Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

description

Browse Source
This commit is contained in:
Patrick Schleizer 2020-01-24 04:33:30 -05:00
parent e0aa67677d
commit 3a4d283169
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
debian/control vendored
View File

@ -37,7 +37,7 @@ Description: enhances misc security settings
very useful for kernel exploits.
.
* Kexec is disabled as it can be used to load a malicious kernel.
/etc/sysctl.d/kexec.conf
/etc/sysctl.d/security-misc.conf
.
* ASLR effectiveness for mmap is increased.
.
@ -51,7 +51,7 @@ Description: enhances misc security settings
* Some data spoofing attacks are made harder.
.
* SACK can be disabled as it is commonly exploited and is rarely used by
uncommenting settings in file /etc/sysctl.d/tcp_sack.conf.
uncommenting settings in file /etc/sysctl.d/security-misc.conf.
.
* Slab merging is disabled as sometimes a slab can be used in a vulnerable
way which an attacker can exploit.
@ -80,7 +80,7 @@ Description: enhances misc security settings
* Coredumps are disabled as they may contain important information such as
encryption keys or passwords.
/etc/security/limits.d/disable-coredumps.conf
/etc/sysctl.d/coredumps.conf
/etc/sysctl.d/security-misc.conf
/lib/systemd/coredump.conf.d/disable-coredumps.conf
.
* The thunderbolt and firewire kernel modules are blacklisted as they can be
@ -286,7 +286,7 @@ Description: enhances misc security settings
public IP used by a user.
.
Hence, this package disables this feature by shipping the
/etc/sysctl.d/tcp_timestamps.conf configuration file.
/etc/sysctl.d/security-misc.conf configuration file.
.
Note that TCP time stamps normally have some usefulness. They are
needed for: