Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-04 16:55:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

readme

Browse Source
This commit is contained in:
Patrick Schleizer 2020-02-15 15:28:30 -05:00
parent 757df8fceb
commit 3df008f0b9
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -30,7 +30,9 @@ attacks, enabling RFC1337 to protect against time-wait assassination
attacks and enabling reverse path filtering to prevent IP spoofing and attacks and enabling reverse path filtering to prevent IP spoofing and
mitigate vulnerabilities such as CVE-2019-14899. mitigate vulnerabilities such as CVE-2019-14899.
* Some data spoofing attacks are made harder. * Avoids unintentional writes to attacker-controlled files.
* Prevents symlink/hardlink TOCTOU races.
* SACK can be disabled as it is commonly exploited and is rarely used by * SACK can be disabled as it is commonly exploited and is rarely used by
uncommenting settings in file /etc/sysctl.d/30_security-misc.conf. uncommenting settings in file /etc/sysctl.d/30_security-misc.conf.
@ -100,6 +102,11 @@ as early as possible.
* The kernel panics on oopses to prevent it from continuing to run a flawed * The kernel panics on oopses to prevent it from continuing to run a flawed
process and to deter brute forcing. process and to deter brute forcing.
* Restricts the SysRq key so it can only be used for shutdowns and the
Secure Attention Key.
* Restricts loading line disciplines to CAP_SYS_MODULE.
Improve Entropy Collection Improve Entropy Collection
* Load jitterentropy_rng kernel module. * Load jitterentropy_rng kernel module.