Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-03-21 03:46:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10 from madaidan/patch-6

Browse Source 
Enable more kernel hardening parameters
This commit is contained in:
Patrick Schleizer 2019-06-23 18:45:24 +00:00 committed by GitHub
commit aec6da28e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
etc/default/grub.d/40_kernel_hardening.cfg
View File

@ -9,3 +9,12 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_poison=1"
# Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
# Enables Kernel Page Table Isolation which mitigates Meltdown and improves KASLR.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on"
# Disables smt which can be used to exploit the MDS vulnerability.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nosmt"
# Enables all mitigations for the MDS vulnerability.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full"