Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-26 06:29:25 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Raja Grewal 2024-05-11 13:15:42 +10:00
parent 5867b1b014
commit dddac1dc40
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -58,6 +58,9 @@ configuration file.
- Set coredump file name based on core_pattern value instead of the default of - Set coredump file name based on core_pattern value instead of the default of
naming it 'core'. naming it 'core'.
- Will disable `io_uring` interface for performing asynchronous I/O as it has
historically been a significant attack surface.
### mmap ASLR ### mmap ASLR
- The bits of entropy used for mmap ASLR are maxed out via - The bits of entropy used for mmap ASLR are maxed out via
@ -89,7 +92,7 @@ Boot parameters are outlined in configuration files located in the
- Enables randomisation of the kernel stack offset on syscall entries. - Enables randomisation of the kernel stack offset on syscall entries.
- All mitigations for known CPU vulnerabilities are enabled and SMT is - Mitigations for known CPU vulnerabilities are enabled and SMT is
disabled. disabled.
- IOMMU is enabled to prevent DMA attacks along with strict enforcement of - IOMMU is enabled to prevent DMA attacks along with strict enforcement of
@ -169,6 +172,9 @@ surface via the `/etc/modprobe.d/30_security-misc.conf` configuration file.
Engine (ME)](https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html) Engine (ME)](https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html)
and the OS. and the OS.
- Disables several kernel modules responsible for GPS such as GNSS (Global
Navigation Satellite System).
- Incorporates much of - Incorporates much of
[Ubuntu's](https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d?h=ubuntu/disco) [Ubuntu's](https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d?h=ubuntu/disco)
default blacklist of modules to be blocked from automatically loading. default blacklist of modules to be blocked from automatically loading.