Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-28 07:40:46 -05:00
Code Issues Projects Releases Packages Wiki Activity

Set sysctl kernel.panic=-1

Browse source
This commit is contained in:
raja-grewal 2025-08-17 06:27:44 +00:00 committed by GitHub
parent f1de0da69b
commit 247015bcc6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 11 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

6
usr/lib/sysctl.d/990-security-misc.conf
View file

@ -189,9 +189,11 @@ kernel.perf_event_paranoid=3
#kernel.warn_limit=1
## Force immediate system reboots on the occurrence of a single kernel panic.
## This is an extreme safety option which also creates a large opening for targeted denial of service attacks.
## Ensures the system does not hang forever if a panic occurs, reducing susceptibility to cold boot attacks.
## Increases resilience and limits impact of denial of service attacks as system automatically restarts.
## Immediate rebooting also prevents persistent information disclosure on panic details that were dumped to screen.
##
## KSPP=no
## KSPP=yes
## KSPP sets CONFIG_PANIC_TIMEOUT=-1.
##
## See /usr/libexec/security-misc/panic-on-oops for implementation.

6
usr/libexec/security-misc/panic-on-oops
View file

@ -21,6 +21,6 @@ sysctl kernel.oops_limit=1
sysctl kernel.warn_limit=1
## Makes the system immediately reboot on the occurrence of a single
## kernel panic. This is an extreme safety option which also creates
## a large opening for targeted denial of service attacks.
#sysctl kernel.panic=-1
## kernel panic. This reduces the risk and impact of both denial of
## service and cold boot attacks.
sysctl kernel.panic=-1