_ <!> ParrotSec Linux - Public Kiosk Project <!> __

Designing & Implementing A restricted & Trustworthy Environment

Hardened kernel

  - [ ] GrSecurity Patched Kernel
          - [ ] PaX Hardening
                  - [x] PaXctl
                  - [x] PaXTest
                  - [x] PaXctld
                  - [x]

Hardened Kernel Runtime Parameters

  - [x] Kernel Self Protection Project (KSPP)
          - [x] pti=on                     - Kernel Page Table Isolation
          - [x] slub_debug=ZF              - SLUB redzoning and sanity checking
          - [x] slub_debug=P               - slub/slab allocator free poisoning
          - [x] page_poison=1              - Enable buddy allocator free poisoning
          - [x] iommu.strict=1             - Force IOMMU TLB invalidation
          - [x] slab_nomerge               - Disable slab merging - (makes many heap overflow attacks more difficult)
          - [x] init_on_alloc=1            - Wipe slab and page allocations
          - [x] randomize_kstack_offset=on - Randomize kernel stack offset on syscall entry


  - [x] Blacklist IPv6
          - [x] ipv6.disable=1
          - [x] noipv6
          - [x] ipv6.autoconf=0


  - [x] Modprobe Blacklisting
          - [x] Bluetooth Blacklisting
                  - [x] btsdio                - Bluetooth SDIO driver
                  - [x] btusb                 - 
                  - [x] btintel               - Intel
                  - [x] btrtl                 - Realtek Bluetooth
                  - [x] bt3c_cs               - 3Com Bluetooth PCMCIA
                  - [x] btmrvl                - Bluetooth driver ver 1.0
                  - [x] btmrvl_sdio           - BT-over-SDIO
                  - [x] btqca                 - Qualcomm Atheros family
                  - [x] btbcm                 - Broadcom
                  - [x] bluetooth_6lowpan     - Bluetooth 6LoWPAN
                  - [x] rfcomm                - Bluetooth RFCOMM ver 1.11
                  - [x] bluecard_cs           - Anycom BlueCard (LSE039/LSE041)


          - [x] Apple Blacklisting
                  - [x] appletalk
                  - [x] thunderbolt_net
                  - [x] hfs
                  - [x] hfsplus
                  - [x] appletouch
                  - [x] hid-apple


          - [x] EFI Blacklisting:
                  - [x] efivars
                  - [x] efivarfs
                  - [x] efi_pstore

          - [x] NFS
                  - [x] nfsv2
                  - [x] nfsv3
                  - [x] nfsv4

Kernel Self Protection Project (KSPP)

Name		Name	Last commit message	Last commit date
Latest commit History 1,975 Commits
Xe1phix-[.Configs]		Xe1phix-[.Configs]
Xe1phix-[ACLs]		Xe1phix-[ACLs]
Xe1phix-[APIs]		Xe1phix-[APIs]
Xe1phix-[ASCII-Art]		Xe1phix-[ASCII-Art]
Xe1phix-[AWS]		Xe1phix-[AWS]
Xe1phix-[Active-Directory]		Xe1phix-[Active-Directory]
Xe1phix-[Activism]		Xe1phix-[Activism]
Xe1phix-[Android]		Xe1phix-[Android]
Xe1phix-[Ansible]		Xe1phix-[Ansible]
Xe1phix-[AntiForensics]		Xe1phix-[AntiForensics]
Xe1phix-[Apache]		Xe1phix-[Apache]
Xe1phix-[AppArmor]		Xe1phix-[AppArmor]
Xe1phix-[Apt]-{SecureApt}		Xe1phix-[Apt]-{SecureApt}
Xe1phix-[Archive.org]		Xe1phix-[Archive.org]
Xe1phix-[Audiophile]		Xe1phix-[Audiophile]
Xe1phix-[Auditd]		Xe1phix-[Auditd]
Xe1phix-[Awesome-Lists]		Xe1phix-[Awesome-Lists]
Xe1phix-[Azure]		Xe1phix-[Azure]
Xe1phix-[Bashrc]		Xe1phix-[Bashrc]
Xe1phix-[Bettercap]		Xe1phix-[Bettercap]
Xe1phix-[Binwalk]		Xe1phix-[Binwalk]
Xe1phix-[Btrfs]		Xe1phix-[Btrfs]
Xe1phix-[Bug-Bounty]		Xe1phix-[Bug-Bounty]
Xe1phix-[Building-Trust]-Series		Xe1phix-[Building-Trust]-Series
Xe1phix-[Burp-Suite]		Xe1phix-[Burp-Suite]
Xe1phix-[CEH]/Community-[CEH]-Notes		Xe1phix-[CEH]/Community-[CEH]-Notes
Xe1phix-[CGroups]		Xe1phix-[CGroups]
Xe1phix-[Caine]		Xe1phix-[Caine]
Xe1phix-[Caja]-Bookmarks		Xe1phix-[Caja]-Bookmarks
Xe1phix-[Career]		Xe1phix-[Career]
Xe1phix-[Cheatsheets]		Xe1phix-[Cheatsheets]
Xe1phix-[CipherPunk-Activism]		Xe1phix-[CipherPunk-Activism]
Xe1phix-[Cisco]		Xe1phix-[Cisco]
Xe1phix-[ClamAV]		Xe1phix-[ClamAV]
Xe1phix-[ClipStack]		Xe1phix-[ClipStack]
Xe1phix-[Curl]		Xe1phix-[Curl]
Xe1phix-[DMIDecode]		Xe1phix-[DMIDecode]
Xe1phix-[DNS]		Xe1phix-[DNS]
Xe1phix-[Darknet]		Xe1phix-[Darknet]
Xe1phix-[Doc]		Xe1phix-[Doc]
Xe1phix-[Docker]/Community-[Cheatsheets]		Xe1phix-[Docker]/Community-[Cheatsheets]
Xe1phix-[EDU]		Xe1phix-[EDU]
Xe1phix-[Exiftool]		Xe1phix-[Exiftool]
Xe1phix-[FFMpeg]		Xe1phix-[FFMpeg]
Xe1phix-[FileSystems]		Xe1phix-[FileSystems]
Xe1phix-[Firefox]		Xe1phix-[Firefox]
Xe1phix-[Firejail]		Xe1phix-[Firejail]
Xe1phix-[GConfigtool-2]		Xe1phix-[GConfigtool-2]
Xe1phix-[Git]		Xe1phix-[Git]
Xe1phix-[GnuPG]		Xe1phix-[GnuPG]
Xe1phix-[GnuTLS]		Xe1phix-[GnuTLS]
Xe1phix-[Google-Hacking]		Xe1phix-[Google-Hacking]
Xe1phix-[Grub-Hardening]		Xe1phix-[Grub-Hardening]
Xe1phix-[HackerCons]/Defcon-30		Xe1phix-[HackerCons]/Defcon-30
Xe1phix-[History]		Xe1phix-[History]
Xe1phix-[IPSet]		Xe1phix-[IPSet]
Xe1phix-[IPTables]		Xe1phix-[IPTables]
Xe1phix-[IPv6]		Xe1phix-[IPv6]
Xe1phix-[IRC-Hardening]		Xe1phix-[IRC-Hardening]
Xe1phix-[InfoSec-Links]		Xe1phix-[InfoSec-Links]
Xe1phix-[Intrusion-Detection]		Xe1phix-[Intrusion-Detection]
Xe1phix-[Journald]		Xe1phix-[Journald]
Xe1phix-[Kernel-Hardening]		Xe1phix-[Kernel-Hardening]
Xe1phix-[Kubernetes]		Xe1phix-[Kubernetes]
Xe1phix-[LDAP]		Xe1phix-[LDAP]
Xe1phix-[LXC]		Xe1phix-[LXC]
Xe1phix-[Linux-Forensics]		Xe1phix-[Linux-Forensics]
Xe1phix-[Linux-Wiki]/Xe1phix-[InfoSec]-Conference-Materials/Xe1phix-[CipherPunk]/Xe1phix-[CipherPunk]-[Workshop]/Xe1phix-[CipherPunk]-Workshop-[Coursework]		Xe1phix-[Linux-Wiki]/Xe1phix-[InfoSec]-Conference-Materials/Xe1phix-[CipherPunk]/Xe1phix-[CipherPunk]-[Workshop]/Xe1phix-[CipherPunk]-Workshop-[Coursework]
Xe1phix-[MPV]		Xe1phix-[MPV]
Xe1phix-[Malware-Analysis]		Xe1phix-[Malware-Analysis]
Xe1phix-[Markdown]		Xe1phix-[Markdown]
Xe1phix-[Metasploit]		Xe1phix-[Metasploit]
Xe1phix-[Modprobe.d]		Xe1phix-[Modprobe.d]
Xe1phix-[Mount]+[UDisks]+[Gnome-Disks]+[GParted]+[ZuluMount]		Xe1phix-[Mount]+[UDisks]+[Gnome-Disks]+[GParted]+[ZuluMount]
Xe1phix-[Mullvad]-[OpenVPN]+[Wireguard]		Xe1phix-[Mullvad]-[OpenVPN]+[Wireguard]
Xe1phix-[Multimedia]/Xe1phix-Multimedia-[Converting]+[Manipulation]		Xe1phix-[Multimedia]/Xe1phix-Multimedia-[Converting]+[Manipulation]
Xe1phix-[MySQL]		Xe1phix-[MySQL]
Xe1phix-[NMap]		Xe1phix-[NMap]
Xe1phix-[Namespaces]		Xe1phix-[Namespaces]
Xe1phix-[NetworkManager]		Xe1phix-[NetworkManager]
Xe1phix-[Notes]		Xe1phix-[Notes]
Xe1phix-[OPNSense]/Xe1phix-OPNSense-[Backup-Configs]		Xe1phix-[OPNSense]/Xe1phix-OPNSense-[Backup-Configs]
Xe1phix-[OSINT]		Xe1phix-[OSINT]
Xe1phix-[OTP]		Xe1phix-[OTP]
Xe1phix-[OpenSSH]		Xe1phix-[OpenSSH]
Xe1phix-[OpenSSL]		Xe1phix-[OpenSSL]
Xe1phix-[OpenStack]		Xe1phix-[OpenStack]
Xe1phix-[Pandoc]		Xe1phix-[Pandoc]
Xe1phix-[Pastebin]		Xe1phix-[Pastebin]
Xe1phix-[Pax]+[Grsecurity]		Xe1phix-[Pax]+[Grsecurity]
Xe1phix-[Pentesting]		Xe1phix-[Pentesting]
Xe1phix-[Podcasts]		Xe1phix-[Podcasts]
Xe1phix-[ProcFS]		Xe1phix-[ProcFS]
Xe1phix-[ProtonMail]		Xe1phix-[ProtonMail]
Xe1phix-[Qubes]		Xe1phix-[Qubes]
Xe1phix-[RFKill]		Xe1phix-[RFKill]
Xe1phix-[Ransomware-Research]		Xe1phix-[Ransomware-Research]
Xe1phix-[Regex]		Xe1phix-[Regex]
Xe1phix-[SQL]		Xe1phix-[SQL]
Xe1phix-[Service-Hardening]		Xe1phix-[Service-Hardening]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

_ <!> ParrotSec Linux - Public Kiosk Project <!> __

Designing & Implementing A restricted & Trustworthy Environment

About

Releases

Packages

Languages

License

xe1phix/Xe1phix-ParrotSec-Linux-Public-Kiosk

Folders and files

Latest commit

History

Repository files navigation

_____ <!> ParrotSec Linux - Public Kiosk Project <!> ______

Designing & Implementing A restricted & Trustworthy Environment

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

_ <!> ParrotSec Linux - Public Kiosk Project <!> __

Packages