Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / kicksecure/security-misc issues and pull requests

#281 - Security-misc boot time kernel parameters missing from Qubes VMs

Issue - State: closed - Opened by hoppity2 15 days ago - 1 comment

#280 - Enable `ssbd=force-on`

Pull Request - State: closed - Opened by raja-grewal 18 days ago

#279 - Provide network-related hardening options via `sysctl`'s

Pull Request - State: open - Opened by raja-grewal 18 days ago - 5 comments

#277 - Protecting /sys and /proc

Issue - State: open - Opened by monsieuremre about 1 month ago - 3 comments

#276 - Clarify KSPP compliance header

Pull Request - State: closed - Opened by raja-grewal about 1 month ago

#274 - `kernel.unprivileged_userns_clone=0` breaks too much

Issue - State: closed - Opened by adrelanos about 2 months ago

#273 - Documentation update 2

Pull Request - State: closed - Opened by raja-grewal 2 months ago

#272 - Documentation update

Pull Request - State: closed - Opened by raja-grewal 2 months ago

#270 - Small typo

Pull Request - State: closed - Opened by raja-grewal 3 months ago

#269 - Minor correction

Pull Request - State: closed - Opened by raja-grewal 3 months ago

#268 - Enable `panic_on_warn=1`

Pull Request - State: closed - Opened by raja-grewal 3 months ago - 1 comment

#266 - Minor presentation updates

Pull Request - State: closed - Opened by raja-grewal 3 months ago

#265 - Set `sysctl vm.mmap_min_addr=65536`

Pull Request - State: closed - Opened by raja-grewal 3 months ago - 2 comments

#264 - Add KSPP compliance notices to corresponding parameters and `sysctls`

Pull Request - State: closed - Opened by raja-grewal 3 months ago - 8 comments

#263 - Provide option to disable user namespaces

Pull Request - State: closed - Opened by raja-grewal 3 months ago - 3 comments

#262 - Miscellaneous updates to presentation

Pull Request - State: closed - Opened by raja-grewal 3 months ago - 1 comment

#261 - Simplify syntax of some network-related `sysctl`'s

Pull Request - State: closed - Opened by raja-grewal 3 months ago - 2 comments

#260 - Enable `vdso32=0`

Pull Request - State: closed - Opened by raja-grewal 4 months ago

#259 - Enable `kfence.sample_interval=100`

Pull Request - State: closed - Opened by raja-grewal 4 months ago

#258 - Enable `dev.tty.legacy_tiocsti=0`

Pull Request - State: closed - Opened by raja-grewal 4 months ago

#257 - Enable `slab_debug=FZ`

Pull Request - State: closed - Opened by raja-grewal 4 months ago

#256 - document sysctl settings / kernel parameters using KSPP=yes / KSPP=no

Issue - State: closed - Opened by adrelanos 4 months ago - 7 comments

#255 - Restore option to enable `slub_debug=FZ`

Pull Request - State: closed - Opened by raja-grewal 4 months ago

#254 - Updates to kernel and `sysctl` hardening

Pull Request - State: closed - Opened by raja-grewal 4 months ago

#253 - Use `slub_debug=FZ`?

Issue - State: closed - Opened by cynicsketch 4 months ago - 6 comments

#252 - Mitigate tar storing usernames and groups

Pull Request - State: closed - Opened by groovy-boiler 4 months ago - 3 comments

#251 - Stat dedup

Pull Request - State: closed - Opened by ben-grande 4 months ago

#250 - Add details on "oopes" and kernel panics

Pull Request - State: closed - Opened by raja-grewal 4 months ago

#249 - Disallow registering interpreters for miscellaneous binary formats

Pull Request - State: closed - Opened by raja-grewal 4 months ago - 10 comments

#248 - Re-enable (default) `secure_redirects` for ICMP redirect messages

Pull Request - State: closed - Opened by raja-grewal 4 months ago - 5 comments

#247 - Fuzz permission-hardener

Pull Request - State: closed - Opened by ben-grande 4 months ago

#245 - Update `/etc/modprobe.d/*`

Pull Request - State: closed - Opened by raja-grewal 4 months ago - 2 comments

#244 - Minor documentation changes

Pull Request - State: closed - Opened by raja-grewal 4 months ago - 4 comments

#243 - Restrict unprivileged user namespaces

Pull Request - State: closed - Opened by raja-grewal 4 months ago - 1 comment

#242 - Disable the usage of `ptrace()` by all processes

Pull Request - State: closed - Opened by raja-grewal 4 months ago - 8 comments

#241 - Miscellaneous (HTTPS, Copyright, etc.)

Pull Request - State: closed - Opened by raja-grewal 4 months ago

#240 - Remove obsolete `#net.ipv4.tcp_fack=0`

Pull Request - State: closed - Opened by raja-grewal 4 months ago

#239 - no longer disable Intel ME related kernel modules

Issue - State: closed - Opened by adrelanos 4 months ago - 10 comments

#238 - Minor additions to `30_security-misc_disable.conf`

Pull Request - State: closed - Opened by raja-grewal 4 months ago - 1 comment

#237 - Disable some Intel PMT kernel modules

Pull Request - State: closed - Opened by raja-grewal 4 months ago - 3 comments

#236 - Disable more Intel ME kernel modules

Pull Request - State: closed - Opened by raja-grewal 4 months ago - 8 comments

#235 - Blacklist the `uvcvideo` driver

Pull Request - State: closed - Opened by raja-grewal 4 months ago - 5 comments

#234 - Disable more kernel modules

Pull Request - State: closed - Opened by raja-grewal 4 months ago - 6 comments

#233 - Refactor `/etc/default/grub.d/*`

Pull Request - State: closed - Opened by raja-grewal 4 months ago - 9 comments

#232 - Update presentation of `/etc/modprobe.d/*`

Pull Request - State: closed - Opened by raja-grewal 5 months ago - 1 comment

#231 - Refactor `/usr/lib/sysctl.d/*`

Pull Request - State: closed - Opened by raja-grewal 5 months ago - 4 comments

#230 - Refactor `/etc/modprobe.d/*`

Pull Request - State: closed - Opened by raja-grewal 5 months ago - 4 comments

#227 - fix(etc): delete typo in /etc/apparmor.d tunables

Pull Request - State: closed - Opened by maybebyte 6 months ago

#226 - add `/etc/gitconfig` by default for better `git` security

Pull Request - State: closed - Opened by adrelanos 6 months ago

#225 - add `/etc/gitconfig` for better git security

Issue - State: open - Opened by adrelanos 6 months ago - 4 comments

#223 - improve GnuPG configuration file `/etc/skel/.gnupg/gpg.conf`

Issue - State: open - Opened by adrelanos 7 months ago - 10 comments

#222 - Update Readme and Copyright

Pull Request - State: closed - Opened by raja-grewal 7 months ago - 1 comment

#221 - Disable Firewire Module

Pull Request - State: closed - Opened by raja-grewal 7 months ago - 1 comment

#220 - Block Several GPS-related Modules

Pull Request - State: closed - Opened by raja-grewal 7 months ago - 1 comment

#219 - Revert Logging of Martians

Pull Request - State: closed - Opened by raja-grewal 7 months ago - 1 comment

#216 - BHI mitigation on Intel CPUs

Pull Request - State: closed - Opened by raja-grewal 8 months ago

#214 - /lib/sysctl.d/990-security-misc.conf - log_martians

Issue - State: closed - Opened by the-moog 8 months ago - 2 comments

#213 - Harden all system services by default

Issue - State: open - Opened by monsieuremre 8 months ago - 10 comments

#211 - Create proc group on install

Pull Request - State: closed - Opened by wryMitts 9 months ago - 1 comment

#208 - `proc-hidepid.service`: Fixing Systemd related issues

Issue - State: open - Opened by wryMitts 9 months ago - 7 comments

#207 - `hide-hardware-info.service`: hide `/proc/dynamic_debug/`

Issue - State: open - Opened by wryMitts 9 months ago - 1 comment

#206 - `hide-hardware-info.service`: hide `/proc/kallsyms`

Issue - State: open - Opened by adrelanos 9 months ago - 1 comment

#204 - Make /sys hardening optional and allow access to /sys/fs to make polkit work

Pull Request - State: closed - Opened by DanWin 9 months ago - 2 comments

#203 - test remount-secure script and systemd unit

Issue - State: open - Opened by adrelanos 9 months ago - 3 comments

#202 - Secure Bind Mount & Protect Hardware

Pull Request - State: closed - Opened by monsieuremre 9 months ago - 4 comments

#201 - sgid (set-group-ID) pkexec to fix hidepid

Issue - State: closed - Opened by adrelanos 9 months ago - 2 comments

#200 - Remove redundant kernel arguments

Pull Request - State: closed - Opened by TommyTran732 10 months ago - 2 comments

#199 - Redundant kernel args

Issue - State: open - Opened by TommyTran732 10 months ago - 12 comments

#195 - Mount Secure

Pull Request - State: closed - Opened by monsieuremre 10 months ago - 14 comments

#192 - Kicksecure Default Browser Discussion

Issue - State: open - Opened by monsieuremre 10 months ago - 73 comments

#185 - Restrict umask to 027 except for sudo/root broken

Issue - State: open - Opened by adrelanos 11 months ago - 22 comments

#178 - Disable asynchronous I/O io_uring

Pull Request - State: closed - Opened by raja-grewal 12 months ago - 3 comments

#177 - use SRSO spec_rstack_overflow kernel setting?

Issue - State: closed - Opened by adrelanos 12 months ago - 16 comments

#172 - improve hide-hardware-info.service, make `/sys` hiding optional

Issue - State: closed - Opened by monsieuremre about 1 year ago - 20 comments

#168 - Wayland Default DE for Real Security

Issue - State: open - Opened by monsieuremre about 1 year ago - 33 comments

#166 - USB Guard | Depend on it and configure rules

Pull Request - State: open - Opened by monsieuremre about 1 year ago - 9 comments

#165 - Secure Remount Without Remounting At All For The Most Part - Secure Mount

Pull Request - State: closed - Opened by monsieuremre about 1 year ago - 37 comments

#163 - qfile-unpacker permission-hardener whitelist security issue

Issue - State: closed - Opened by adrelanos about 1 year ago - 10 comments

#162 - Serious Question - Porting to new distro - Procedure

Issue - State: closed - Opened by monsieuremre about 1 year ago - 8 comments

#160 - RPM packaging

Issue - State: open - Opened by adrelanos about 1 year ago - 12 comments

#159 - harden modules load broken

Issue - State: open - Opened by adrelanos about 1 year ago - 15 comments

#155 - disable enforcement of user being in group sudo

Issue - State: closed - Opened by adrelanos about 1 year ago - 5 comments

#147 - Depend on libpam-tmpdir for very solid extra security

Pull Request - State: closed - Opened by monsieuremre about 1 year ago - 17 comments