Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-08-02 11:06:15 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into text_2

Browse source
This commit is contained in:
raja-grewal 2024-10-06 10:48:52 +00:00 committed by GitHub
commit 0c0774f6c0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 53 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -37,8 +37,10 @@ Kernel space:
- Entirely disable the SysRq key so that the Secure Attention Key (SAK)
can no longer be utilized. See [documentation](https://www.kicksecure.com/wiki/SysRq).
- Restrict user namespaces to `CAP_SYS_ADMIN` as they can lead to substantial
privilege escalation. Optional - Disable all use of user namespaces.
- Optional - Restrict user namespaces to `CAP_SYS_ADMIN` as they can lead to substantial
privilege escalation.
- Optional - Disable all use of user namespaces.
- Restrict kernel profiling and the performance events system to `CAP_PERFMON`.
@ -227,14 +229,14 @@ Forces an immediate reboot on kernel panic. This can be enabled, but it may lead
* [security-misc pull request #264](https://github.com/Kicksecure/security-misc/pull/264)
* [security-misc pull request #268](https://github.com/Kicksecure/security-misc/pull/268)
**Non-compliance:**
3. `sysctl user.max_user_namespaces=0`
Disables user namespaces entirely. Not recommended due to the potential for widespread breakages.
* [security-misc pull request #263](https://github.com/Kicksecure/security-misc/pull/263)
**Non-compliance:**
4. `sysctl fs.binfmt_misc.status=0`
Disables the registration of interpreters for miscellaneous binary formats. Currently not feasible due to compatibility issues with Firefox.