scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-02 11:28:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
999 Commits 1 Branch 0 Tags
66d8b731e681a53daa56215fa103b99d8a073fd6
Commit Graph

50 Commits

Author SHA1 Message Date
Bruno
66d8b731e6 fix: check for gnome-shell instead of gsettings in one test (#424) 2024-09-11 09:56:52 -07:00
Rubiginosa
8333bcf2f5 feat: add check for hardened_malloc flatpak preload (#412) 
* updated has_permission to use regex matching

* added flatpak check for hardened_malloc

* changed hasPermission to maintain old behavior for strings
 2024-09-10 10:33:14 -07:00
Rubiginosa
b5f5d2afa0 feat: refactor flatpak audit for readability and extensibility (#414) 
* refactored flatpak audit to be more extensible

* fixed old typo

* added warning string array for flatpak audit
 2024-08-30 15:28:56 -07:00
Bruno
79471e2141 fix: audit script improvements (GHNS test, order of tests) (#415) 
* only test GHNS if kdeglobals exist

* place faster tests before the slower flatpak audit
 2024-08-30 13:45:15 -07:00
qoijjj
2a3c5fe79e fix: typo in rpm-ostreed.conf 2024-08-29 22:23:12 -07:00
Bruno
e143c48e26 chore: several audit script improvements 2024-08-29 21:01:40 -07:00
Ivo Damjanović
fefc64baba feat: stop overwriting 60-custom.just for better compatibility with upstream bluebuild and downstream user builds (#409) 
* feat: create addjustconfig.sh to include custom commands at buildtime

* fix: 60-custom.just.readme.md to 61-custom.just.readme.md

* fix: Rename 60-custom.just to 61-custom.just

* feat: add just config script to enabled scripts

* fix: rename to 70-secureblue.just

* fix: Rename 61-custom.just.readme.md to 70-secureblue.just.readme.md

* fix: rename to 70-secureblue.just
 2024-08-29 11:53:56 -07:00
qoijjj
b442fccee6 feat: add back Recommends=false to rpm-ostreed.conf 
due to upstream reversion
 2024-08-28 15:22:02 -07:00
qoijjj
73ed50b4d4 feat: remove unused binaries from setcaps function 2024-08-27 16:54:28 -07:00
qoijjj
a329524441 fix: justfile typo 2024-08-26 10:44:49 -07:00
qoijjj
e41d963841 feat: multiple securecore improvements 2024-08-26 09:45:20 -07:00
qoijjj
8eb959669a feat: begin server->securecore migration 2024-08-25 23:27:36 -07:00
qoijjj
967c7551ad feat: sgid reduction (#392) 
* feat: also remove sgid bit

* Update yafti.yml

* Update yafti.yml
 2024-08-23 14:13:22 -07:00
qoijjj
c711b3c398 feat: include brew autoupdate services 2024-08-22 22:38:00 -07:00
qoijjj
1b5e539ec2 fix: audit script cleanup 2024-08-22 12:03:22 -07:00
Rubiginosa
51ad84b1ad feat: Add flatpak auditing to audit-secureblue (#377) 
* increase spacing on print_status

* Merged audit-flatpak into audit-secureblue

* print flatpak remote success

---------

Co-authored-by: qoijjj <129108030+qoijjj@users.noreply.github.com>
 2024-08-21 13:22:11 -07:00
qoijjj
aaf3e4d344 fix: set Recommends=false while waiting for upstream 2024-08-21 13:12:51 -07:00
qoijjj
7ff130f248 fix: typo in audit script 2024-08-20 18:43:21 -07:00
qoijjj
1c38cc7ce7 fix: use alternate delimiter for motd tip 2024-08-20 16:00:04 -07:00
qoijjj
38cbf7715a feat: add audit-secureblue just command (#382) 2024-08-20 15:08:18 -07:00
qoijjj
3b2b1dbd93 fix: url in motd 2024-08-20 10:36:00 -07:00
qoijjj
d6e18573ae feat: add link to release notifications FAQ in motd 2024-08-20 10:34:51 -07:00
qoijjj
327eb2279d docs: add a note to motd to check the latest release notes 2024-08-20 10:28:53 -07:00
qoijjj
06c2883bb1 fix: improve usbguard just command 2024-08-19 18:21:50 -07:00
qoijjj
dd10a99f93 fix: cleanup motd variables 2024-08-18 22:44:35 -07:00
qoijjj
49b8ad6efb fix: parse epoch time directly from json for motd 2024-08-18 21:41:21 -07:00
qoijjj
0d3869bbb5 fix: use json format for rpm-ostree in motd 2024-08-18 21:35:05 -07:00
qoijjj
31b1339fa5 chore: disable yafti run on config change as it causes user confusion 2024-08-11 04:49:00 -07:00
qoijjj
3b927dc8ed fix: check only the first string token when searching lsattr 2024-08-10 03:56:35 -07:00
qoijjj
872cb784ef feat: add ujust command to lock bash environment files to mitigate LD… (#365) 2024-08-09 16:14:44 -07:00
qoijjj
3fb96ece10 chore: move /usr/etc to /etc per upstream rpm-ostree recommendation 2024-08-08 15:48:30 -07:00
SnuggleCovenant
4c85413563 remove gnome videos (totem) from yafti.yml (#363) 
the totem app is abandoned
 2024-08-07 14:53:34 -07:00
fiftydinar
e1a130f6f9 feat: Disable user Gnome extensions & user-installation of them (#361) 2024-08-06 17:14:30 -07:00
qoijjj
f75215cfdf fix: set permissions for xwayland file in ujust command 2024-08-03 12:19:43 -07:00
spaceoden
c21a697252 Update 60-custom.just.readme.md to put new kargs in the correct section (#357) 
the new kargs were added to set-kargs-hardening, not set-kargs-hardening-unstable
 2024-08-02 13:01:52 -07:00
qoijjj
9f56f2ff06 feat: set additional kargs to override suboptimal defaults 2024-08-01 22:43:23 -07:00
qoijjj
084fe1a40c fix: remove usbguard-dbus due to insufficient systemd sandboxing (#352) 2024-07-31 14:20:49 -07:00
qoijjj
eea350af56 fix: remove comments from harden-flatpak ujust command to fix just parsing 2024-07-30 16:26:34 -07:00
spaceoden
7c0976da7e feat: add to harden-flatpak logic that applies the highest supported hwcap (#346) 2024-07-30 15:31:43 -07:00
qoijjj
298bbda019 fix: ujust command typos 2024-07-30 00:03:25 -07:00
qoijjj
b9fc6e4826 feat: remove xwayland by default (#347) 2024-07-29 23:02:10 -07:00
Root
9a843f3861 docs: add docs to JIT disable in Gnome (#345) 
* Add docs to JIT disable in Gnome

* Properly add env file in ujust
 2024-07-29 09:57:15 -07:00
Root
1a55f1549b feat: add ujust to toggle Gnome JS JIT (#344) 
* Add ujust to toggle Gnome JS JIT

* Disable Gnome JIT by default
 2024-07-28 21:48:48 -07:00
qoijjj
45c9506980 feat: switch to hardened-chromium (#343) 
* fix: selinux policy for chrome suid sandbox

* feat: switch to hardened-chromium
 2024-07-28 21:12:45 -07:00
Tommy
be1effa83d Remove net.ipv4.conf.*.secure_redirects = 0 (#315) 
squash
 2024-07-27 12:38:16 -07:00
HryshcIlya
1106f0e897 docs: update URLs to reflect new file structure (#333) 
* docs: update URLs to reflect new file structure

This commit updates various documentation and configuration file URLs to match the new directory structure for the secureblue project. These changes ensure that links resolve correctly and point to the appropriate files after the recent reorganization.

* chore: delete file vanadium_comparison.readme.md

---------

Co-authored-by: qoijjj <129108030+qoijjj@users.noreply.github.com>
 2024-07-26 21:22:31 -07:00
qoijjj
c16debbdd4 Revert "feat: switch to hardened-chromium (#332)" 
This reverts commit 721ad757b5.
 2024-07-25 00:15:25 -07:00
qoijjj
721ad757b5 feat: switch to hardened-chromium (#332) 2024-07-24 23:35:23 -07:00
qoijjj
3187065cbf chore: add back executable bit where needed 2024-07-21 14:35:26 -07:00
qoijjj
0c1551df09 chore: bump dependencies and migrate to bluebuild 1.6 2024-07-21 14:33:53 -07:00