From 73e830d0ac1ece338b0e80ca1a020d84a15d1774 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 15 Jan 2020 10:08:57 -0500 Subject: [PATCH] readme --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 2344ce7..1bcb84c 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,9 @@ a target for ROP. * The vivid kernel module is blacklisted as it's only required for testing and has been the cause of multiple vulnerabilities. +* An initramfs hook sets the sysctl values in /etc/sysctl.d before init +is executed so our hardening is enabled as early as possible. + * The kernel panics on oopses to prevent it from continuing to run a flawed process and to deter brute forcing.