Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add more kernel hardening parameters

Browse Source
This commit is contained in:
madaidan 2019-06-23 17:54:34 +00:00 committed by GitHub
parent 5269cfeef9
commit 2178fb37a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
etc/default/grub.d/40_kernel_hardening.cfg
View File

@ -9,3 +9,12 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_poison=1"
# Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit. # Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
# Enables Kernel Page Table Isolation which mitigates Meltdown and improves KASLR.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on"
# Disables smt which can be used to exploit the MDS vulnerability.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nosmt"
# Enables all mitigations for the MDS vulnerability.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full"