security-misc
security-misc copied to clipboard
Kicksecure
Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.co...
[As mentioned here](https://gitlab.tails.boum.org/tails/tails/-/issues/20813) kernel panics and oopses can cause kernel logs to be written that can reveal the kernel version, hostname, and user. This may not be something a user...
### Research and improve upon the Thunderbird preferences shipped with Kicksecure. - **HorlogeSkynet/thunderbird-user.js** has many improvements taken from Arkenfox since Thunderbird shares many of the same prefs as Firefox. I...
#### Description: This pull request starts #300 which includes several updates aimed at enhancing privacy, performance, and user experience. Below are the specific changes made: ## Changes 1. **Telemetry and...
* https://github.com/secureblue/secureblue/blob/live/files/system/etc/sysctl.d/hardening.conf * https://github.com/secureblue/secureblue/blob/a6b58f042b0e9e9036a6d68a5b202eed96a1a892/files/system/etc/sysctl.d/hardening.conf
Should Kicksecure disable disable legacy 32-bit vsyscalls via `abi.vsyscall32 = 0` ? I'm on the fence about disabling 32 emulation support via `ia32_emulation=0` since that would disable application support for...
This pull request provides the options to enable two extensions of AMD Secure Encrypted Virtualization (SEV): - SEV-ES (Encrypted State) extends SEV by encrypting each guests virtual CPU register state...
My ethernet usb adapter shows `with-interface ff:ff:00 with-connect-type "hotplug"` >Base Class FFh (Vendor Specific) >> This base class is defined for vendors to use as they please. These class codes...
This pull request provides the option to panic upon the kernel becoming tainted. After first testing, this can be used to enforce strict user-defined kernel operation and security at runtime....
This pull request addresses a misconception with our use of `mitigations=auto,nosmt`. It adds documentation explaining why the kernel boot parameter is redundant and not sufficient if maximum security hardening is...
This pull request updates our list of blacklisted and disabled kernel modules. The last major updates were done by us around July 2024 in https://github.com/Kicksecure/security-misc/pull/230, https://github.com/Kicksecure/security-misc/pull/232, https://github.com/Kicksecure/security-misc/pull/234, https://github.com/Kicksecure/security-misc/pull/236, https://github.com/Kicksecure/security-misc/pull/237, https://github.com/Kicksecure/security-misc/pull/238,...
Metadata
Owner
Metadata
Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.co...