Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

new lines 990-security-misc.conf

Browse Source 
added new recommended hardening settings with comments
This commit is contained in:
monsieuremre 2023-10-27 11:07:53 +00:00 committed by GitHub
parent 7d576842fb
commit c975c3c0ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -14,6 +14,14 @@ kernel.core_pattern=|/bin/false
## Restricts the kernel log to root only.
kernel.dmesg_restrict=1
## Does not set coredump name to 'core' which is default. Defense in depth.
kernel.core_uses_pid=1
## A martian packet is a one with a source address which is blatantly wrong
## Recommended to keep a log of these to identify these suspicious packets
net.ipv4.conf.all.log_martians=1
net.ipv4.conf.default.log_martians=1
## Don't allow writes to files that we don't own
## in world writable sticky directories, unless
## they are owned by the owner of the directory.