From bac6cd601baaca7453c55719e9dfa84d5109135d Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Fri, 24 Jan 2020 04:33:54 -0500 Subject: [PATCH] readme --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2ee14bc..fd22b23 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ the kernel. (!) Hence, this package disables this feature by shipping the very useful for kernel exploits. * Kexec is disabled as it can be used to load a malicious kernel. -/etc/sysctl.d/kexec.conf +/etc/sysctl.d/security-misc.conf * ASLR effectiveness for mmap is increased. @@ -33,7 +33,7 @@ mitigate vulnerabilities such as CVE-2019-14899. * Some data spoofing attacks are made harder. * SACK can be disabled as it is commonly exploited and is rarely used by -uncommenting settings in file /etc/sysctl.d/tcp_sack.conf. +uncommenting settings in file /etc/sysctl.d/security-misc.conf. * Slab merging is disabled as sometimes a slab can be used in a vulnerable way which an attacker can exploit. @@ -62,7 +62,7 @@ that could be useful to an attacker. * Coredumps are disabled as they may contain important information such as encryption keys or passwords. /etc/security/limits.d/disable-coredumps.conf -/etc/sysctl.d/coredumps.conf +/etc/sysctl.d/security-misc.conf /lib/systemd/coredump.conf.d/disable-coredumps.conf * The thunderbolt and firewire kernel modules are blacklisted as they can be @@ -268,7 +268,7 @@ also allow one to look for clocks that match an expected value to find the public IP used by a user. Hence, this package disables this feature by shipping the -/etc/sysctl.d/tcp_timestamps.conf configuration file. +/etc/sysctl.d/security-misc.conf configuration file. Note that TCP time stamps normally have some usefulness. They are needed for: