400 Commits

Author	SHA1	Message	Date
Patrick Schleizer	f70a034da2	exclude hardened malloc from SUID disabler ... fixes https://github.com/Kicksecure/security-misc/issues/179	2023-12-22 08:31:58 -05:00
Patrick Schleizer	5a73817a95	move to /usr/lib/issue.d/20_security-misc.issue ... https://github.com/Kicksecure/security-misc/pull/167	2023-12-04 11:38:49 -05:00
Patrick Schleizer	dfaea492c7	remove etc/issue.net.d/20_security-misc ... since not mentioned on debian.org	2023-12-04 11:37:02 -05:00
Patrick Schleizer	36850f89fb	Merge pull request #167 from monsieuremre/patch-4 ... Non-Identifiable and Generic Issue Banners that include the Recommended Keywords	2023-12-04 11:27:16 -05:00
Patrick Schleizer	c9ea7a4dca	use amd_iommu=force_isolation instead of amd_iommu=force_enable ... because we set `iommu=force` already anyhow fixes https://github.com/Kicksecure/security-misc/issues/175	2023-12-04 11:02:55 -05:00
monsieuremre	f2ad8383cf	fix	2023-12-03 19:51:38 +00:00
monsieuremre	dd15823a97	undo superfluousness	2023-12-03 19:50:07 +00:00
monsieuremre	83e13bb62d	Update 40_enable_iommu.cfg	2023-12-03 19:42:34 +00:00
monsieuremre	0d7af9707f	Update 20_security-misc	2023-12-03 19:31:12 +00:00
monsieuremre	04d27a10b0	Update 20_security-misc	2023-12-03 19:30:55 +00:00
monsieuremre	c8b9f5a917	net	2023-11-18 10:03:19 +00:00
monsieuremre	3b614f3753	20_security-misc	2023-11-18 10:02:16 +00:00
Patrick Schleizer	5bb357cac0	spice-client-glib-usb-acl-helper matchwhitelist	2023-11-06 16:55:00 -05:00
Patrick Schleizer	7309445ee5	comment	2023-11-06 16:52:27 -05:00
Patrick Schleizer	f09d97fc9e	whitelist VirtualBox	2023-11-06 16:50:19 -05:00
Patrick Schleizer	64c8c7a8d5	whitelist SSH	2023-11-06 16:47:31 -05:00
Patrick Schleizer	9682b51d54	whitelist virtualbox	2023-11-06 16:44:36 -05:00
Patrick Schleizer	a40b9bc095	comments	2023-11-06 16:40:22 -05:00
Patrick Schleizer	2c1a3da433	VirtualBoxVM matchwhitelist	2023-11-06 16:38:50 -05:00
Patrick Schleizer	4e96ffaabb	chrome-sandbox matchwhitelist	2023-11-06 16:37:19 -05:00
Patrick Schleizer	51decff2fd	exclude qfile-unpacker from permission hardener	2023-11-05 16:03:36 -05:00
Patrick Schleizer	1900c1ab07	pam exclude from permission-hardener	2023-11-05 15:57:49 -05:00
Patrick Schleizer	5a75bcfb19	Merge pull request #145 from monsieuremre/wifi-and-bluetooth ... Wifi and Bluetooth Patch | Security and Privacy	2023-11-05 14:49:00 -05:00
Patrick Schleizer	4946f85d43	Merge pull request #146 from monsieuremre/thunderbird ... Thunderbird Hardening	2023-11-05 14:37:47 -05:00
Patrick Schleizer	97054b2b10	revert enabling kernel module signature enforcement ... due to issues https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/63 https://github.com/dell/dkms/issues/359	2023-11-03 15:55:17 -04:00
Patrick Schleizer	0242c04dc2	port to DKMS drop-in folder ... undisplace /etc/dkms/framework.conf.security-misc moved to /etc/dkms/framework.conf.d/30_security-misc.conf	2023-11-03 14:51:14 -04:00
Patrick Schleizer	d1b5a3ffd5	/usr/sbin/pam-tmpdir-helper exactwhitelist ... https://github.com/Kicksecure/security-misc/pull/147	2023-11-03 12:55:34 -04:00
Patrick Schleizer	b6d53f698d	Revert "allow loading unsigned modules due to issues" ... This reverts commit 661bcd8603.	2023-11-03 12:17:00 -04:00
monsieuremre	1abac794b5	very secure and private defaults	2023-11-02 09:15:20 +00:00
monsieuremre	5a583ca48c	typo in file name	2023-11-02 08:30:26 +00:00
monsieuremre	229032d691	Rename etc/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf to usr/lib/systemd/networkd.conf.d/99_ipv6-privacy-extensions.conf	2023-11-01 17:54:05 +00:00
monsieuremre	1049298e7b	Update and rename etc/NetworkManager/conf.d/99_randomize-mac.conf to usr/lib/NetworkManager/conf.d/99_randomize-mac.conf	2023-11-01 17:52:40 +00:00
monsieuremre	76e684cc0a	Update and rename etc/NetworkManager/conf.d/99_ipv6-privacy.conf to usr/lib/NetworkManager/conf.d/99_ipv6-privacy.conf	2023-11-01 17:51:27 +00:00
monsieuremre	fc8e201e84	rename	2023-10-27 14:49:24 +00:00
monsieuremre	13b4ddbb62	30_security-misc.conf	2023-10-27 14:34:21 +00:00
monsieuremre	b298d152fc	30_security-misc.conf	2023-10-27 14:32:08 +00:00
monsieuremre	3d4b04fddc	99_ipv6-privacy.conf	2023-10-27 12:35:39 +00:00
monsieuremre	e90f62eaab	99_randomize_mac.conf	2023-10-27 12:34:15 +00:00
monsieuremre	604d839537	99_ipv6-privacy-extensions.conf	2023-10-27 12:30:26 +00:00
monsieuremre	f2c23a2831	ssh config	2023-10-27 10:53:45 +00:00
Patrick Schleizer	7cff267002	remove duplicates	2023-10-26 19:31:14 -04:00
monsieuremre	99355c6169	new lines 30_default.conf	2023-10-26 17:45:28 +00:00
Patrick Schleizer	b7c52800f4	renamed: etc/sysctl.d/30_security-misc.conf -> usr/lib/sysctl.d/30_security-misc.conf ... renamed: etc/sysctl.d/30_security-misc_kexec-disable.conf -> usr/lib/sysctl.d/30_security-misc_kexec-disable.conf renamed: etc/sysctl.d/30_silent-kernel-printk.conf -> usr/lib/sysctl.d/30_silent-kernel-printk.conf	2023-10-25 17:28:43 -04:00
Patrick Schleizer	f6d1346e2b	fix	2023-10-22 16:22:08 -04:00
Patrick Schleizer	11382881b5	comments	2023-10-22 16:12:26 -04:00
Patrick Schleizer	4288e10554	fix, rework remount-secure kernel parameters parsing	2023-10-22 13:25:31 -04:00
Patrick Schleizer	c409e3221e	implement remount-secure	2023-10-22 09:36:03 -04:00
Patrick Schleizer	ae2c1c5a7a	fix xession environment variable	2023-10-21 14:18:50 -04:00
Patrick Schleizer	d543825d85	comments	2023-10-21 12:24:59 -04:00
Patrick Schleizer	645ee814e4	fix	2023-10-13 15:22:48 -04:00