|
|
78a4fad667
|
Change echo to info. Included more reliable way of getting initrd and kernel. Allow user custom kexec
|
2023-01-07 11:14:31 -05:00 |
|
|
|
f81714be50
|
Merge branch 'Kicksecure:master' into framebuffer
|
2022-12-13 05:14:56 +00:00 |
|
|
|
d67845fea8
|
Typo
|
2022-12-13 16:11:24 +11:00 |
|
|
|
6d7a782624
|
fix
|
2022-11-24 07:21:46 -05:00 |
|
|
|
6f695902fb
|
Add comment about legacy Apple fiesystems
|
2022-11-23 23:53:40 +11:00 |
|
|
|
e5255a630a
|
pam-info: support non-root environments (such as during graphical display manager login and xscreensaver)
|
2022-11-22 05:57:30 -05:00 |
|
|
|
daa30d4e78
|
Include several framebuffer drivers into blacklist
These were previously commented out to test for compatibility issues.
|
2022-11-09 20:43:59 +11:00 |
|
|
|
92669dba18
|
Comment out machine check exception
|
2022-08-21 23:02:44 +10:00 |
|
|
|
0c5b1e9f57
|
undo "force kernel to panic on "oopses"
because implemented differently already
https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713
|
2022-07-23 07:49:56 -04:00 |
|
|
|
ca764d8de0
|
force kernel to panic on "oopses"
|
2022-07-20 04:06:35 +10:00 |
|
|
|
1660aaa6dd
|
update details around disabling SMT
|
2022-07-19 03:38:41 +10:00 |
|
|
|
bfd78a2c06
|
update SRBDS mitigation
|
2022-07-19 03:16:08 +10:00 |
|
|
|
c3ebb9160f
|
CPU mitigation - MMIO Stale Data
|
2022-07-19 02:33:16 +10:00 |
|
|
|
59e90ff122
|
CPU mitigation - L1D FLushing
|
2022-07-19 02:32:41 +10:00 |
|
|
|
8531fbf99d
|
CPU mitigation - SRBDS
|
2022-07-19 02:30:49 +10:00 |
|
|
|
73f1e23332
|
shuffle and rewording
|
2022-07-19 02:29:46 +10:00 |
|
|
|
39314b2912
|
Merge branch 'harden' of https://github.com/raja-grewal/security-misc into harden
|
2022-07-19 00:49:08 +10:00 |
|
|
|
bb831d57bc
|
delete repeated commands
|
2022-07-19 00:38:32 +10:00 |
|
|
|
c77a2a78bc
|
enforce default net.ipv6.icmp_ignore_bogus_error_responses
|
2022-07-19 00:37:31 +10:00 |
|
|
|
c4a1094760
|
Merge branch 'Kicksecure:master' into harden
|
2022-07-18 13:36:23 +00:00 |
|
|
|
a72bbb1883
|
Corrected kerenl module disabling
|
2022-07-13 23:42:13 +10:00 |
|
|
|
4e93b4d37e
|
Revert "enforce defualt net.ipv4.ip_forward"
This reverts commit 57b5b2145c.
|
2022-07-13 21:10:39 +10:00 |
|
|
|
a47922ad28
|
enforce of IOMMU TLB invalidation
|
2022-07-13 04:47:07 +10:00 |
|
|
|
33df16af80
|
disables random.trust_bootloader
|
2022-07-13 04:37:03 +10:00 |
|
|
|
d0779a96fc
|
add reference
|
2022-07-13 04:36:34 +10:00 |
|
|
|
74858d257b
|
enable randomize_kstack_offset
|
2022-07-13 04:34:35 +10:00 |
|
|
|
f572332108
|
disable slub_debug
|
2022-07-13 04:32:03 +10:00 |
|
|
|
57b5b2145c
|
enforce defualt net.ipv4.ip_forward
|
2022-07-13 04:30:43 +10:00 |
|
|
|
79156262c9
|
enforce default net.ipv4.icmp_ignore_bogus_error_responses
|
2022-07-13 04:29:42 +10:00 |
|
|
|
dabcaf22e1
|
enforce default kernel.randomize_va_space
|
2022-07-13 04:28:03 +10:00 |
|
|
|
48089e5ba4
|
More verbose kernel module blocking error logs
|
2022-07-12 17:02:12 +10:00 |
|
|
|
40ec791774
|
Updated comments
|
2022-07-12 16:58:16 +10:00 |
|
|
|
ef1ef9917d
|
Blacklist automatic loading of CD-ROM modules
|
2022-07-10 04:53:25 +10:00 |
|
|
|
61ef9bd59f
|
Incorporated Ubuntu’s kernel module blacklists
|
2022-07-10 04:52:00 +10:00 |
|
|
|
26b2c9727f
|
not blacklist CD-ROM / DVD yet
https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
|
2022-07-07 15:39:40 -04:00 |
|
|
|
ca19d78d48
|
shuffle
|
2022-07-07 15:27:15 -04:00 |
|
|
|
780dc8eec9
|
replace /bin/false -> /bin/disabled-by-security-misc
|
2022-07-08 04:11:25 +10:00 |
|
|
|
fa2e30f512
|
Updated descriptions of disabled modules
|
2022-07-08 03:04:37 +10:00 |
|
|
|
da389d6682
|
Revert "replace /bin/false -> /bin/true"
This reverts commit f0511635a9.
|
2022-07-08 02:12:04 +10:00 |
|
|
|
f0511635a9
|
replace /bin/false -> /bin/true
|
2022-07-07 09:27:53 +00:00 |
|
|
|
18d67dbc53
|
Blacklist more modules
|
2022-07-07 09:26:55 +00:00 |
|
|
|
1c0e071948
|
comments
|
2022-07-05 10:45:55 -04:00 |
|
|
|
5d47f5f74c
|
comments
|
2022-07-05 10:45:09 -04:00 |
|
|
|
435c689cf9
|
comments
|
2022-07-05 10:44:28 -04:00 |
|
|
|
c20d588d78
|
comments
|
2022-07-05 10:42:37 -04:00 |
|
|
|
b342ce930e
|
add /etc/default/grub.d/40_cold_boot_attack_defense.cfg
|
2022-07-05 10:28:22 -04:00 |
|
|
|
67eaf8c916
|
comments
|
2022-06-29 11:40:38 -04:00 |
|
|
|
72908d6b0d
|
comments
|
2022-06-29 11:34:55 -04:00 |
|
|
|
55d16e1602
|
remove unicode
|
2022-06-08 09:04:03 -04:00 |
|
|
|
fcaec49675
|
Merge remote-tracking branch 'github-kicksecure/master'
|
2022-06-08 08:20:24 -04:00 |
|
