first commit
This commit is contained in:
STP
15
etc_org/sysctl.d/10-kernel-hardening.conf
Normal file
15
etc_org/sysctl.d/10-kernel-hardening.conf
Normal file
@@ -0,0 +1,15 @@
|
||||
# These settings are specific to hardening the kernel itself from attack
|
||||
# from userspace, rather than protecting userspace from other malicious
|
||||
# userspace things.
|
||||
#
|
||||
#
|
||||
# When an attacker is trying to exploit the local kernel, it is often
|
||||
# helpful to be able to examine where in memory the kernel, modules,
|
||||
# and data structures live. As such, kernel addresses should be treated
|
||||
# as sensitive information.
|
||||
#
|
||||
# Many files and interfaces contain these addresses (e.g. /proc/kallsyms,
|
||||
# /proc/modules, etc), and this setting can censor the addresses. A value
|
||||
# of "0" allows all users to see the kernel addresses. A value of "1"
|
||||
# limits visibility to the root user, and "2" blocks even the root user.
|
||||
kernel.kptr_restrict = 1
|
||||
Reference in New Issue
Block a user