dfe9b0f6c7
fix, no longer unconditionally abort pam for user accounts with locked passwords
...
as locked user accounts might have valid sudoers exceptions
Thanks to @mimp for the bug report!
https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521
2020-11-05 06:42:47 -05:00
211769dc65
comment
2020-11-05 06:41:51 -05:00
7952139731
comment
2020-11-05 06:39:32 -05:00
bb72c1278d
copyright
2020-11-05 06:36:39 -05:00
1188a44f47
port to python 3.7
2020-04-04 16:49:30 -04:00
2ceea8d1fe
update copyright year
2020-04-01 08:49:59 -04:00
9bbae903fe
remove-system.map: lower verbosity output
2020-02-15 05:29:48 -05:00
31009f0bfa
Shred System.map files
2020-02-14 23:46:19 +00:00
1f6ed2cc70
add support for passing parameters to usr/lib/security-misc/apt-get-update
2020-02-03 08:55:20 -05:00
8627c9f76d
/usr/lib/security-misc/apt-get-update increase default timeout_after="600"
2020-01-31 12:18:02 -05:00
829e28aa90
/usr/lib/security-misc/apt-get-update environment variable timeout_after kill_after support
2020-01-31 12:17:07 -05:00
d4a37b6df2
remove-system.map: source /usr/lib/helper-scripts/pre.bsh
2020-01-24 03:18:17 -05:00
18041efa2f
fix pam tally2 check when read-only disk boot without ro-mode-init or grub-live
2020-01-21 10:01:17 -05:00
5031e7cc4b
better output if trying to login with non-existing user
2019-12-31 08:18:38 -05:00
20697db3ee
improve console lockdown info output
2019-12-31 02:53:02 -05:00
788914de95
group ssh check was removed
...
https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/27
2019-12-31 02:46:32 -05:00
1a0f7a7733
debugging
2019-12-29 04:43:32 -05:00
5271892cb1
debugging
2019-12-29 04:42:54 -05:00
683028049c
debugging
2019-12-29 04:41:23 -05:00
e3e1ff2a31
exit with error if a config line cannot be processed rather than skipping
...
https://forums.whonix.org/t/disable-suid-binaries/7706/59
2019-12-29 04:35:46 -05:00
d5c99f3a60
output
2019-12-29 04:27:21 -05:00
04f438f75d
comment
2019-12-24 18:09:37 -05:00
9da0e428ed
debugging
2019-12-24 17:54:31 -05:00
e18ec533c3
comment
2019-12-24 17:54:02 -05:00
f8f2e6c704
fix disablewhitelist feature
2019-12-23 02:35:13 -05:00
47ddcad0c0
rename keyword whitelist to exactwhitelist
...
add new keyword disablewhitelist
refactoring
2019-12-23 02:29:47 -05:00
34bf245713
output
2019-12-23 01:35:45 -05:00
ba30e45d15
output
2019-12-23 01:32:42 -05:00
ee9c5742da
output
2019-12-23 01:29:48 -05:00
6d05359abc
output
2019-12-23 01:21:52 -05:00
a1e78e8515
fix needlessly re-adding entries
2019-12-23 01:20:56 -05:00
906b3d32e7
output
2019-12-23 01:09:57 -05:00
4f76867da6
lower debugging
2019-12-23 01:08:02 -05:00
dc6e5d8508
fix
2019-12-23 01:06:38 -05:00
87b999f92a
refactoring
2019-12-23 00:59:43 -05:00
065ff4bd05
sanity_tests
2019-12-23 00:59:24 -05:00
fef1469fe6
exit non-zero if capability removal failed
2019-12-23 00:51:14 -05:00
17a8c29470
fix capability removal error handling
...
https://forums.whonix.org/t/disable-suid-binaries/7706/45
2019-12-23 00:47:49 -05:00
b631e2ecd8
refactoring
2019-12-23 00:36:41 -05:00
7aea304549
comment
2019-12-23 00:26:15 -05:00
f4b1df02ee
Remove suid / gid and execute permission for 'group' and 'others'.
...
Similar to: chmod og-ugx /path/to/filename
Removing execution permission is useful to make binaries such as 'su' fail closed rather
than fail open if suid was removed from these.
Do not remove read access since no security benefit and easier to manually undo for users.
chmod 744
2019-12-22 19:42:40 -05:00
d300db3cde
output
2019-12-21 14:45:11 -05:00
3921846df6
comment
2019-12-21 14:36:42 -05:00
1e8457ea47
no longer remount /lib
...
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/25
2019-12-21 14:06:10 -05:00
10c19d6a8f
Merge remote-tracking branch 'origin/master'
2019-12-21 13:00:41 -05:00
f5a52aeddc
Don't remount /sys/kernel/security
2019-12-21 14:55:28 +00:00
b2260f48f4
add support for /etc/exec / /usr/local/etc/exec
...
to allow enabling exec on a per VM basis
2019-12-21 08:03:33 -05:00
b74e5ca972
comment
2019-12-21 07:47:00 -05:00
8fb17624bc
comment
2019-12-21 07:44:51 -05:00
aef796a524
disable debugging
2019-12-21 07:44:23 -05:00
