Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-24 08:11:01 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #60 from madaidan/sysrq

Browse Source 
Restrict the SysRq key
This commit is contained in:
Patrick Schleizer 2020-02-15 10:42:20 +00:00 committed by GitHub
commit a9a1581720
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
debian/control vendored
View File

@ -119,6 +119,9 @@ Description: enhances misc security settings
.
* The kernel panics on oopses to prevent it from continuing to run a flawed
process and to deter brute forcing.
.
* Restricts the SysRq key so it can only be used for shutdowns and the
Secure Attention Key.
.
* Restricts loading line disciplines to CAP_SYS_MODULE.
.

7
etc/sysctl.d/30_security-misc.conf
View File

@ -119,6 +119,13 @@ net.ipv4.tcp_timestamps=0
#### meta end
## Only allow the SysRq key to be used for shutdowns and the
## Secure Attention Key (SAK).
##
## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079/
kernel.sysrq=132
## Restrict loading line disciplines to CAP_SYS_MODULE to prevent
## unprivileged attackers from loading vulnerable line disciplines
## with the TIOCSETD ioctl to exploit them.