Page MenuHomePhabricator
Projects enhancement

enhancementProject
ActivePublic
Watch Project

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity
View All

Jan 19 2023

Patrick closed T375: Include Debian ReportBug GUI? as Wontfix.

Due to phabricator being deprecated upstream, all tickets need to me migrated. Therefore closing here.

Jan 19 2023, 11:01 AM · enhancement, anon-meta-packages, Whonix, Debian version 8 codename Jessie

Dec 8 2022

Patrick renamed T802: whonixcheck should check if torsocks IsolatePID stream isolation is functional from whonixcheck should check if torsocks IsolatePID stream isolation is functinoal to whonixcheck should check if torsocks IsolatePID stream isolation is functional.
Dec 8 2022, 4:46 PM · enhancement, easy, whonixcheck, Whonix, Whonix 16
Patrick closed T944: Hardened sshd Setup as Wontfix.

This is for whonix.org server security?

Dec 8 2022, 4:28 PM · enhancement, Whonix

Jan 12 2021

Patrick added a comment to T533: iptables block network access until sdwdate succeeded.

I am not sure sdwdate-gui would be a strong enough notification if networking was actually blocked if sdwdate did not succeed yet.

Jan 12 2021, 7:51 AM · Whonix, usability, whonix-ws-firewall, whonix-gw-firewall, iptables, python, security, enhancement, sdwdate-gui, sdwdate
Patrick updated the task description for T533: iptables block network access until sdwdate succeeded.
Jan 12 2021, 3:53 AM · Whonix, usability, whonix-ws-firewall, whonix-gw-firewall, iptables, python, security, enhancement, sdwdate-gui, sdwdate

Feb 16 2020

Patrick updated the task description for T504: anon-connection-wizard development.
Feb 16 2020, 9:13 AM · Whonix, anon-connection-wizard, python, usability, enhancement
Patrick updated the task description for T504: anon-connection-wizard development.
Feb 16 2020, 9:12 AM · Whonix, anon-connection-wizard, python, usability, enhancement
Patrick updated the task description for T504: anon-connection-wizard development.
Feb 16 2020, 9:12 AM · Whonix, anon-connection-wizard, python, usability, enhancement
Patrick updated the task description for T504: anon-connection-wizard development.
Feb 16 2020, 9:11 AM · Whonix, anon-connection-wizard, python, usability, enhancement

Dec 8 2019

HulaHoop triaged T944: Hardened sshd Setup as Normal priority.
Dec 8 2019, 3:06 PM · enhancement, Whonix

Nov 6 2019

Patrick updated subscribers of T362: systemd SystemCallFilter= containment option seccomp hardening.
Nov 6 2019, 2:34 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick closed T362: systemd SystemCallFilter= containment option seccomp hardening as Resolved.

This was done. If not, please create specific tickets where it isn't done.

Nov 6 2019, 2:34 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix

Sep 14 2019

Patrick updated the task description for T89: Whonix Control Panel.
Sep 14 2019, 5:45 PM · Whonix, Apps, enhancement, usability

Jul 8 2019

Patrick closed T631: re-enable tor-controlport-filter.service systemd hardening as Resolved.
Jul 8 2019, 7:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Removed a few. Would not start without openat, so kept.

Jul 8 2019, 7:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Jul 8 2019, 6:30 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 7 2019

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Jul 7 2019, 11:06 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Can we exclude ExecStartPre=/usr/lib/onion-grater-merger from systemd hardening?

Jul 7 2019, 10:53 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Error back after reboot.

Jul 7 2019, 9:50 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 6 2019

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Jul 6 2019, 2:23 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Jul 6 2019, 11:03 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 4 2019

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder.

Jul 4 2019, 3:09 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/commit/8480cff304ea019b25dc49d91672e7c3f8599a07

Jul 4 2019, 5:59 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder. Nothing in the code of
/usr/lib/onion-grater-merger writes to /usr/lib/onion-grater-merger.

Jul 4 2019, 5:41 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 3 2019

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

I just re-read the error message. Try adding

Jul 3 2019, 3:10 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

That's weird. Onion-grater is trying to write to somewhere that's being mounted read-only by systemd.

Jul 3 2019, 2:56 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 1 2019

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Merged your changes.

Jul 1 2019, 8:11 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jun 29 2019

marmarek added a comment to T324: Add package needrestart.
In T324#18696, @Patrick wrote:

What is a good way to detect that users are using VM kernel in Qubes? @marmarek If uname -r outputs 4.19.43-1.pvops.qubes.x86_64 i.e. matches *pvops* it means that no VM kernel is being used?

Jun 29 2019, 10:55 AM · upstream, usability, enhancement, anon-meta-packages, Whonix
Patrick updated subscribers of T324: Add package needrestart.

needrestart works good enough for it to be implemented as a test in whonixcheck (--verbose?).

Jun 29 2019, 10:13 AM · upstream, usability, enhancement, anon-meta-packages, Whonix

Jun 24 2019

Patrick edited projects for T631: re-enable tor-controlport-filter.service systemd hardening, added: Whonix 15; removed Whonix 16.
Jun 24 2019, 1:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jun 23 2019

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Does it work after you comment ProtectSystem=strict and ReadWriteDirectories=? I think on Qubes-Whonix it is trying to write to a directory in /var/run (probably /var/run/qubes-service). I can't test as I don't use Qubes.

Jun 23 2019, 6:25 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Unfortunately not. On Qubes-Whonix. Could be Non-Qubes-Whonix vs
Qubes-Whonix?

Jun 23 2019, 5:53 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Does it work using this? It looks like it needs the openat syscall which it now allows.

Jun 23 2019, 2:31 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick updated subscribers of T631: re-enable tor-controlport-filter.service systemd hardening.

Does not work yet. @madaidan

Jun 23 2019, 8:27 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

May 7 2019

Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 11:59 AM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 11:52 AM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 11:51 AM · Whonix, Apps, enhancement, usability

Apr 6 2019

Patrick removed a project from T386: meek Pluggable Transport: Debian version 10 codename Buster.
Apr 6 2019, 2:38 PM · enhancement, circumvention, Whonix
Patrick updated subscribers of T386: meek Pluggable Transport.
Apr 6 2019, 2:38 PM · enhancement, circumvention, Whonix

Mar 21 2019

Patrick updated the task description for T89: Whonix Control Panel.
Mar 21 2019, 2:05 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
Mar 21 2019, 2:05 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
Mar 21 2019, 2:05 PM · Whonix, Apps, enhancement, usability

Jan 23 2019

Patrick updated the task description for T114: Permanent Takedown Attack Defender.
Jan 23 2019, 10:15 AM · whonixcheck, upstream, enhancement, security, Whonix
Patrick updated the task description for T114: Permanent Takedown Attack Defender.
Jan 23 2019, 10:14 AM · whonixcheck, upstream, enhancement, security, Whonix

Jan 15 2019

Patrick updated the task description for T89: Whonix Control Panel.
Jan 15 2019, 7:48 AM · Whonix, Apps, enhancement, usability

Dec 7 2018

Patrick removed a project from T486: Disable conntrack helper?: Whonix 15.
Dec 7 2018, 11:08 AM · Whonix, whonix-ws-firewall, whonix-gw-firewall, enhancement, security
Patrick removed a project from T504: anon-connection-wizard development: Whonix 15.
Dec 7 2018, 11:07 AM · Whonix, anon-connection-wizard, python, usability, enhancement
Patrick removed a project from T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes): Whonix 15.
Dec 7 2018, 11:06 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick assigned T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes) to troubadour.
Dec 7 2018, 11:06 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick removed a project from T456: msgdispatcher_dispatch_x 'details' and 'more help' button to improve whonixcheck error messages etc. usability: Whonix 15.
Dec 7 2018, 11:05 AM · whonixcheck, msgcollector, enhancement, usability, Whonix, graphical user interface, python
Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer