Rivoreo Source Code Repositories
src.rivoreo.one / security / yeslogin / 18489c5f07294f6a528f6dfeeda0a0a244a32e92
  1. 18489c5 Optionally disallow loopback SSH connections by WHR · 8 months ago
  2. f9fc15e Fix typo in bindfiles.service by WHR · 8 months ago
  3. 13a51e1 Always report error from lsattr(1) by WHR · 9 months ago
  4. 1101582 Update fileflags by WHR · 9 months ago
  5. d9d7d2e Refuse to update blacklist for invalid HOME by WHR · 9 months ago
  6. a0de195 Optionally bind mount important system files to protect them by WHR · 9 months ago
  7. b1ee009 Don't depend on which(1) from shdrc by WHR · 9 months ago
  8. 6c56e61 Optionally limit number of processes in mbash by WHR · 9 months ago
  9. 1c536d2 Make failed to start procd(8) via systemd(1) a non-fatal error by WHR · 9 months ago
  10. 5939334 Make modified inclusive sudoers files immutable by WHR · 10 months ago
  11. cc9ce50 Use function append_uniq_line to add set PATH line into .profile and .bash_profile by WHR · 10 months ago
  12. 2659e94 Recognize more characters as need quote in perl(1) wrapper; fix missing new line in an error message in perl(1) wrapper by WHR · 10 months ago
  13. b48b7e5 Check HOME environment variable by WHR · 10 months ago
  14. 62be90e Skip replacing /sbin/init on non-Linux platforms; set proper SELinux security context for newly replaced /sbin/init by WHR · 11 months ago
  15. 6e4ca71 Quote command line arguments that contain single quotes in perl log by WHR · 11 months ago
  16. 27cf98e Re-exec sudo bash with an empty zeroth argument by WHR · 11 months ago
  17. a5abda9 Exclude some specific users from Sudo I/O logging to avoid flooding the logs by WHR · 11 months ago
  18. 55547ff Warn if newly created immutable /usr/tmpDSK wasn't actually immutable by WHR · 11 months ago
  19. 3dfbcf6 Reorder perl wrapper code before any chflags call by WHR · 11 months ago
  20. cc1885c Use ps(1)-style tty name in function write_history (strip /dev/ prefix, use ? for no tty) by WHR · 11 months ago
  21. c2eded2 procd: match mount from name 'systemd-?' to check pid directories for unmounting by WHR · 11 months ago
  22. 51770ba chmod(1) /usr/share/fileflags/functions only when it was just created by setup.sh by WHR · 11 months ago
  23. 11bf8c0 Make an immutable /usr/tmpDSK file preventively if /tmp was suspected being mounted with 'noexec'; fix failure to modify /etc/cron.daily/logrotate may inadvertently destroy the file by WHR · 11 months ago
  24. 24b6921 shdrc: make PROMPT_COMMAND read-only by WHR · 11 months ago
  25. 0990b40 Export REAL_PERL to environment from existing perl wrapper for the bundled chflags implementation by WHR · 11 months ago
  26. daeb39c Add install_program function to unify actions that needed for installing executable files from source directory by WHR · 11 months ago
  27. e040eeb Make sure .bash_history and .ash_commands are regular files by WHR · 11 months ago
  28. e24b843 Fix usage of bundled chflags(1) by WHR · 11 months ago
  29. 3f49427 Overwrite existing configuration files only on '--reinstall-config-files'; allow re-run with '--harden' by WHR · 11 months ago
  30. daaaec5 Make backup reboot command immutable on hardening by WHR · 11 months ago
  31. 5f82e6f Optionally harden installed files by WHR · 11 months ago
  32. bfb0e4b Check the working directory in beginning of setup.sh by WHR · 11 months ago
  33. 8f2b1cb Read /etc/hosts.allow to decide whether to allow a remote login if it available by WHR · 11 months ago
  34. 9d176bb Trash /usr/tmpDSK via the associated loop device; make /usr/tmpDSK immutable immediately after truncating by WHR · 11 months ago
  35. f643f08 Try to get real perl path from previously installed perl wrapper by WHR · 11 months ago
  36. 632ca11 Suppress dd(1) statistics by WHR · 11 months ago
  37. 615b8a0 Detect and continue with previous cattr backup on '--replace-chattr' by WHR · 11 months ago
  38. d452b99 Fix a logical error in function append_or_set_words by WHR · 11 months ago
  39. dd72196 Skip adding Sudo options if they already exist in sudoers(5) by WHR · 11 months ago
  40. d7d1ada Don't add duplicated lines into .bashrc and .profile by WHR · 11 months ago
  41. 791d13a Fix kernel name of 'Linux' by WHR · 11 months ago
  42. 2021eb3 Don't remove lattr by WHR · 11 months ago
  43. 4a7a0ab Don't truncate /usr/tmpDSK if it is already empty by WHR · 11 months ago
  44. 1690920 Add a variant of fake reboot command that reminds users the correct way of rebooting/halting the system by WHR · 11 months ago
  45. 6894e98 procd is available for Linux only by WHR · 11 months ago
  46. 84d7452 procd: try to unmount deleted PID mountpoint by WHR · 11 months ago
  47. 688cb88 Write fixed PATH into .profile, and .bash_profile if exists by WHR · 11 months ago
  48. 50608d5 Don't print result of 'systemctl is-enabled' by WHR · 11 months ago
  49. fab691f Revise perl(1) wrapper by WHR · 11 months ago
  50. 07f9c7e Check availability of sudo(1); set LD_PRELOAD for fake root shell under a specific condition; fix typo by WHR · 11 months ago
  51. 230679f Update fileflags by WHR · 11 months ago
  52. fb5b152 Correctly recognize and mention '--remove-utempter' by WHR · 11 months ago
  53. 753dba1 Warn if fakeroot-ng(1) internally references /dev/shm by WHR · 11 months ago
  54. e6eb560 Detect GNU more reliably by WHR · 11 months ago
  55. 7e7cb2f Try to use multiple available methods to set file flags by WHR · 11 months ago
  56. 9d41b94 Update fileflags by WHR · 11 months ago
  57. 1fe83b4 Optionally remove utempter helper to prevent script(1) from writing utmpx records by WHR · 11 months ago
  58. 7c4d4fe Reject unknown options by WHR · 11 months ago
  59. ef442e5 Correctly detect already replaced chattr(1) and lsattr(1) by WHR · 11 months ago
  60. 1fb4878 Adjust warning messages for user bashrc file by WHR · 11 months ago
  61. 4aad38c Hint the custom chflags(1) to use original perl(1) executable by WHR · 12 months ago
  62. 5a339b0 Optionally install an Unix-shell-based chflags(1) implementation for Linux by WHR · 12 months ago
  63. 67b87e3 Ignore chmod(1) of /var/log/shd.log failure as it could already being made append-only by a previous setup by WHR · 12 months ago
  64. 802886a Optionally replace /sbin/init to reject uses of sysvinit-style runlevel control command on systemd-based system by WHR · 12 months ago
  65. 313101d Don't write last historical command into .ash_commands on shell startup by WHR · 1 year, 1 month ago
  66. 93a2761 'chmod 0' for securetmp mask files by WHR · 1 year, 1 month ago
  67. cf69c9d Check UID variable before re-exec sudo bash by WHR · 1 year, 1 month ago
  68. 1ca8ce4 Correct sed(1) command for editing /etc/fstab by WHR · 1 year, 1 month ago
  69. 4985bea Make replaced tar(1) immutable by WHR · 1 year, 2 months ago
  70. 2dbf387 Suppress file opening error messages from shdrc by WHR · 1 year, 2 months ago
  71. e06ccb6 Check bashrc by WHR · 1 year, 2 months ago
  72. 770a0b2 Detect and deactivate cPanel securetmp service as it will break fakeroot-ng(1) by WHR · 1 year, 3 months ago
  73. fd9c78f Unexport history-related variables in bash(1) from shdrc by WHR · 1 year, 4 months ago
  74. 3c5afc0 Try to detect and correct inappropriate PATH variable in setup.sh by WHR · 1 year, 4 months ago
  75. 973d3d5 Support using IP network address with CIDR prefix length in blacklist by WHR · 1 year, 6 months ago
  76. cf82955 Minor fix for 'replace tar' action by WHR · 1 year, 6 months ago
  77. acd4a15 Fix [(1) may getting multiple pathes from shell path name expansion by WHR · 1 year, 7 months ago
  78. 5235db1 Optionally replace tar(1) to reject deprecated usages by WHR · 1 year, 7 months ago
  79. 381a52b Fix assuming working directory by WHR · 1 year, 8 months ago
  80. f408854 Set PATH in crontab when installing update-blacklist by WHR · 1 year, 9 months ago
  81. 285567c shdrc: create .ash_commands under home instead of working directory by WHR · 1 year, 9 months ago
  82. 476dd78 Add help/usage message to setup.sh by WHR · 1 year, 9 months ago
  83. 1fea188 Add option to install update-blacklist and associated cron command by WHR · 1 year, 9 months ago
  84. 8f8abcb Don't assume the shell will always be started under home directory and write .login.log to working directory by WHR · 1 year, 9 months ago
  85. b36c762 Configure sudo(1) to preseve some environment variables when configuring sudo I/O logging; check /dev/shm guarding in global bashrc by WHR · 1 year, 9 months ago
  86. 1182cda Don't exec privileged bash(1) via sudo(1) without blacklist checking by WHR · 1 year, 9 months ago
  87. 131078e Fix fake chattr(1) taking the useless mode as file path by WHR · 1 year, 9 months ago
  88. d74e963 Add optional procd by WHR · 1 year, 10 months ago
  89. 9d4e8b1 Use dd(1) to actually try to read(2) from the file to test readability of it, as '[ -r' is sometimes unreliable by WHR · 1 year, 10 months ago
  90. 04b0869 Add option '--configure-sudo-io-logging' to setup.sh by WHR · 1 year, 10 months ago
  91. 57e2149 Temporarily make SELinux permissive for mask_args by WHR · 1 year, 10 months ago
  92. 0d653b5 Should mask command line of current process before exec to sudo(1) by WHR · 1 year, 10 months ago
  93. 7e95181 Add 2 options to setup.sh for optionally replacing some commands by WHR · 1 year, 10 months ago
  94. 39b5a90 Re-exec bash(1) only when running bash(1) by WHR · 1 year, 11 months ago
  95. 74bd1e2 Disable systemd-tmpfiles-clean if applicable by WHR · 1 year, 11 months ago
  96. f988fc2 Check fakeroot-ng(1) availability; make perl wrapper immutable by WHR · 1 year, 11 months ago
  97. 62bcca8 Avoid printing error messages from shdrc when it is read by unprivileged shell under fakeroot-ng(1) by WHR · 1 year, 12 months ago
  98. 03cea14 Fix variable SFTP_SERVER_PROGRAM may containing space to provide options which breaks sed(1) by WHR · 1 year, 12 months ago
  99. f417ed6 Add commented sample commands for a falsely privileged shell using sudo(1) and fakeroot-ng(1) by WHR · 2 years ago
  100. 03c7fd7 Always log command line arguments of mbash by WHR · 2 years, 2 months ago