mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-05-01 23:56:07 -04:00
commit
ec78a3e42e
5 changed files with 11 additions and 0 deletions
2
debian/control
vendored
2
debian/control
vendored
|
@ -110,5 +110,7 @@ Description: enhances misc security settings
|
|||
.
|
||||
IOMMU is enabled with a boot parameter to prevent DMA attacks.
|
||||
.
|
||||
Coredumps are disabled as they may contain important information such as encryption keys or passwords.
|
||||
.
|
||||
A systemd service mounts /proc with hidepid=2 at boot to prevent users from seeing each other's processes.
|
||||
.
|
||||
|
|
2
etc/security/limits.d/disable-coredumps.conf
Normal file
2
etc/security/limits.d/disable-coredumps.conf
Normal file
|
@ -0,0 +1,2 @@
|
|||
# Disable coredumps.
|
||||
* hard core 0
|
3
etc/sysctl.d/coredumps.conf
Normal file
3
etc/sysctl.d/coredumps.conf
Normal file
|
@ -0,0 +1,3 @@
|
|||
# Disables coredumps. This setting may be overwritten by systemd so this may not be useful.
|
||||
# security-misc also disables coredumps in other ways.
|
||||
kernel.core_pattern=|/bin/false
|
2
etc/sysctl.d/suid_dumpable.conf
Normal file
2
etc/sysctl.d/suid_dumpable.conf
Normal file
|
@ -0,0 +1,2 @@
|
|||
# Prevent setuid processes from creating coredumps.
|
||||
fs.suid_dumpable=0
|
|
@ -0,0 +1,2 @@
|
|||
[Coredump]
|
||||
Storage=none
|
Loading…
Add table
Add a link
Reference in a new issue