KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d59694eefa45c23cea99223097eabaa9ee6b462
football/config/package-lists/knel-football.list.chroot
reachableceo 9459c84fbc fix: resolve all audit findings in hooks, config, and package list 
Security/Functional Fixes:
- firewall-setup.sh: Added WireGuard allow, established/related, DHCP
  (was blocking ALL outbound including VPN - system was non-functional)
- disable-package-management.sh: Preserve /var/lib/dpkg/ for queries
  (was destroying dpkg database with rm -rf)
- encryption-validation.sh: Fixed inverted motd conditional
  (was creating file only if it already existed - backwards)
- kernel-hardening.sh: Removed kernel.exec-shield (Red Hat only)
  Changed user.max_user_namespaces from 0 to 100
- sudo-hardening.sh: Removed Defaults requiretty
  (was breaking GUI-launched sudo via pkexec)
- encryption-setup.sh: Fixed conflicting stdin in luksAddKey
- install-scripts.sh: Fixed embedded firewall (same WireGuard bug)
  Replaced gutted security-hardening stub with real status checker
- GRUB config: Fixed serial_console → serial (invalid terminal name)
- Package list: Removed audispd-plugins (deprecated in Debian 13),
  removed duplicate wireguard/wireguard-tools entries

Reference: Full audit findings from Session 7 JOURNAL.md

💘 Generated with Crush

Assisted-by: GLM-5.1 via Crush <crush@charm.land>
2026-05-07 08:41:52 -05:00

46 lines
620 B
Plaintext
Raw Blame History

# Package lists for live-build
# Core system packages
linux-image-amd64
initramfs-tools
# Secure Boot support (MANDATORY for UEFI systems)
shim-signed
grub-efi-amd64-signed
grub-efi-amd64-bin
efibootmgr
efitools
sbsigntool
binutils
# Desktop environment
icewm
lightdm
lightdm-gtk-greeter
xorg
xserver-xorg-core
xserver-xorg-input-all
# Applications
remmina
remmina-plugin-rdp
mousepad
zbar-tools
pcmanfm
# Network utilities (client only - NO inbound services)
openssh-client
wireguard
wireguard-tools
nftables
# Security tools
auditd
aide
aide-common
rsyslog
sudo
# Filesystem support
e2fsprogs
dosfstools
ntfs-3g
Reference in New Issue View Git Blame Copy Permalink