Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-25 18:16:39 -05:00
Code Issues Projects Releases Packages Wiki Activity

Update docs on recovery restrictions

Browse source
This commit is contained in:
raja-grewal 2025-08-06 15:53:49 +10:00 committed by GitHub
parent 498551536c
commit 4166d6d1e6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
etc/default/grub.d/41_recovery_restrict.cfg
View file

@ -7,14 +7,17 @@
## KSPP=no: not (currently) compliant with recommendations by the KSPP
## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
## Disable access to single-user (recovery) mode.
## Disable access to the GRUB single-user (recovery) mode menu entries.
##
## https://forums.kicksecure.com/t/remove-linux-recovery-mode-boot-option-from-default-grub-boot-menu/727
##
GRUB_DISABLE_RECOVERY="true"
## Disable access to Dracut's recovery console.
## Prevents the emergency shell from starting automatically during boot failures.
##
## https://insinuator.net/2025/07/insecure-boot-injecting-initramfs-from-a-debug-shell/
## https://serverfault.com/questions/554853/how-can-i-secure-the-dracut-shell
## https://forums.kicksecure.com/t/harden-dracut-initramfs-generator-by-disabling-recovery-console/724
##
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT rd.emergency=halt"