debian/control syntax fix

This commit is contained in:
Patrick Schleizer 2019-06-23 19:47:05 +00:00
parent a098b18560
commit 4e32438d75
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48

30
debian/control vendored
View File

@ -60,38 +60,38 @@ Description: enhances misc security settings
. .
Hence, this package disables this feature by shipping the Hence, this package disables this feature by shipping the
/etc/sysctl.d/nf_conntrack_helper.conf configuration file. /etc/sysctl.d/nf_conntrack_helper.conf configuration file.
.
Kernel symbols in /proc/kallsyms are hidden to prevent malware from Kernel symbols in /proc/kallsyms are hidden to prevent malware from
reading them and using them to learn more about what to attack on your system. reading them and using them to learn more about what to attack on your system.
.
Kexec is disabled as it can be used for live patching of the running kernel. Kexec is disabled as it can be used for live patching of the running kernel.
.
The BPF JIT compiler is restricted to the root user and is hardened. The BPF JIT compiler is restricted to the root user and is hardened.
.
ASLR effectiveness for mmap is increased. ASLR effectiveness for mmap is increased.
.
The ptrace system call is restricted to the root user only. The ptrace system call is restricted to the root user only.
.
The TCP/IP stack is hardened. The TCP/IP stack is hardened.
.
This package makes some data spoofing attacks harder. This package makes some data spoofing attacks harder.
.
SACK is disabled as it is commonly exploited and is rarely used. SACK is disabled as it is commonly exploited and is rarely used.
.
This package disables the merging of slabs of similar sizes to prevent an This package disables the merging of slabs of similar sizes to prevent an
attacker from exploiting them. attacker from exploiting them.
.
Sanity checks, redzoning, and memory poisoning are enabled. Sanity checks, redzoning, and memory poisoning are enabled.
.
The kernel now panics on uncorrectable errors in ECC memory which could The kernel now panics on uncorrectable errors in ECC memory which could
be exploited. be exploited.
.
Kernel Page Table Isolation is enabled to mitigate Meltdown and increase Kernel Page Table Isolation is enabled to mitigate Meltdown and increase
KASLR effectiveness. KASLR effectiveness.
.
SMT is disabled as it can be used to exploit the MDS vulnerability. SMT is disabled as it can be used to exploit the MDS vulnerability.
.
All mitigations for the MDS vulnerability are enabled. All mitigations for the MDS vulnerability are enabled.
.
DCCP, SCTP, TIPC and RDS are blacklisted as they are rarely used and may have DCCP, SCTP, TIPC and RDS are blacklisted as they are rarely used and may have
unknown vulnerabilities. unknown vulnerabilities.