30 -05:00
1a0f353708
comment
2019-12-08 01:47:40 -05:00
eed1f0a462
comment
2019-12-08 01:46:32 -05:00
2491b62393
refactoring, add all groups first before adding any users to any groups
2019-12-08 01:43:45 -05:00
c1800b13fe
separate group "ssh" for incoming ssh console permission
...
Thanks to @madaidan
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16
2019-12-07 11:26:39 -05:00
6479c883bf
Console Lockdown.
...
Allow members of group 'console' to use tty1 to tty7. Everyone else except
members of group 'console-unrestricted' are restricted from using console
using ancient, unpopular login methods such as using /bin/login over networks,
which might be exploitable. (CVE-2001-0797)
Not enabled by default in this package since this package does not know which
users shall be added to group 'console'.
In new Whonix builds, user 'user" will be added to group 'console' and
pam console-lockdown enabled by package anon-base-files.
/usr/share/pam-configs/console-lockdown
/etc/security/access-security-misc.conf
https://forums.whonix.org/t/etc-security-hardening/8592
2019-12-07 05:40:20 -05:00
203d5cfa68
copyright
2019-10-31 11:19:44 -04:00
af607d5eb2
Create sysfs and cpuinfo groups
2019-10-15 21:02:03 +00:00
8132052ce0
run update-grub from postinst so /etc/default/grub.d changes take effect
2019-09-07 05:44:23 +00:00
21489111d1
run permission lockdown during pam
...
https://forums.whonix.org/t/change-default-umask/7416
2019-08-14 08:34:03 +00:00
404f597c0a
description
2019-07-31 07:29:42 +00:00
3f031a297d
Removes read, write and execute access for others for all users who have home
...
folders under folder /home by running for example "chmod o-rwx /home/user"
during package installation or upgrade. This will be done only once per folder
in folder /home so users who wish to relax file permissions are free to do so.
This is to protect previously created files in user home folder which were
previously created with lax file permissions prior installation of this
package.
2019-07-13 16:20:14 +00:00
4079632d1a
remove modifying to /etc/pam.d directly (unrelased)
...
config-package-dev displace /etc/securetty
remove trailing spaces
https://forums.whonix.org/t/restrict-root-access/7658/31
2019-07-13 11:41:37 +00:00
673aab6bc2
shut up pam-auth-update
2019-07-07 22:18:47 +00:00
67ff83262b
move to pam-auth-update --force
...
--package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.
2019-07-07 21:31:56 +00:00
91fb21aafb
Due to error:
...
Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so
run:
pam-auth-update --package
from Debian maintainer scripts
2019-07-07 16:51:40 -04:00
06b86229a4
update path to pre.bsh
2019-05-12 02:58:45 -04:00
5b3fc2f6b9
update copyright
2018-01-29 15:22:05 +00:00
c3b6a44e97
update copyright
2018-01-29 15:15:17 +00:00
ff28f5932c
update copyright
2018-01-29 15:09:42 +00:00
99bb1e877e
"$@"
2017-03-06 15:00:33 +00:00
dfe8a569b6
override glib-compile-schemas with || true in postinst
...
https://phabricator.whonix.org/T500
2017-02-19 22:32:04 +00:00
5ba2a5b6ff
disable previews in nautilus by default for better security
...
copied solution by @unman
https://github.com/QubesOS/qubes-issues/issues/1108
https://github.com/QubesOS/qubes-core-agent-linux/pull/39
https://phabricator.whonix.org/T500
2017-02-19 22:25:28 +00:00
