security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-19 20:29:53 +07:00

Author	SHA1	Message	Date
Raja Grewal	92669dba18	Comment out machine check exception	2022-08-21 23:02:44 +10:00
Patrick Schleizer	0c5b1e9f57	undo `"force kernel to panic on "oopses"` because implemented differently already https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713	2022-07-23 07:49:56 -04:00
Raja Grewal	ca764d8de0	force kernel to panic on "oopses"	2022-07-20 04:06:35 +10:00
Raja Grewal	74858d257b	enable randomize_kstack_offset	2022-07-13 04:34:35 +10:00
Raja Grewal	f572332108	disable slub_debug	2022-07-13 04:32:03 +10:00
Patrick Schleizer	2d37e3a1af	copyright	2022-05-20 14:46:38 -04:00
Patrick Schleizer	c72567dbd2	fix	2021-09-14 14:18:44 -04:00
Patrick Schleizer	bd31b4085c	remove Debian buster support in /etc/default/grub.d	2021-09-09 12:16:18 -04:00
Patrick Schleizer	49902b8c56	move grub quiet to separate config file /etc/default/grub.d/41_quiet.cfg	2021-09-06 08:19:41 -04:00
Patrick Schleizer	db43cedcfd	LANG=C str_replace	2021-08-22 05:23:24 -04:00
Patrick Schleizer	a67007f4b7	copyright	2021-03-17 09:45:21 -04:00
madaidan	06ffd5d220	Restrict access to debugfs	2020-09-28 19:21:20 +00:00
Patrick Schleizer	6485df8126	Prevent kernel info leaks in console during boot. add kernel parameter `quiet loglevel=0` https://phabricator.whonix.org/T950	2020-04-23 12:26:31 -04:00
Patrick Schleizer	72228946dc	fix etc/default/grub.d/40_kernel_hardening.cfg in Qubes if no kernel package is installed	2020-04-08 16:46:11 +00:00
Patrick Schleizer	2ceea8d1fe	update copyright year	2020-04-01 08:49:59 -04:00
madaidan	f6b6ab374e	Gather more entropy during boot	2020-02-16 19:51:32 +00:00
madaidan	ba0043b8a7	Update 40_kernel_hardening.cfg	2020-02-12 18:36:05 +00:00
HulaHoop0	e4c6e897cf	kvm.nx_huge_pages=force	2020-02-03 16:06:46 +00:00
Patrick Schleizer	b9d65338bc	unconditionally enable all CPU bugs (spectre, meltdown, L1TF, ...) this might reduce performance * `spectre_v2=on` * `spec_store_bypass_disable=on` * `tsx=off` * `tsx_async_abort=full,nosmt` Thanks to @madaidan for the suggestion! https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647	2020-01-30 05:55:13 -05:00
Patrick Schleizer	c1a0da60be	set kernel boot parameter `l1tf=full,force` and `nosmt=force` https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17	2020-01-30 00:46:48 -05:00
Patrick Schleizer	ede536913d	no longer hardcode amd64	2019-12-24 06:00:41 -05:00
Patrick Schleizer	ac49c55d1f	Merge pull request #49 from madaidan/kver Detect kernel upgrades	2019-12-24 10:55:03 +00:00
madaidan	98e88d1456	Detect kernel upgrades	2019-12-23 19:57:43 +00:00
madaidan	d1a0650fd9	Use only one slub_debug parameter	2019-12-23 19:44:52 +00:00
Patrick Schleizer	3e131174d5	comments	2019-12-23 05:00:35 -05:00
Patrick Schleizer	9f072ce4f9	comment	2019-12-23 03:46:02 -05:00
Patrick Schleizer	26fe9394ff	disable lockdown for now due to module loading	2019-12-23 03:41:54 -05:00
madaidan	535c258b83	More kernel hardening	2019-12-23 03:35:07 -05:00
Patrick Schleizer	94d40c68d4	do not set kernel boot parameter page_poison=1 in Qubes since does not work https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012	2019-11-05 10:02:55 -05:00
Patrick Schleizer	f57702c158	comments; copyright	2019-11-05 09:55:43 -05:00
madaidan	60db7e6294	fix typo	2019-09-07 20:08:56 +00:00
Patrick Schleizer	2a6289980e	syntax fix GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt" https://forums.whonix.org/t/kernel-hardening/7296/70	2019-06-23 18:46:52 +00:00
madaidan	2178fb37a8	Add more kernel hardening parameters	2019-06-23 17:54:34 +00:00
Patrick Schleizer	f917c27a19	remove trailing spaces	2019-05-06 05:51:14 -04:00
madaidan	02e8888b0b	Update 40_kernel_hardening.cfg	2019-05-05 20:17:33 +00:00
madaidan	3695d7491e	Create 40_kernel_hardening.cfg	2019-05-05 14:42:03 +00:00

36 Commits