Merge pull request #125 from obsti8383/feature/libreoffice

LibreOffice Hardening using Registry

README.md

@@ -5,7 +5,7 @@
 [![Build Status](https://travis-ci.org/securitywithoutborders/hardentools.svg?branch=master)](https://travis-ci.org/securitywithoutborders/hardentools)
 [![Go Report Card][goreportcard-badge]][goreportcard]
 
-Hardentools is designed to disable a number of "features" exposed by Microsoft Windows 10 and 11 and some widely used applications (Microsoft Office and Adobe PDF Reader, for now). These features, commonly thought for enterprise customers, are generally useless to regular users and rather pose as dangers as they are very commonly abused by attackers to execute malicious code on a victim's computer. The intent of this tool is to simply reduce the attack surface by disabling the low-hanging fruit. **Hardentools is intended for individuals at risk, who might want an extra level of security at the price of *some* usability**. It is not intended for corporate environments.
+Hardentools is designed to disable a number of "features" exposed by Microsoft Windows 10 and 11 and some widely used applications (Microsoft Office, LibreOffice and Adobe PDF Reader, for now). These features, commonly thought for enterprise customers, are generally useless to regular users and rather pose as dangers as they are very commonly abused by attackers to execute malicious code on a victim's computer. The intent of this tool is to simply reduce the attack surface by disabling the low-hanging fruit. **Hardentools is intended for individuals at risk, who might want an extra level of security at the price of *some* usability**. It is not intended for corporate environments.
 
 > **WARNING**: This tool disables a number of features, including of Microsoft Office, Adobe Reader, and Windows, that might cause malfunctions to certain applications. You can find a complete list of changes [here](https://github.com/securitywithoutborders/hardentools/wiki). Use this at your own risk.
 

global_vars.go

@@ -1,5 +1,5 @@
 // Hardentools
-// Copyright (C) 2017-2021 Security Without Borders
+// Copyright (C) 2017-2023 Security Without Borders
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
@@ -44,6 +44,11 @@ var hardenSubjectsForPrivilegedUsers = append(hardenSubjectsForUnprivilegedUsers
  WindowsASR,
  LSA,
  PUA,
+ LibreOfficeMacroSecurityLevel,
+ LibreOfficeHyperlinksWithCtrlClick,
+ LibreOfficeBlockUntrustedRefererLinks,
+ LibreOfficeUpdateCheck,
+ LibreOfficeDisableUpdateLink,
 }...)
 
 var expertConfig map[string]bool

go.mod

@@ -4,14 +4,14 @@ go 1.19
 
 require (
  fyne.io/fyne/v2 v2.3.1
- github.com/CycloneDX/cyclonedx-gomod v1.3.0
+ github.com/CycloneDX/cyclonedx-gomod v1.4.0
  github.com/akavel/rsrc v0.10.2
- golang.org/x/sys v0.6.0
+ golang.org/x/sys v0.7.0
 )
 
 require (
  fyne.io/systray v1.10.1-0.20230207085535-4a244dbb9d03 // indirect
- github.com/CycloneDX/cyclonedx-go v0.7.0 // indirect
+ github.com/CycloneDX/cyclonedx-go v0.7.1 // indirect
  github.com/Microsoft/go-winio v0.6.0 // indirect
  github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
  github.com/acomagu/bufpipe v1.0.4 // indirect
@@ -29,7 +29,7 @@ require (
  github.com/go-enry/go-license-detector/v4 v4.3.0 // indirect
  github.com/go-git/gcfg v1.5.0 // indirect
  github.com/go-git/go-billy/v5 v5.4.1 // indirect
- github.com/go-git/go-git/v5 v5.6.0 // indirect
+ github.com/go-git/go-git/v5 v5.6.1 // indirect
  github.com/go-gl/gl v0.0.0-20211210172815-726fda9656d6 // indirect
  github.com/go-gl/glfw/v3.3/glfw v0.0.0-20221017161538-93cebf72946b // indirect
  github.com/go-text/typesetting v0.0.0-20230212093906-959574cbf271 // indirect
@@ -61,13 +61,13 @@ require (
  github.com/tevino/abool v1.2.0 // indirect
  github.com/xanzy/ssh-agent v0.3.3 // indirect
  github.com/yuin/goldmark v1.5.4 // indirect
- golang.org/x/crypto v0.7.0 // indirect
+ golang.org/x/crypto v0.8.0 // indirect
  golang.org/x/exp v0.0.0-20230310171629-522b1b587ee0 // indirect
  golang.org/x/image v0.6.0 // indirect
  golang.org/x/mobile v0.0.0-20230301163155-e0f57694e12c // indirect
- golang.org/x/mod v0.9.0 // indirect
- golang.org/x/net v0.8.0 // indirect
- golang.org/x/text v0.8.0 // indirect
+ golang.org/x/mod v0.10.0 // indirect
+ golang.org/x/net v0.9.0 // indirect
+ golang.org/x/text v0.9.0 // indirect
  golang.org/x/tools v0.7.0 // indirect
  gonum.org/v1/gonum v0.12.0 // indirect
  gopkg.in/neurosnap/sentences.v1 v1.0.7 // indirect

go.sum

@@ -46,8 +46,12 @@ github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/CycloneDX/cyclonedx-go v0.7.0 h1:jNxp8hL7UpcvPDFXjY+Y1ibFtsW+e5zyF9QoSmhK/zg=
 github.com/CycloneDX/cyclonedx-go v0.7.0/go.mod h1:W5Z9w8pTTL+t+yG3PCiFRGlr8PUlE0pGWzKSJbsyXkg=
+github.com/CycloneDX/cyclonedx-go v0.7.1 h1:5w1SxjGm9MTMNTuRbEPyw21ObdbaagTWF/KfF0qHTRE=
+github.com/CycloneDX/cyclonedx-go v0.7.1/go.mod h1:N/nrdWQI2SIjaACyyDs/u7+ddCkyl/zkNs8xFsHF2Ps=
 github.com/CycloneDX/cyclonedx-gomod v1.3.0 h1:G0xsizLbyOOmx/p6d3nx4IMMaqv9/ASOGIZOSk+fcpU=
 github.com/CycloneDX/cyclonedx-gomod v1.3.0/go.mod h1:jqduZLsVxeYIrJFansmvH86sR9qrGSdl0T+MPhSLzrw=
+github.com/CycloneDX/cyclonedx-gomod v1.4.0 h1:4bqKrSoBaVbfsfsvgGgmgn1IgzUQgxiygfx59Ji9in8=
+github.com/CycloneDX/cyclonedx-gomod v1.4.0/go.mod h1:SOPQVAGgGi+TWrL4fmpb3DdbiO6RU7Fz4DSX9ccGUCM=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
@@ -157,6 +161,8 @@ github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6
 github.com/go-git/go-git/v5 v5.1.0/go.mod h1:ZKfuPUoY1ZqIG4QG9BDBh3G4gLM5zvPuSJAozQrZuyM=
 github.com/go-git/go-git/v5 v5.6.0 h1:JvBdYfcttd+0kdpuWO7KTu0FYgCf5W0t5VwkWGobaa4=
 github.com/go-git/go-git/v5 v5.6.0/go.mod h1:6nmJ0tJ3N4noMV1Omv7rC5FG3/o8Cm51TB4CJp7mRmE=
+github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk=
+github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC2MDs4ee8=
 github.com/go-gl/gl v0.0.0-20211210172815-726fda9656d6 h1:zDw5v7qm4yH7N8C8uWd+8Ii9rROdgWxQuGoJ9WDXxfk=
 github.com/go-gl/gl v0.0.0-20211210172815-726fda9656d6/go.mod h1:9YTyiznxEY1fVinfM7RvRcjRHbw2xLBJ3AAGIT0I4Nw=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -459,8 +465,11 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
+golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -517,6 +526,8 @@ golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=
 golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -562,8 +573,11 @@ golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfS
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -655,13 +669,16 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
+golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -675,6 +692,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

hardentools-cli.bom.xml

@@ -1,18 +1,18 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:4d3bfdbd-5e39-4f18-a313-c8adb2088bc4" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:d699d7de-8e0a-4d12-803f-88257ecb8cba" version="1">
  <metadata>
- <timestamp>2023-03-11T16:03:20+01:00</timestamp>
+ <timestamp>2023-06-25T17:23:56+02:00</timestamp>
  <tools>
  <tool>
  <vendor>CycloneDX</vendor>
  <name>cyclonedx-gomod</name>
- <version>v1.3.0</version>
+ <version>v1.4.0</version>
  <hashes>
- <hash alg="MD5">0255977fae8ab918c7da013da338286a</hash>
- <hash alg="SHA-1">056a39fb41be41ab1a0f5ca001cb963e0f58e167</hash>
- <hash alg="SHA-256">6ca8c8fabef870fa30650442a26a1763639f6eae42f3bf95c5fe8f38a9803136</hash>
- <hash alg="SHA-384">73d03f7676a2d86652872b7303ff763b9b694381ccb97e7c3cd274d20a44a3f5dce602844aed9d6ca840fb23b8be8724</hash>
- <hash alg="SHA-512">d4762f38ed2b97113f02905bb4b39994a3f8133546328e380e36497beeaa3ae629843b9da991192b0e81b024e7a10b4efb7c89220b80be70d79685b964729086</hash>
+ <hash alg="MD5">bb01e5af8b074d38f43233194a54853f</hash>
+ <hash alg="SHA-1">ff6f45a9ff7ca7261c020a4821c4052801cafdca</hash>
+ <hash alg="SHA-256">fceb8cd442090e2407263cc63e91042976478d51108eecf86e9845f04b4feadb</hash>
+ <hash alg="SHA-384">5e07126975d1785c6ad83462cb4eacba5da08a887837b1b81d16b346c1e2de77057a7c6e150d209bc95cb96101033a7b</hash>
+ <hash alg="SHA-512">f64e60c95ceae90bdaff6f98dcd35f678d739f9ed0907cf95b3206530f12e7f78ecc2ec90c765f3b1c8850cc3ab6497bbfe7b6f0c091bef705feb6974063bfed</hash>
  </hashes>
  <externalReferences>
  <reference type="vcs">
@@ -27,7 +27,7 @@
  <component bom-ref="pkg:golang/github.com/securitywithoutborders/[email protected]?type=module" type="application">
  <name>github.com/securitywithoutborders/hardentools</name>
  <version>v2.4.1-0.20221229114517-9e3e9d24fa5b</version>
- <purl>pkg:golang/github.com/securitywithoutborders/[email protected]?type=module</purl>
+ <purl>pkg:golang/github.com/securitywithoutborders/[email protected]?type=module&amp;goos=windows&amp;goarch=386</purl>
  <externalReferences>
  <reference type="vcs">
  <url>https://github.com/securitywithoutborders/hardentools</url>
@@ -50,14 +50,14 @@
  </component>
  </metadata>
  <components>
- <component bom-ref="pkg:golang/golang.org/x/sys@v0.6.0?type=module" type="library">
+ <component bom-ref="pkg:golang/golang.org/x/sys@v0.7.0?type=module" type="library">
  <name>golang.org/x/sys</name>
- <version>v0.6.0</version>
+ <version>v0.7.0</version>
  <scope>required</scope>
  <hashes>
- <hash alg="SHA-256">31596d652bd14dc53696340e86cf784973dfb55e8308d9d95621de429b3cee94</hash>
+ <hash alg="SHA-256">de39420884193dd398bb587c06436f2f3f0a830b5a7b671a81c1bf55a9ad6515</hash>
  </hashes>
- <purl>pkg:golang/golang.org/x/sys@v0.6.0?type=module</purl>
+ <purl>pkg:golang/golang.org/x/sys@v0.7.0?type=module&amp;goos=windows&amp;goarch=386</purl>
  <evidence>
  <licenses>
  <license>
@@ -69,8 +69,8 @@
  </components>
  <dependencies>
  <dependency ref="pkg:golang/github.com/securitywithoutborders/[email protected]?type=module">
- <dependency ref="pkg:golang/golang.org/x/sys@v0.6.0?type=module"></dependency>
+ <dependency ref="pkg:golang/golang.org/x/sys@v0.7.0?type=module"></dependency>
  </dependency>
- <dependency ref="pkg:golang/golang.org/x/sys@v0.6.0?type=module"></dependency>
+ <dependency ref="pkg:golang/golang.org/x/sys@v0.7.0?type=module"></dependency>
  </dependencies>
 </bom>