Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-22 16:39:49 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'github-kicksecure/master'

Browse Source
This commit is contained in:
Patrick Schleizer 2025-02-09 18:01:43 -05:00
commit 0615e6e995
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -168,11 +168,16 @@ kernel.perf_event_paranoid=3
## Can sometimes potentially indicate and thwart certain kernel exploitation attempts.
## Panics may be due to false-positives such as bad drivers.
## Oopses are serious but non-fatal errors.
## Kernel warnings are useful to avoid a when attempting to access the location of a WARN().
## Warnings are messages generated by the kernel to indicate unexpected conditions or errors.
## By default, code execution continues regardless of warnings emitted by macros like WARN() and WARN_ON().
## Note that by forcing kernel panics on oopses and warnings, this exposes the system to targeted denial of service attacks.
## Forcing immediate system reboots on any single kernel panic is an extreme option.
##
## https://en.wikipedia.org/wiki/Kernel_panic#Linux
## https://en.wikipedia.org/wiki/Linux_kernel_oops
## https://en.wikipedia.org/wiki/Kdump_(Linux)
## https://lwn.net/Articles/876209/
## https://git.sr.ht/~gregkh/presentation-security/tree/3fdaf81a2f8b2c8d64cdb2f529cc714624868aa8/item/security-stuff.pdf
## https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panisc-on-oops-1-sysctl-for-better-security/7713
##
## KSPP=partial