## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. rm_conffile /etc/sudoers.d/umask-security-misc ## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079 rm_conffile /etc/sysctl.d/sysrq.conf ## https://github.com/Whonix/security-misc/pull/45 rm_conffile /etc/apparmor.d/usr.lib.security-misc.pam_tally2-info rm_conffile /etc/apparmor.d/usr.lib.security-misc.permission-lockdown ## merged into 3 files /usr/lib/sysctl.d/30_security-misc_kexec-disable.conf, /usr/lib/sysctl.d/30_silent-kernel-printk.conf, and /usr/lib/sysctl.d/990-security-misc.conf rm_conffile /etc/sysctl.d/fs_protected.conf rm_conffile /etc/sysctl.d/kptr_restrict.conf rm_conffile /etc/sysctl.d/suid_dumpable.conf rm_conffile /etc/sysctl.d/harden_bpf.conf rm_conffile /etc/sysctl.d/ptrace_scope.conf rm_conffile /etc/sysctl.d/tcp_timestamps.conf rm_conffile /etc/sysctl.d/mmap_aslr.conf rm_conffile /etc/sysctl.d/dmesg_restrict.conf rm_conffile /etc/sysctl.d/coredumps.conf rm_conffile /etc/sysctl.d/kexec.conf rm_conffile /etc/sysctl.d/tcp_hardening.conf rm_conffile /etc/sysctl.d/tcp_sack.conf ## merged into 3 files /etc/modprobe.d/30_security-misc_blacklist.conf, 30_security-misc_conntrack.conf, and /etc/modprobe.d/30_security-misc_disable.conf rm_conffile /etc/modprobe.d/uncommon-network-protocols.conf rm_conffile /etc/modprobe.d/blacklist-bluetooth.conf rm_conffile /etc/modprobe.d/vivid.conf rm_conffile /etc/modprobe.d/blacklist-dma.conf rm_conffile /etc/modprobe.d/msr.conf rm_conffile /etc/modprobe.d/30_nf_conntrack_helper_disable.conf rm_conffile /etc/modprobe.d/30_security-misc.conf ## renamed to /etc/security/limits.d/30_security-misc.conf rm_conffile /etc/security/limits.d/disable-coredumps.conf ## moved to separate package ram-wipe rm_conffile /etc/default/grub.d/40_cold_boot_attack_defense.cfg rm_conffile /etc/X11/Xsession.d/50panic_on_oops rm_conffile /etc/X11/Xsession.d/50security-misc ## moved to /usr/lib/sysctl.d rm_conffile /etc/sysctl.d/30_security-misc.conf rm_conffile /etc/sysctl.d/30_silent-kernel-printk.conf rm_conffile /etc/sysctl.d/30_security-misc_kexec-disable.conf ## moved to /etc/permission-hardener.d rm_conffile /etc/permission-hardening.d/25_default_passwd.conf rm_conffile /etc/permission-hardening.d/25_default_sudo.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_bubblewrap.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_chromium.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_dbus.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_firejail.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_fuse.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_hardened_malloc.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_mount.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_pam.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_policykit.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_qubes.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_selinux.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_spice.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_ssh.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_sudo.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_unix_chkpwd.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_virtualbox.conf rm_conffile /etc/permission-hardening.d/30_default.conf ## merged into 1 file /etc/default/grub.d/40_kernel_hardening.cfg rm_conffile /etc/default/grub.d/40_distrust_bootloader.cfg rm_conffile /etc/default/grub.d/40_distrust_cpu.cfg rm_conffile /etc/default/grub.d/40_enable_iommu.cfg ## renamed to /etc/default/grub.d/40_remount_secure.cfg rm_conffile /etc/default/grub.d/40_remmount-secure.cfg ## renamed to /etc/default/grub.d/40_signed_modules.cfg rm_conffile /etc/default/grub.d/40_only_allow_signed_modules.cfg ## renamed to /etc/default/grub.d/41_quiet_boot.cfg rm_conffile /etc/default/grub.d/41_quiet.cfg ## moved to usability-misc rm_conffile /etc/dkms/framework.conf.d/30_security-misc.conf