mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-24 14:09:22 -05:00
debian/control syntax fix
This commit is contained in:
parent
a098b18560
commit
4e32438d75
30
debian/control
vendored
30
debian/control
vendored
@ -60,38 +60,38 @@ Description: enhances misc security settings
|
|||||||
.
|
.
|
||||||
Hence, this package disables this feature by shipping the
|
Hence, this package disables this feature by shipping the
|
||||||
/etc/sysctl.d/nf_conntrack_helper.conf configuration file.
|
/etc/sysctl.d/nf_conntrack_helper.conf configuration file.
|
||||||
|
.
|
||||||
Kernel symbols in /proc/kallsyms are hidden to prevent malware from
|
Kernel symbols in /proc/kallsyms are hidden to prevent malware from
|
||||||
reading them and using them to learn more about what to attack on your system.
|
reading them and using them to learn more about what to attack on your system.
|
||||||
|
.
|
||||||
Kexec is disabled as it can be used for live patching of the running kernel.
|
Kexec is disabled as it can be used for live patching of the running kernel.
|
||||||
|
.
|
||||||
The BPF JIT compiler is restricted to the root user and is hardened.
|
The BPF JIT compiler is restricted to the root user and is hardened.
|
||||||
|
.
|
||||||
ASLR effectiveness for mmap is increased.
|
ASLR effectiveness for mmap is increased.
|
||||||
|
.
|
||||||
The ptrace system call is restricted to the root user only.
|
The ptrace system call is restricted to the root user only.
|
||||||
|
.
|
||||||
The TCP/IP stack is hardened.
|
The TCP/IP stack is hardened.
|
||||||
|
.
|
||||||
This package makes some data spoofing attacks harder.
|
This package makes some data spoofing attacks harder.
|
||||||
|
.
|
||||||
SACK is disabled as it is commonly exploited and is rarely used.
|
SACK is disabled as it is commonly exploited and is rarely used.
|
||||||
|
.
|
||||||
This package disables the merging of slabs of similar sizes to prevent an
|
This package disables the merging of slabs of similar sizes to prevent an
|
||||||
attacker from exploiting them.
|
attacker from exploiting them.
|
||||||
|
.
|
||||||
Sanity checks, redzoning, and memory poisoning are enabled.
|
Sanity checks, redzoning, and memory poisoning are enabled.
|
||||||
|
.
|
||||||
The kernel now panics on uncorrectable errors in ECC memory which could
|
The kernel now panics on uncorrectable errors in ECC memory which could
|
||||||
be exploited.
|
be exploited.
|
||||||
|
.
|
||||||
Kernel Page Table Isolation is enabled to mitigate Meltdown and increase
|
Kernel Page Table Isolation is enabled to mitigate Meltdown and increase
|
||||||
KASLR effectiveness.
|
KASLR effectiveness.
|
||||||
|
.
|
||||||
SMT is disabled as it can be used to exploit the MDS vulnerability.
|
SMT is disabled as it can be used to exploit the MDS vulnerability.
|
||||||
|
.
|
||||||
All mitigations for the MDS vulnerability are enabled.
|
All mitigations for the MDS vulnerability are enabled.
|
||||||
|
.
|
||||||
DCCP, SCTP, TIPC and RDS are blacklisted as they are rarely used and may have
|
DCCP, SCTP, TIPC and RDS are blacklisted as they are rarely used and may have
|
||||||
unknown vulnerabilities.
|
unknown vulnerabilities.
|
||||||
|
Loading…
Reference in New Issue
Block a user