diff --git a/README.md b/README.md index e8e3083..5d81c69 100644 --- a/README.md +++ b/README.md @@ -145,9 +145,9 @@ configuration file. - Force kernel panics on "oopses" to potentially indicate and thwart certain kernel exploitation attempts. -- Provide the option to modify machine check exception handler. +- Provide the option to modify the machine check exception handler. -- Disallow sensitive kernel information leaks in the console during boot. +- Prevent sensitive kernel information leaks in the console during boot. - Enable the kernel Electric-Fence sampling-based memory safety error detector which can identify heap out-of-bounds access, use-after-free, and invalid-free errors. diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf index b72fa90..a245693 100644 --- a/usr/lib/sysctl.d/990-security-misc.conf +++ b/usr/lib/sysctl.d/990-security-misc.conf @@ -349,7 +349,7 @@ net.ipv6.conf.default.accept_ra=0 #net.ipv4.tcp_dsack=0 ## Disable TCP timestamps to limit device fingerprinting via system time. -## Timestamps allows round-trip time measurement and protection against wrapped sequence numbers. +## Timestamps allow round-trip time measurement and protection against wrapped sequence numbers. ## Disabling timestamps on very fast links is likely to cause TCP Sequence Numbers to wrap. ## Segments with wrapped numbers will be incorrectly discarded, reducing network performance. ##