security-misc
security-misc copied to clipboard
Kicksecure
Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.co...
The comment here https://github.com/Kicksecure/security-misc/blob/c19942f72b8d74056dd8da8c3cd9ac7e0fbe8991/etc/sysctl.d/tcp_sack.conf#L1-L2 makes it appear as if using DSACK would be a security problem. However, the discussion linked doesn't seem to provide any evidence for this. The linked...
The only missing parts of this are the /tmp, /dev/shm and /run restrictions as systemd doesn't seem to like them: dev-shm.mount: Cannot create mount unit for API file system /dev/shm
According to the kernel's documentation: auto,nosmt: Mitigate all CPU vulnerabilities, disabling SMT if needed. This is for users who always want to be fully mitigated, even if it means losing...
random report on reddit: https://www.reddit.com/r/Kicksecure/comments/1bjyvm5/should_i_enable_back_msr_kernel_module/ Another user I know also reported the same issue a while ago. references: * https://security.stackexchange.com/questions/119712/methods-root-can-use-to-elevate-itself-to-kernel-mode * https://forums.whonix.org/t/disabling-cpu-msrs-breaks-cpu-temperature-control/10397
Defaulting ether of ```text net.ipv4.conf.all.log_martians net.ipv4.conf.default.log_martians ``` to a 'on'/1 value breaks thing and makes the machine very slow, even crashing it... TL;DR; See *** at the bottom. Join me,...
Servers and workstations differ heavily, and there is no universal hardening that is also fine grained for both. A server is inherently a network. This package should prioritize workstations, as...
As the title says. I think whonix maintainers in the forum have discarded the idea of moving back to kde too quickly. Moreover, I find most all of the arguments...
I think it should be considered to move applicaiton specific hardening to its own repository. Even if this happens or not, consider firefox as the default browser. Hardening might seem...
Developer discussion. Not for users since not the in the testers repository yet. Based suggestions in https://github.com/Kicksecure/security-misc/pull/202 thanks to @monsieuremre, recently I have improved. * systemd unit file: https://github.com/Kicksecure/security-misc/blob/master/usr/lib/systemd/system/remount-secure.service *...
Let's make use of systemd sandboxing mechanisms to harden all services by default, whitelisting any services where necessary. * Big time advantage: not bothering to sandbox single services one by...
Metadata
Owner
Metadata
Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.co...