Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17 from madaidan/patch-13

Browse Source 
Disable coredumps
This commit is contained in:
Patrick Schleizer 2019-06-30 08:10:28 +00:00 committed by GitHub
commit ec78a3e42e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/control vendored
View File

@ -110,5 +110,7 @@ Description: enhances misc security settings
. .
IOMMU is enabled with a boot parameter to prevent DMA attacks. IOMMU is enabled with a boot parameter to prevent DMA attacks.
. .
Coredumps are disabled as they may contain important information such as encryption keys or passwords.
.
A systemd service mounts /proc with hidepid=2 at boot to prevent users from seeing each other's processes. A systemd service mounts /proc with hidepid=2 at boot to prevent users from seeing each other's processes.
. .

2
etc/security/limits.d/disable-coredumps.conf Normal file
View File

@ -0,0 +1,2 @@
# Disable coredumps.
* hard core 0

3
etc/sysctl.d/coredumps.conf Normal file
View File

@ -0,0 +1,3 @@
# Disables coredumps. This setting may be overwritten by systemd so this may not be useful.
# security-misc also disables coredumps in other ways.
kernel.core_pattern=|/bin/false

2
etc/sysctl.d/suid_dumpable.conf Normal file
View File

@ -0,0 +1,2 @@
# Prevent setuid processes from creating coredumps.
fs.suid_dumpable=0

2
lib/systemd/system/coredump.conf.d/disable-coredumps.conf Normal file
View File

@ -0,0 +1,2 @@
[Coredump]
Storage=none