Kicksecure security-misc issues

Kicksecure / security-misc

Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-misc

https://www.kicksecure.com/wiki/Impressum

Other

516 stars 51 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Security-misc boot time kernel parameters missing from Qubes VMs

#281 hoppity2 closed 2 weeks ago
1
Enable `ssbd=force-on`

#280 raja-grewal closed 2 weeks ago
0
Provide network-related hardening options via `sysctl`'s

#279 raja-grewal opened 2 weeks ago
6
review Brace to see if there are security settings which aren't part of security-misc (or Kicksecure yet)

#278 adrelanos opened 1 month ago
1
Protecting /sys and /proc

#277 monsieuremre opened 1 month ago
3
Clarify KSPP compliance header

#276 raja-grewal closed 1 month ago
0
slightly confusing KSPP header, introduce `KSPP=undocumented` comment in case KSPP does not mention it

#275 adrelanos closed 1 month ago
3
`kernel.unprivileged_userns_clone=0` breaks too much

#274 adrelanos closed 1 month ago
0
Documentation update 2

#273 raja-grewal closed 1 month ago
0
Documentation update

#272 raja-grewal closed 2 months ago
0
kernel module blacklist breaks VirtualBox audio devices ICH AC97 and maybe Intel HD

#271 adrelanos closed 2 months ago
0
Small typo

#270 raja-grewal closed 2 months ago
0
Minor correction

#269 raja-grewal closed 2 months ago
0
Enable `panic_on_warn=1`

#268 raja-grewal closed 2 months ago
1
file/folder permissions issue `d????????? ? ? ? ? ? .` | Firefox no longer starting (probably not not a Firefox issue) | caused by disallow registering interpreters for miscellaneous binary formats `sysctl fs.binfmt_misc.status=0`

#267 adrelanos opened 3 months ago
2
Minor presentation updates

#266 raja-grewal closed 3 months ago
0
Set `sysctl vm.mmap_min_addr=65536`

#265 raja-grewal closed 2 months ago
2
Add KSPP compliance notices to corresponding parameters and `sysctls`

#264 raja-grewal closed 3 months ago
8
Provide option to disable user namespaces

#263 raja-grewal closed 3 months ago
3
Miscellaneous updates to presentation

#262 raja-grewal closed 3 months ago
1
Simplify syntax of some network-related `sysctl`'s

#261 raja-grewal closed 3 months ago
2
Enable `vdso32=0`

#260 raja-grewal closed 3 months ago
0
Enable `kfence.sample_interval=100`

#259 raja-grewal closed 3 months ago
0
Enable `dev.tty.legacy_tiocsti=0`

#258 raja-grewal closed 3 months ago
0
Enable `slab_debug=FZ`

#257 raja-grewal closed 3 months ago
0
document sysctl settings / kernel parameters using KSPP=yes / KSPP=no

#256 adrelanos closed 2 months ago
7
Restore option to enable `slub_debug=FZ`

#255 raja-grewal closed 3 months ago
0
Updates to kernel and `sysctl` hardening

#254 raja-grewal closed 3 months ago
0
Use `slub_debug=FZ`?

#253 cynicsketch closed 3 months ago
6
Mitigate tar storing usernames and groups

#252 groovy-boiler closed 3 months ago
3
Stat dedup

#251 ben-grande closed 4 months ago
0
Add details on "oopes" and kernel panics

#250 raja-grewal closed 4 months ago
0
Disallow registering interpreters for miscellaneous binary formats

#249 raja-grewal closed 3 months ago
10
Re-enable (default) `secure_redirects` for ICMP redirect messages

#248 raja-grewal closed 3 months ago
5
Fuzz permission-hardener

#247 ben-grande closed 4 months ago
0
Provide the option to change the default CFI implementation in the future

#246 raja-grewal closed 4 months ago
0
Update `/etc/modprobe.d/*`

#245 raja-grewal closed 3 months ago
2
Minor documentation changes

#244 raja-grewal closed 4 months ago
4
Restrict unprivileged user namespaces

#243 raja-grewal closed 3 months ago
1
Disable the usage of `ptrace()` by all processes

#242 raja-grewal closed 4 months ago
8
Miscellaneous (HTTPS, Copyright, etc.)

#241 raja-grewal closed 4 months ago
0
Remove obsolete `#net.ipv4.tcp_fack=0`

#240 raja-grewal closed 4 months ago
0
no longer disable Intel ME related kernel modules

#239 adrelanos closed 4 months ago
10
Minor additions to `30_security-misc_disable.conf`

#238 raja-grewal closed 4 months ago
1
Disable some Intel PMT kernel modules

#237 raja-grewal closed 4 months ago
3
Disable more Intel ME kernel modules

#236 raja-grewal closed 4 months ago
8
Blacklist the `uvcvideo` driver

#235 raja-grewal closed 4 months ago
5
Disable more kernel modules

#234 raja-grewal closed 4 months ago
6
Refactor `/etc/default/grub.d/*`

#233 raja-grewal closed 4 months ago
9
Update presentation of `/etc/modprobe.d/*`

#232 raja-grewal closed 4 months ago
1