mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-10-01 08:25:45 -04:00
Merge remote-tracking branch 'origin/master'
This commit is contained in:
commit
757df8fceb
3
debian/control
vendored
3
debian/control
vendored
@ -119,6 +119,9 @@ Description: enhances misc security settings
|
|||||||
.
|
.
|
||||||
* The kernel panics on oopses to prevent it from continuing to run a flawed
|
* The kernel panics on oopses to prevent it from continuing to run a flawed
|
||||||
process and to deter brute forcing.
|
process and to deter brute forcing.
|
||||||
|
.
|
||||||
|
* Restricts the SysRq key so it can only be used for shutdowns and the
|
||||||
|
Secure Attention Key.
|
||||||
.
|
.
|
||||||
* Restricts loading line disciplines to CAP_SYS_MODULE.
|
* Restricts loading line disciplines to CAP_SYS_MODULE.
|
||||||
.
|
.
|
||||||
|
@ -119,6 +119,13 @@ net.ipv4.tcp_timestamps=0
|
|||||||
|
|
||||||
#### meta end
|
#### meta end
|
||||||
|
|
||||||
|
|
||||||
|
## Only allow the SysRq key to be used for shutdowns and the
|
||||||
|
## Secure Attention Key (SAK).
|
||||||
|
##
|
||||||
|
## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079/
|
||||||
|
kernel.sysrq=132
|
||||||
|
|
||||||
## Restrict loading line disciplines to CAP_SYS_MODULE to prevent
|
## Restrict loading line disciplines to CAP_SYS_MODULE to prevent
|
||||||
## unprivileged attackers from loading vulnerable line disciplines
|
## unprivileged attackers from loading vulnerable line disciplines
|
||||||
## with the TIOCSETD ioctl to exploit them.
|
## with the TIOCSETD ioctl to exploit them.
|
||||||
|
Loading…
Reference in New Issue
Block a user