scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-08 06:15:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
835 Commits 1 Branch 0 Tags
bebb18c06cec754da96af878840e31db714bbbf4
Commit Graph

146 Commits

Author SHA1 Message Date
qoijjj
bebb18c06c fix: set executable flag on caps script 2024-06-29 23:42:19 -07:00
qoijjj
bc325cca6d feat: replace SUID root with capabilities where possible (#303) 2024-06-29 10:34:06 -07:00
qoijjj
9f92777c95 feat: add anticheat toggle to justfile 2024-06-27 23:51:50 -07:00
qoijjj
27db2dbfa7 fix: usbguard ujust command 2024-06-25 19:38:16 -07:00
qoijjj
99ff4757ec feat: add usbguard and yafti ujust commands 2024-06-25 17:47:45 -07:00
qoijjj
ec4fd2bfe8 chore: chromium documentation and flag additions 2024-06-25 17:24:23 -07:00
qoijjj
408f7d7f51 feat: add build-container-installer signing 2024-06-21 09:14:22 -07:00
qoijjj
2e2725346b chore: remove redundant fb blacklists already blacklisted by fedora 2024-06-19 11:19:49 -07:00
qoijjj
4b21d959e8 feat: add additional filesystems to the blacklist (#292) 2024-06-19 11:05:04 -07:00
Tommy
456cac1804 Blacklist reiserfs (#290) 
No one will fix it anytime soon
 2024-06-18 11:49:11 -07:00
qoijjj
c38d505e24 fix: use sigstore attachments for davincibox 2024-06-17 00:45:12 -07:00
qoijjj
791f8846bb feat: add davincibox container signing policy 2024-06-17 00:12:53 -07:00
Tommy
91b823b195 Use /bin/false everywhere in kernel module blacklist (#288) 
Signed-off-by: Tommy <contact@tommytran.io>
 2024-06-16 20:51:20 -07:00
friendly-rabbit-35
062237545e fix: remove Chromium policies that are deprecated and not applicable (#286) 
* Remove deprecated and inapplicable Chromium policies

* Remove mentions of deleted Chromium policies from docs
 2024-06-15 23:02:42 -07:00
qoijjj
fb98c74e4e docs: update based on latest policy 2024-06-11 19:07:55 -07:00
qoijjj
8a74542573 chore: remove policies for whom the default setting requires user consent 
For parity with Vanadium
 2024-06-11 18:02:31 -07:00
qoijjj
8fed632ba8 docs: fix broken link 2024-06-10 22:13:54 -07:00
Tommy
cfe7314af1 Disable fs.binfmt_misc.status (#282) 2024-06-08 18:02:50 -07:00
qoijjj
df2daf1736 chore: drop swappiness sysctl in favor of the default 
Fedora uses zram so this adds no benefit unless the user manually created a swapfile. In that case the user can manually set this if desired.
 2024-06-04 08:53:52 -07:00
qoijjj
b17446c3bb chore: add debugfs=off (working again) back to unstable kargs 2024-06-02 22:01:43 -07:00
qoijjj
3cc114c80a chore: add additional modules to blacklist 2024-06-02 21:43:57 -07:00
qoijjj
c283e2677d chore: document module blacklist and fix typos 2024-06-02 21:36:42 -07:00
qoijjj
87ad303f5d chore: fix tabs/spaces 2024-06-02 14:18:12 -07:00
qoijjj
b897d2a87f docs: add details for new chromium flags 2024-06-02 13:38:04 -07:00
qoijjj
44b433ff9d feat: audio and network sandboxes in chromium policies 2024-06-02 13:35:32 -07:00
qoijjj
4ec0bb93b7 feat: move chromium flags to a script to append to upstream 2024-05-28 10:06:24 -07:00
qoijjj
83da62112d docs: minor clarification 2024-05-24 00:24:25 -07:00
qoijjj
3b40dc0b41 feat: disable all vscode telem by default for dx images 2024-05-23 12:56:18 -07:00
qoijjj
fcad88df91 docs: update vanadium comparison 2024-05-22 23:05:45 -07:00
qoijjj
d3f6ae206e feat: set distrobox/toolbox to default to signed images (#280) 2024-05-18 15:08:52 -07:00
qoijjj
eb9f173fb1 docs: pull in latest vanadium changes 2024-05-12 20:01:37 -07:00
qoijjj
c2d6c72556 docs: another whitespace fix 2024-05-07 18:01:20 +02:00
qoijjj
c3ab4e8107 docs: fix whitespace 2024-05-07 18:00:45 +02:00
qoijjj
9102eb4bfa docs: correct vanadium comparison 2024-05-07 17:59:09 +02:00
qoijjj
828cc318b6 docs: pull latest vanadium patches for comparison 2024-05-07 17:57:36 +02:00
qoijjj
656bf9b5e2 feat: disable chromium internal pdf viewer 2024-04-19 16:22:38 -07:00
qoijjj
a86a3b7a02 feat: add additional chromium hardening based on vanadium 2024-04-17 22:53:33 -07:00
qoijjj
23020bab4e docs: update vanadium comparison readme 2024-04-17 22:28:05 -07:00
qoijjj
3c546eb01b docs: minor justfile messaging changes 2024-04-17 10:13:09 -07:00
Cheng Zhang
1cfb2b30d8 feat: just commands to override modprobe blacklist (#260) 2024-04-17 10:11:12 -07:00
qoijjj
9f6aa640d4 feat: add just command to remove all hardening kargs 2024-04-06 17:08:00 -07:00
qoijjj
27f9c86430 docs: fix typo in kargs readme 2024-03-31 00:35:46 -07:00
qoijjj
e1f6b5ba9f feat: add additional chromium policy hardening and drop chkrootkit as its false positives make it low-utility 2024-03-31 06:32:39 +00:00
qoijjj
55a54742d6 fix: disable compression for sshd for server variants 2024-03-29 19:05:31 +00:00
qoijjj
d3f2ba5d2e docs: fix broken links to the fedora chromium spec 2024-03-28 17:43:15 +00:00
qoijjj
8712beeb44 docs: add additional chromium documentation and fix existing documentation 2024-03-28 17:39:04 +00:00
qoijjj
f228f4e689 fix: motd script spacing 2024-03-24 22:53:19 -07:00
qoijjj
f1bacc015a feat: add image tag warning to advise users not to use specific tags 2024-03-24 21:56:06 -07:00
qoijjj
67e114ce4b fix: sudo timeout to 1min instead of 0min 2024-03-22 13:30:15 -07:00
qoijjj
cb67ab87f6 feat: disable ghns by default 2024-03-21 19:50:36 -07:00