Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Revert "undo Disabling TCP SACK, DSACK, FACK"

Browse Source 
This reverts commit 5fb4eb8e56.
This commit is contained in:
Patrick Schleizer 2019-10-05 13:13:46 +00:00
parent 62a0239207
commit 02096f8d7c
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
3 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/control vendored
View File

@ -43,6 +43,8 @@ Description: enhances misc security settings
* The TCP/IP stack is hardened. * The TCP/IP stack is hardened.
. .
* This package makes some data spoofing attacks harder. * This package makes some data spoofing attacks harder.
.
* SACK is disabled as it is commonly exploited and is rarely used.
. .
* This package disables the merging of slabs of similar sizes to prevent an * This package disables the merging of slabs of similar sizes to prevent an
attacker from exploiting them. attacker from exploiting them.

3
debian/security-misc.maintscript vendored
View File

@ -8,6 +8,3 @@ rm_conffile /etc/default/grub.d/40_only_allow_signed_modules.cfg
## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079 ## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079
rm_conffile /etc/sysctl.d/sysrq.conf rm_conffile /etc/sysctl.d/sysrq.conf
## https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/5
rm_conffile /etc/sysctl.d/tcp_sack.conf

5
etc/sysctl.d/tcp_sack.conf Normal file
View File

@ -0,0 +1,5 @@
# Disables SACK as it is commonly exploited and likely not needed.
# https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109
net.ipv4.tcp_sack=0
net.ipv4.tcp_dsack=0
net.ipv4.tcp_fack=0