Bug#940311: merge with lockdown / security-misc?
On Sat, 2019-09-21 at 10:02 +, Patrick Schleizer wrote: > As for kernel settings (sysctl) and kernel parameters by KSPP... Our > files in > > https://github.com/Whonix/security-misc/tree/master/etc/default/grub.d > > and https://github.com/Whonix/security-misc/tree/master/etc/sysctl.d > > could be merged into hardening-runtime? hardening-runtime is maintained in salsa so feel free to submit merge request for settings not already in there. I'm not against having a file per setting but I'm unsure if it's really that helpful. Regards, -- Yves-Alexis
Bug#940311: merge with lockdown / security-misc?
> I'm not sure what security-misc exactly is Inspired by Kernel Self Protection Project (KSPP) Implements most if not all recommended Linux kernel settings (sysctl) and kernel parameters by KSPP. https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project On top of that does other things. These are fully documented (or at least mentioned) in the readme: https://github.com/Whonix/security-misc Some changes may or may be more controversial. You tell me. As for kernel settings (sysctl) and kernel parameters by KSPP... Our files in https://github.com/Whonix/security-misc/tree/master/etc/default/grub.d and https://github.com/Whonix/security-misc/tree/master/etc/sysctl.d could be merged into hardening-runtime? Cheers, Patrick
Bug#940311: merge with lockdown / security-misc?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, 2019-09-15 at 12:48 +, Patrick Schleizer wrote: > Package: hardening-runtime > Severity: wishlist > X-Debbugs-CC: whonix-de...@whonix.org > > We now have (at least) three very similar packages. > > * https://packages.debian.org/buster/lockdown > * https://packages.debian.org/buster/hardening-runtime > * https://github.com/Whonix/security-misc > Hi, I'm not sure what security-misc exactly is but we try some coordination with lockdown when I first filed an ITP (see #919226) but it didn't really go anywhere. Regards, - -- Yves-Alexis -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAl1+cXMACgkQ3rYcyPpX RFttNggAh7R+0+mnu9lEJH8IzqXpSxB30gnueRPrjVbxDyiThIoLVd/44hyJAi4f 8IK9sKPfIomu4pXb6FK1Smp92dEpnG7Fg+AhkPHxxkAtSFS4kop2AFh/lmS0f5yz 1g+DVMpr0HvToShKAL8H8CQjAbUxjPI4A9DbE/cUnvm0rUfXq2t8i5VyfQDK9JmS 7+Sxt9aUMUxp1eBUw9WNh/pA8/K5gJGvRHCW1bYPIqS54ITQIrDE1ZFkNHSQUq9p x9pKHAsnAFjGGONqqe+KusgI6v/UfhDfM+fl5LHItYHhEE/Ui466GUB4tt5q3rn6 evcAFCIYDNAf6nd/NcC2aoOD71fFBg== =PPny -END PGP SIGNATURE-
Bug#940311: merge with lockdown / security-misc?
Package: hardening-runtime Severity: wishlist X-Debbugs-CC: whonix-de...@whonix.org We now have (at least) three very similar packages. * https://packages.debian.org/buster/lockdown * https://packages.debian.org/buster/hardening-runtime * https://github.com/Whonix/security-misc Let's join forces before we independently reinvent everything. :) Cheers, Patrick
