34a2bc16c8
description
2019-12-07 07:15:58 -05:00
d823f06c78
description
2019-12-07 07:13:42 -05:00
090ddbe96a
description
2019-12-07 06:00:41 -05:00
6479c883bf
Console Lockdown.
...
Allow members of group 'console' to use tty1 to tty7. Everyone else except
members of group 'console-unrestricted' are restricted from using console
using ancient, unpopular login methods such as using /bin/login over networks,
which might be exploitable. (CVE-2001-0797)
Not enabled by default in this package since this package does not know which
users shall be added to group 'console'.
In new Whonix builds, user 'user" will be added to group 'console' and
pam console-lockdown enabled by package anon-base-files.
/usr/share/pam-configs/console-lockdown
/etc/security/access-security-misc.conf
https://forums.whonix.org/t/etc-security-hardening/8592
2019-12-07 05:40:20 -05:00
52934c9288
bumped changelog version
2019-12-07 02:02:32 -05:00
6d92d03b31
description
2019-12-07 01:54:50 -05:00
0afcc5e798
bumped changelog version
2019-12-06 12:43:21 -05:00
af0cf058e7
bumped changelog version
2019-12-06 11:18:20 -05:00
bff425fec2
bumped changelog version
2019-12-06 09:32:18 -05:00
470cad6e91
remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
...
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
2019-12-06 05:14:02 -05:00
af9e19c51f
Update control
2019-12-05 20:14:55 +00:00
0c25a96b59
description / comments
2019-12-03 02:18:32 -05:00
8d63da3cef
Update control
2019-12-02 16:46:12 +00:00
6ca48fffdc
bumped changelog version
2019-11-28 10:22:41 -05:00
25aed91eb1
description
2019-11-28 09:20:46 -05:00
0c4e5df3e0
description
2019-11-28 09:18:05 -05:00
5ac2a6f9ac
description
2019-11-28 09:17:32 -05:00
ff3412fbe0
fix, make sure to undo pam changes on package removal
...
Thanks to minimal for the bug report!
https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/11
2019-11-27 10:22:31 -05:00
9091f69edd
bumped changelog version
2019-11-25 08:51:36 +00:00
aa5451c8cd
Lock user accounts after 50 rather than 100 failed login attempts.
...
https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698/19
2019-11-25 01:39:53 -05:00
6277db1383
bumped changelog version
2019-11-23 14:07:45 +00:00
fe1f1b73a7
load jitterentropy_rng kernel module for better entropy collection
...
https://www.whonix.org/wiki/Dev/Entropy
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972
https://forums.whonix.org/t/jitterentropy-rngd/7204
2019-11-23 11:20:32 +00:00
e76e1475b0
comment
2019-11-22 12:24:35 -05:00
a99dfd067a
bumped changelog version
2019-11-19 15:31:55 +00:00
8ad8dbea5a
bumped changelog version
2019-11-18 19:16:16 +00:00
d1d61b106b
bumped changelog version
2019-11-09 18:44:50 +00:00
6b7df973f6
bumped changelog version
2019-11-09 12:57:45 +00:00
6e28774f95
bumped changelog version
2019-11-09 12:23:15 +00:00
b55c2fd62e
Enables punycode (network.IDN_show_punycode) by default in Thunderbird
...
to make phising attacks more difficult. Fixing URL not showing real Domain
Name (Homograph attack).
https://forums.whonix.org/t/enable-network-idn-show-punycode-by-default-in-thunderbird-to-fix-url-not-showing-real-domain-name-homograph-attack-punycode/8415
2019-11-03 02:50:51 -05:00
bf62306d4f
bumped changelog version
2019-10-31 16:34:35 +00:00
6e5d8b357d
bumped changelog version
2019-10-31 16:06:51 +00:00
203d5cfa68
copyright
2019-10-31 11:19:44 -04:00
0699747fcb
Debian packaging
2019-10-28 14:24:37 +00:00
fe4e29d392
Depend on dh-apparmor
2019-10-28 14:22:47 +00:00
d832ab91bd
bumped changelog version
2019-10-23 10:22:03 +00:00
9c8f678cb9
bumped changelog version
2019-10-21 09:55:41 +00:00
2d436f3602
bumped changelog version
2019-10-21 09:51:36 +00:00
40707e70db
Redirect calls for pkexec to lxqt-sudo because pkexec is incompatible with hidepid.
...
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860040
https://forums.whonix.org/t/cannot-use-pkexec/8129
Thanks to AnonymousUser for the bug report!
2019-10-21 05:46:49 -04:00
31b771ac2e
bumped changelog version
2019-10-18 10:39:43 +00:00
957deac5cb
fix lintian warning
...
W: security-misc: maintainer-script-should-not-parse-etc-passwd-or-group preinst:19
2019-10-18 10:38:25 +00:00
d301e7f365
description, fix lintian warning
2019-10-18 10:36:44 +00:00
ce6b64a9ba
bumped changelog version
2019-10-18 08:55:07 +00:00
c9d75ef9ea
abort installation if no user is part of group sudo
...
https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4
Thanks to minimal for the bug report!
2019-10-17 06:46:47 -04:00
8a42c5b023
Merge pull request #34 from madaidan/whitelist
...
Add a whitelist for /sys and /proc/cpuinfo
2019-10-17 09:59:12 +00:00
259b1f2c71
Update control
2019-10-16 19:21:24 +00:00
af607d5eb2
Create sysfs and cpuinfo groups
2019-10-15 21:02:03 +00:00
4b1b3b7d66
bumped changelog version
2019-10-14 10:23:01 +00:00
8b4f2befd4
comment out sack by default
...
https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/8?u=patrick
2019-10-05 13:15:34 +00:00
02096f8d7c
Revert "undo Disabling TCP SACK, DSACK, FACK"
...
This reverts commit 5fb4eb8e56
2019-10-05 13:13:46 +00:00
62a0239207
bumped changelog version
2019-10-05 11:33:15 +00:00
