security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-21 05:10:41 +07:00

Author	SHA1	Message	Date
Patrick Schleizer	729fa26eca	use pam_acccess only for /etc/pam.d/login remove "Allow members of group 'ssh' to login." remove "+:ssh:ALL EXCEPT LOCAL"	2019-12-12 09:00:08 -05:00
Patrick Schleizer	c1800b13fe	separate group "ssh" for incoming ssh console permission Thanks to @madaidan https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/16	2019-12-07 11:26:39 -05:00
Patrick Schleizer	021b06dac9	add hvc0 to hvc9	2019-12-07 06:04:45 -05:00
Patrick Schleizer	8a59662a44	comment	2019-12-07 06:02:45 -05:00
Patrick Schleizer	cda6724755	add pts/0 to pts/9	2019-12-07 05:56:57 -05:00
Patrick Schleizer	218cbddba9	comment	2019-12-07 05:52:06 -05:00
Patrick Schleizer	6479c883bf	Console Lockdown. Allow members of group 'console' to use tty1 to tty7. Everyone else except members of group 'console-unrestricted' are restricted from using console using ancient, unpopular login methods such as using /bin/login over networks, which might be exploitable. (CVE-2001-0797) Not enabled by default in this package since this package does not know which users shall be added to group 'console'. In new Whonix builds, user 'user" will be added to group 'console' and pam console-lockdown enabled by package anon-base-files. /usr/share/pam-configs/console-lockdown /etc/security/access-security-misc.conf https://forums.whonix.org/t/etc-security-hardening/8592	2019-12-07 05:40:20 -05:00
madaidan	230ef34db4	Create disable-coredumps.conf	2019-06-30 00:19:04 +00:00