fripost-preseed/src/fripost-postinst-udeb, branch master Fripost preseeding scripts Consolidate sshd_config 2020-05-17T04:44:37+00:00 Guilhem Moulin guilhem@fripost.org 2020-05-17T04:44:37+00:00 07c280e03841712050bf726e8eab6d11fbe2a047 






sshd_config: set UsePrivilegeSeparation sandbox.
2017-05-30T09:03:48+00:00

Guilhem Moulin
guilhem@fripost.org

2017-05-30T09:03:48+00:00

5c6d2a48f57a8a538274d2939015641a1755da24












Make the encrypted installation work with Jessie.
2015-06-07T02:28:18+00:00

Guilhem Moulin
guilhem@fripost.org

2015-05-08T15:14:13+00:00

cdec2e76b4b1af00e10ce3bb72ee74e33d52083b












Remove the SELinux configuration option.
2015-06-07T02:28:17+00:00

Guilhem Moulin
guilhem@fripost.org

2015-05-08T15:10:51+00:00

61bb46a89b9f73055102b369451b6e64f63d45df

Since the default policy is no longer available in Jessie.





Since the default policy is no longer available in Jessie.







Jessie fixups.
2015-06-07T02:28:13+00:00

Guilhem Moulin
guilhem@fripost.org

2015-05-08T15:23:03+00:00

4aef8c9e30d4c14c801a50aa94eed983ab4ae2c5












Upgrade the preseed script to make it work with Debian Jessie.
2015-06-07T02:28:12+00:00

Guilhem Moulin
guilhem@fripost.org

2015-05-07T11:21:45+00:00

73d116b62c228ce58e39f6723e35ebba3e582149












Remove the 'gamin' package.
2015-06-07T02:28:11+00:00

Guilhem Moulin
guilhem@fripost.org

2014-06-27T21:47:49+00:00

a18ef47a22b09347e6d4738c37f364379a86d93b












Restrict SSH login to members of the 'ssh-login' group.
2015-06-07T02:28:07+00:00

Guilhem Moulin
guilhem@fripost.org

2014-04-16T17:39:36+00:00

77ec2e80ad7085fb5f35a4624ac16bb65d580ca8

Don't use the group 'ssh', as it's automatically created by
openssh-client's postinstall hook, and is used for ssh-agent's setgid.





Don't use the group 'ssh', as it's automatically created by
openssh-client's postinstall hook, and is used for ssh-agent's setgid.







wibble
2015-06-07T02:28:03+00:00

Guilhem Moulin
guilhem@fripost.org

2014-01-24T22:38:03+00:00

145b1e03c69d3dcc8a0328e665f220020b142ba7












Ensure urandom entropy is of cryptographic quality.
2015-06-07T02:27:57+00:00

Guilhem Moulin
guilhem@fripost.org

2014-01-23T01:18:40+00:00

ba40cbca9650e1ddaa8357c21b5de31cc376c481

The non-blocking PRNG /dev/urandom doesn't block if it has been seeded
enough, sadly (e.g., if the entropy pool is empty).  Reading a few bytes
from the *blocking* should ensure that "the kernel RNG has [...] reach
full entropy at least once, which guarantees cryptographic quality of
the rest of the /dev/urandom stream." -- Tor bug #10676

    https://trac.torproject.org/projects/tor/ticket/10676

See also urandom(4).





The non-blocking PRNG /dev/urandom doesn't block if it has been seeded
enough, sadly (e.g., if the entropy pool is empty).  Reading a few bytes
from the *blocking* should ensure that "the kernel RNG has [...] reach
full entropy at least once, which guarantees cryptographic quality of
the rest of the /dev/urandom stream." -- Tor bug #10676

    https://trac.torproject.org/projects/tor/ticket/10676

See also urandom(4).