Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-01 23:06:06 -04:00
Code Issues Projects Releases Packages Wiki Activity

readme

Browse source
This commit is contained in:
Patrick Schleizer 2020-02-15 15:28:30 -05:00
parent 757df8fceb
commit 3df008f0b9
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
README.md
View file

@ -30,7 +30,9 @@ attacks, enabling RFC1337 to protect against time-wait assassination
attacks and enabling reverse path filtering to prevent IP spoofing and
mitigate vulnerabilities such as CVE-2019-14899.
* Some data spoofing attacks are made harder.
* Avoids unintentional writes to attacker-controlled files.
* Prevents symlink/hardlink TOCTOU races.
* SACK can be disabled as it is commonly exploited and is rarely used by
uncommenting settings in file /etc/sysctl.d/30_security-misc.conf.
@ -100,6 +102,11 @@ as early as possible.
* The kernel panics on oopses to prevent it from continuing to run a flawed
process and to deter brute forcing.
* Restricts the SysRq key so it can only be used for shutdowns and the
Secure Attention Key.
* Restricts loading line disciplines to CAP_SYS_MODULE.
Improve Entropy Collection
* Load jitterentropy_rng kernel module.