search

Kicksecure / security-misc

Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-misc
https://www.kicksecure.com/wiki/Impressum
Other
517 stars 51 forks source link

improve output by permission-hardener #158

Closed adrelanos closed 1 year ago

adrelanos commented 1 year ago

Too verbose and not particularly helpful. I plan on removing:

Running SUID Disabler and Permission Hardener... See also:
https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener

/var/lib/dpkg/info/security-misc.postinst: INFO: run: /usr/libexec/security-misc/permission-hardening
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_passwd.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_passwd.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_sudo.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_sudo.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_bubblewrap.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_bubblewrap.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_chromium.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_chromium.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_dbus.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_dbus.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_firejail.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_firejail.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_fuse.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_fuse.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_mount.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_mount.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_pam.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_pam.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_policykit.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_policykit.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_qubes.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_qubes.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_selinux.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_selinux.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_spice.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_spice.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_sudo.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_sudo.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_unix_chkpwd.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_unix_chkpwd.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_virtualbox.conf'
INFO: END parsing config_file: '/etc/permission-hardening.d/25_default_whitelist_virtualbox.conf'
INFO: START parsing config_file: '/etc/permission-hardening.d/30_default.conf'
INFO: fso: '/usr/local/etc/permission-hardening.d' - does not exist. This is likely normal.
INFO: fso: '/etc/syslog.conf' - does not exist. This is likely normal.
INFO: fso: '/etc/ssh/sshd_config' - does not exist. This is likely normal.
INFO: SKIP whitelisted - set-user-id  found - file_name: '/bin/pkexec' | existing_mode: '4755'
INFO: SKIP matchwhitelisted - set-user-id  found - file_name: '/bin/fusermount3' | existing_mode: '4755' | matchwhite_list_entry: '/fusermount'
INFO: SKIP whitelisted - set-user-id  found - file_name: '/bin/sudo' | existing_mode: '4755'
INFO: SKIP whitelisted - set-user-id  found - file_name: '/usr/bin/pkexec' | existing_mode: '4755'
INFO: SKIP matchwhitelisted - set-user-id  found - file_name: '/usr/bin/fusermount3' | existing_mode: '4755' | matchwhite_list_entry: '/fusermount'
INFO: SKIP whitelisted - set-user-id  found - file_name: '/usr/bin/sudo' | existing_mode: '4755'
INFO: fso: '/usr/local/usr/bin/' - does not exist. This is likely normal.
INFO: SKIP whitelisted -  set-group-id found - file_name: '/sbin/unix_chkpwd' | existing_mode: '2755'
INFO: SKIP whitelisted -  set-group-id found - file_name: '/usr/sbin/unix_chkpwd' | existing_mode: '2755'
INFO: fso: '/usr/local/usr/sbin/' - does not exist. This is likely normal.
INFO: SKIP matchwhitelisted - set-user-id  found - file_name: '/lib/dbus-1.0/dbus-daemon-launch-helper' | existing_mode: '4754' | matchwhite_list_entry: 'dbus-daemon-launch-helper'
INFO: SKIP matchwhitelisted - set-user-id  found - file_name: '/lib/qubes/qfile-unpacker' | existing_mode: '4755' | matchwhite_list_entry: '/qubes/qfile-unpacker'
INFO: SKIP matchwhitelisted - set-user-id  found - file_name: '/lib/polkit-1/polkit-agent-helper-1' | existing_mode: '4755' | matchwhite_list_entry: 'polkit-agent-helper-1'
INFO: SKIP matchwhitelisted -  set-group-id found - file_name: '/lib/x86_64-linux-gnu/utempter/utempter' | existing_mode: '2755' | matchwhite_list_entry: '/utempter/utempter'
INFO: fso: '/usr/local/lib32/' - does not exist. This is likely normal.
INFO: fso: '/usr/local/lib64/' - does not exist. This is likely normal.
INFO: SKIP matchwhitelisted - set-user-id  found - file_name: '/usr/lib/dbus-1.0/dbus-daemon-launch-helper' | existing_mode: '4754' | matchwhite_list_entry: 'dbus-daemon-launch-helper'
INFO: SKIP matchwhitelisted - set-user-id  found - file_name: '/usr/lib/qubes/qfile-unpacker' | existing_mode: '4755' | matchwhite_list_entry: '/qubes/qfile-unpacker'
INFO: SKIP matchwhitelisted - set-user-id  found - file_name: '/usr/lib/polkit-1/polkit-agent-helper-1' | existing_mode: '4755' | matchwhite_list_entry: 'polkit-agent-helper-1'
INFO: SKIP matchwhitelisted -  set-group-id found - file_name: '/usr/lib/x86_64-linux-gnu/utempter/utempter' | existing_mode: '2755' | matchwhite_list_entry: '/utempter/utempter'
INFO: fso: '/usr/local/usr/lib/' - does not exist. This is likely normal.
INFO: fso: '/usr/local/usr/lib32/' - does not exist. This is likely normal.
INFO: fso: '/usr/local/usr/lib64/' - does not exist. This is likely normal.
INFO: fso: '/usr/local/opt/' - does not exist. This is likely normal.
INFO: END parsing config_file: '/etc/permission-hardening.d/30_default.conf'
/var/lib/dpkg/info/security-misc.postinst: INFO: Permission hardening success.
adrelanos commented 1 year ago

These could be introduced with a --debug command line switch or something if somebody was to contribute that.