scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-04 04:18:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,055 Commits 1 Branch 0 Tags
f0bab7f5b2e9cbb7f5965e5addf25eb85627291d
Commit Graph

38 Commits

Author SHA1 Message Date
qoijjj
f0bab7f5b2 feat: nvidia-open images, major streamlining, bugfixes, and polish (#461) 2024-10-17 18:20:58 -07:00
mintpilo
287f0970b5 fix: Replace Extensions Manager with Extensions (#445) 2024-10-11 13:21:07 -07:00
Rubiginosa
f2bd5e84f6 feat: Add blacklist check for currently loaded modules (#440) 
* Add blacklist check for currently loaded modules

* Remove redundant bluetooth check

* Correct misuse of SYSCTL test string

* return check for flatpak bluetooth

* fix variable name

* fix array size check
 2024-10-09 11:45:07 -07:00
Rubiginosa
59f7b10415 fix: misuse of SYSCTL_TEST_STRING (#442) 2024-10-07 13:18:41 -07:00
Rubiginosa
7ae972e095 feat: Add audit-secureblue checks for flatpak bluetooth and ptrace access (#438) 
* Add check for bluetooth and ptrace

* Add check for flatpak bluetooth and ptrace access
 2024-10-04 10:18:14 -07:00
Rubiginosa
5deb22e35b feat: Add audit-secureblue check for system bluetooth and ptrace 2024-10-04 10:12:22 -07:00
Rubiginosa
c1ec422eab feat: add check for D-Bus access (#432) 2024-09-28 20:29:13 -07:00
qoijjj
c68039132a fix: add brew justfile due to upstream move 2024-09-20 23:41:28 -07:00
Bruno
66d8b731e6 fix: check for gnome-shell instead of gsettings in one test (#424) 2024-09-11 09:56:52 -07:00
Rubiginosa
8333bcf2f5 feat: add check for hardened_malloc flatpak preload (#412) 
* updated has_permission to use regex matching

* added flatpak check for hardened_malloc

* changed hasPermission to maintain old behavior for strings
 2024-09-10 10:33:14 -07:00
Rubiginosa
b5f5d2afa0 feat: refactor flatpak audit for readability and extensibility (#414) 
* refactored flatpak audit to be more extensible

* fixed old typo

* added warning string array for flatpak audit
 2024-08-30 15:28:56 -07:00
Bruno
79471e2141 fix: audit script improvements (GHNS test, order of tests) (#415) 
* only test GHNS if kdeglobals exist

* place faster tests before the slower flatpak audit
 2024-08-30 13:45:15 -07:00
Bruno
e143c48e26 chore: several audit script improvements 2024-08-29 21:01:40 -07:00
Ivo Damjanović
fefc64baba feat: stop overwriting 60-custom.just for better compatibility with upstream bluebuild and downstream user builds (#409) 
* feat: create addjustconfig.sh to include custom commands at buildtime

* fix: 60-custom.just.readme.md to 61-custom.just.readme.md

* fix: Rename 60-custom.just to 61-custom.just

* feat: add just config script to enabled scripts

* fix: rename to 70-secureblue.just

* fix: Rename 61-custom.just.readme.md to 70-secureblue.just.readme.md

* fix: rename to 70-secureblue.just
 2024-08-29 11:53:56 -07:00
qoijjj
a329524441 fix: justfile typo 2024-08-26 10:44:49 -07:00
qoijjj
e41d963841 feat: multiple securecore improvements 2024-08-26 09:45:20 -07:00
qoijjj
967c7551ad feat: sgid reduction (#392) 
* feat: also remove sgid bit

* Update yafti.yml

* Update yafti.yml
 2024-08-23 14:13:22 -07:00
qoijjj
1b5e539ec2 fix: audit script cleanup 2024-08-22 12:03:22 -07:00
Rubiginosa
51ad84b1ad feat: Add flatpak auditing to audit-secureblue (#377) 
* increase spacing on print_status

* Merged audit-flatpak into audit-secureblue

* print flatpak remote success

---------

Co-authored-by: qoijjj <129108030+qoijjj@users.noreply.github.com>
 2024-08-21 13:22:11 -07:00
qoijjj
7ff130f248 fix: typo in audit script 2024-08-20 18:43:21 -07:00
qoijjj
38cbf7715a feat: add audit-secureblue just command (#382) 2024-08-20 15:08:18 -07:00
qoijjj
06c2883bb1 fix: improve usbguard just command 2024-08-19 18:21:50 -07:00
qoijjj
31b1339fa5 chore: disable yafti run on config change as it causes user confusion 2024-08-11 04:49:00 -07:00
qoijjj
3b927dc8ed fix: check only the first string token when searching lsattr 2024-08-10 03:56:35 -07:00
qoijjj
872cb784ef feat: add ujust command to lock bash environment files to mitigate LD… (#365) 2024-08-09 16:14:44 -07:00
SnuggleCovenant
4c85413563 remove gnome videos (totem) from yafti.yml (#363) 
the totem app is abandoned
 2024-08-07 14:53:34 -07:00
fiftydinar
e1a130f6f9 feat: Disable user Gnome extensions & user-installation of them (#361) 2024-08-06 17:14:30 -07:00
qoijjj
f75215cfdf fix: set permissions for xwayland file in ujust command 2024-08-03 12:19:43 -07:00
spaceoden
c21a697252 Update 60-custom.just.readme.md to put new kargs in the correct section (#357) 
the new kargs were added to set-kargs-hardening, not set-kargs-hardening-unstable
 2024-08-02 13:01:52 -07:00
qoijjj
9f56f2ff06 feat: set additional kargs to override suboptimal defaults 2024-08-01 22:43:23 -07:00
qoijjj
084fe1a40c fix: remove usbguard-dbus due to insufficient systemd sandboxing (#352) 2024-07-31 14:20:49 -07:00
qoijjj
eea350af56 fix: remove comments from harden-flatpak ujust command to fix just parsing 2024-07-30 16:26:34 -07:00
spaceoden
7c0976da7e feat: add to harden-flatpak logic that applies the highest supported hwcap (#346) 2024-07-30 15:31:43 -07:00
qoijjj
298bbda019 fix: ujust command typos 2024-07-30 00:03:25 -07:00
qoijjj
b9fc6e4826 feat: remove xwayland by default (#347) 2024-07-29 23:02:10 -07:00
Root
9a843f3861 docs: add docs to JIT disable in Gnome (#345) 
* Add docs to JIT disable in Gnome

* Properly add env file in ujust
 2024-07-29 09:57:15 -07:00
Root
1a55f1549b feat: add ujust to toggle Gnome JS JIT (#344) 
* Add ujust to toggle Gnome JS JIT

* Disable Gnome JIT by default
 2024-07-28 21:48:48 -07:00
qoijjj
0c1551df09 chore: bump dependencies and migrate to bluebuild 1.6 2024-07-21 14:33:53 -07:00