mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-20 21:01:00 +07:00
Code Issues Packages Projects Releases Wiki Activity
NaN Commits 4 Branches 456 Tags
f550fbe07cafb75112e98268730d1bcc511489e2
Commit Graph

18 Commits

Author SHA1 Message Date
Raja Grewal
1bb843ec38 Update Copyright (C) to 2024 2024-05-11 13:18:36 +10:00
Raja Grewal
7a4212dd76 Update copyright 2023-03-30 17:08:47 +11:00
Patrick Schleizer
2d37e3a1af copyright 2022-05-20 14:46:38 -04:00
Patrick Schleizer
a67007f4b7 copyright 2021-03-17 09:45:21 -04:00
Patrick Schleizer
a258f35f38 comment 2021-01-05 02:11:08 -05:00
Patrick Schleizer
7e267ab498 fix, allow group sudo and console to use consoles 
fix /etc/security/access-security-misc.conf syntax error

Thanks to @81a989 for the bug report!

https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/31
 2020-08-03 08:12:19 -04:00
Patrick Schleizer
253578afdf /etc/security/access-security-misc.conf white list ttyS0 etc. 
ttyS0 ttyS1 ttyS2 ttyS3 ttyS4 ttyS5 ttyS6 ttyS7 ttyS8 ttyS9

Thanks to @subpar_marlin for the bug report and helping to fix this!

https://forums.whonix.org/t/how-do-i-enter-the-whonix-shell-from-cli/7271/43

https://forums.whonix.org/t/etc-security-hardening/8592
 2020-04-13 06:50:32 -04:00
Patrick Schleizer
a7f2a2a3b6 console lockdown: allow members of group sudo to use console 
https://forums.whonix.org/t/etc-security-hardening/8592

https://github.com/Whonix/security-misc/pull/74#issuecomment-607748407

https://www.whonix.org/wiki/Dev/Strong_Linux_User_Account_Isolation#Console_Lockdown
 2020-04-02 06:04:45 -04:00
Patrick Schleizer
7764ee0d20 comments 2020-04-02 05:58:16 -04:00
Patrick Schleizer
2ceea8d1fe update copyright year 2020-04-01 08:49:59 -04:00
Patrick Schleizer
814f613a2f When using systemd-nspawn (chroot) then login requires console 'console' to be permitted. 2020-03-31 07:08:25 -04:00
Patrick Schleizer
729fa26eca use pam_acccess only for /etc/pam.d/login 
remove "Allow members of group 'ssh' to login."
remove "+:ssh:ALL EXCEPT LOCAL"
 2019-12-12 09:00:08 -05:00
Patrick Schleizer
c1800b13fe separate group "ssh" for incoming ssh console permission 
Thanks to @madaidan

https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16
 2019-12-07 11:26:39 -05:00
Patrick Schleizer
021b06dac9 add hvc0 to hvc9 2019-12-07 06:04:45 -05:00
Patrick Schleizer
8a59662a44 comment 2019-12-07 06:02:45 -05:00
Patrick Schleizer
cda6724755 add pts/0 to pts/9 2019-12-07 05:56:57 -05:00
Patrick Schleizer
218cbddba9 comment 2019-12-07 05:52:06 -05:00
Patrick Schleizer
6479c883bf Console Lockdown. 
Allow members of group 'console' to use tty1 to tty7. Everyone else except
members of group 'console-unrestricted' are restricted from using console
using ancient, unpopular login methods such as using /bin/login over networks,
which might be exploitable. (CVE-2001-0797)

Not enabled by default in this package since this package does not know which
users shall be added to group 'console'.

In new Whonix builds, user 'user" will be added to group 'console' and
pam console-lockdown enabled by package anon-base-files.

/usr/share/pam-configs/console-lockdown

/etc/security/access-security-misc.conf

https://forums.whonix.org/t/etc-security-hardening/8592
 2019-12-07 05:40:20 -05:00