Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Disallow kernel profiling by users without CAP_SYS_ADMIN

Browse Source 
It's the default on a lot of stuff, but still nice to have.
This commit is contained in:
flawedworld 2020-09-18 23:29:04 +01:00 committed by GitHub
parent 98c0decaa4
commit 944fed3c45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
etc/sysctl.d/30_security-misc.conf
View File

@ -145,3 +145,7 @@ vm.unprivileged_userfaultfd=0
## - https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Performance_Tuning_Guide/s-memory-tunables.html
## - https://en.wikipedia.org/wiki/Swappiness
vm.swappiness=1
## Disallow kernel profiling by users without CAP_SYS_ADMIN
## https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
kernel.perf_event_paranoid=3