Merge remote-tracking branch 'origin/master'

This commit is contained in:
Patrick Schleizer 2020-02-15 05:43:43 -05:00
commit 757df8fceb
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
2 changed files with 10 additions and 0 deletions

3
debian/control vendored
View File

@ -119,6 +119,9 @@ Description: enhances misc security settings
. .
* The kernel panics on oopses to prevent it from continuing to run a flawed * The kernel panics on oopses to prevent it from continuing to run a flawed
process and to deter brute forcing. process and to deter brute forcing.
.
* Restricts the SysRq key so it can only be used for shutdowns and the
Secure Attention Key.
. .
* Restricts loading line disciplines to CAP_SYS_MODULE. * Restricts loading line disciplines to CAP_SYS_MODULE.
. .

View File

@ -119,6 +119,13 @@ net.ipv4.tcp_timestamps=0
#### meta end #### meta end
## Only allow the SysRq key to be used for shutdowns and the
## Secure Attention Key (SAK).
##
## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079/
kernel.sysrq=132
## Restrict loading line disciplines to CAP_SYS_MODULE to prevent ## Restrict loading line disciplines to CAP_SYS_MODULE to prevent
## unprivileged attackers from loading vulnerable line disciplines ## unprivileged attackers from loading vulnerable line disciplines
## with the TIOCSETD ioctl to exploit them. ## with the TIOCSETD ioctl to exploit them.