mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-25 18:19:25 -05:00
Update README.md
This commit is contained in:
parent
5867b1b014
commit
dddac1dc40
@ -58,6 +58,9 @@ configuration file.
|
||||
- Set coredump file name based on core_pattern value instead of the default of
|
||||
naming it 'core'.
|
||||
|
||||
- Will disable `io_uring` interface for performing asynchronous I/O as it has
|
||||
historically been a significant attack surface.
|
||||
|
||||
### mmap ASLR
|
||||
|
||||
- The bits of entropy used for mmap ASLR are maxed out via
|
||||
@ -89,7 +92,7 @@ Boot parameters are outlined in configuration files located in the
|
||||
|
||||
- Enables randomisation of the kernel stack offset on syscall entries.
|
||||
|
||||
- All mitigations for known CPU vulnerabilities are enabled and SMT is
|
||||
- Mitigations for known CPU vulnerabilities are enabled and SMT is
|
||||
disabled.
|
||||
|
||||
- IOMMU is enabled to prevent DMA attacks along with strict enforcement of
|
||||
@ -169,6 +172,9 @@ surface via the `/etc/modprobe.d/30_security-misc.conf` configuration file.
|
||||
Engine (ME)](https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html)
|
||||
and the OS.
|
||||
|
||||
- Disables several kernel modules responsible for GPS such as GNSS (Global
|
||||
Navigation Satellite System).
|
||||
|
||||
- Incorporates much of
|
||||
[Ubuntu's](https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d?h=ubuntu/disco)
|
||||
default blacklist of modules to be blocked from automatically loading.
|
||||
|
Loading…
Reference in New Issue
Block a user