From 21ccde0d722c49a584486e882e5d4a304468949e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Feb 2017 00:02:06 +0100 Subject: l 2: add security-workarounds --- lass/2configs/default.nix | 4 ++-- lass/2configs/security-workarounds.nix | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 lass/2configs/security-workarounds.nix diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 8100a433f..5f383a91d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -1,5 +1,4 @@ -{ config, lib, pkgs, ... }: - +{ config, pkgs, ... }: with import ; { imports = [ @@ -11,6 +10,7 @@ with import ; ../2configs/vim.nix ../2configs/monitoring/client.nix ./backups.nix + ./security-workarounds.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix new file mode 100644 index 000000000..537c8a59b --- /dev/null +++ b/lass/2configs/security-workarounds.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +with import ; +{ + # http://seclists.org/oss-sec/2017/q1/471 + boot.extraModprobeConfig = '' + install dccp /run/current-system/sw/bin/false + ''; +} -- cgit v1.2.3