security-misc
security-misc copied to clipboard
Kicksecure
Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.co...
This is the script I use to prevent failures on startup when using proc-hidepid.service I've had this configuration running for over a year now on a server host system, and...
Which software / source code sets the initial insecure mount options anyhow? Could we fix it there instead of adding a band-aid on top?
We should depend on usbguard as a package. When installed on debian, usb guard settings are configured in a way that all devices are rejected, only those that were already...
After applying the changes in https://github.com/Kicksecure/security-misc/issues/208, does `pkexec` work for you? @wryMitts ---- Test command (X11 only compatible, not working in Wayland): pkexec mousepad /tmp/testfile I.e. try running any application...
> But for sensitive proc, I think I found a better way. We can modify the mount options. Procfs has the mount option ```subset```. We can set this to the...
> How much work would it require to package this source as an ```.rpm```? I would really like to test this on opensuse. I can also a tool like alien,...
This is a file I would normally expect to be restricted by `kernel.dmesg_restrict = 1` yet I can still read it on my system. Leaks hardware info, kernel module info....
> Add /proc/kallsyms to the list as well, as this contains all the memory addresses for each kernel symbol. Originally posted by @monsieuremre in https://github.com/Kicksecure/security-misc/issues/172 Maybe not needed if we...
Currently umask is set to `027` (read, write for owner and group only). (Group is OK because Debian uses `usergroups` by default, [`UPG`](https://wiki.debian.org/UserPrivateGroups) (UserPrivateGroups)). This however should not be the...
Closes https://github.com/Kicksecure/security-misc/issues/199
Metadata
Owner
Metadata
Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.co...