undo SysRq restrictions

https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079
This commit is contained in:
Patrick Schleizer 2019-09-10 12:35:42 -04:00
parent fbd1a5bde9
commit f13a73e569
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
4 changed files with 3 additions and 8 deletions

View File

@ -37,9 +37,6 @@ KASLR effectiveness.
* All mitigations for the MDS vulnerability are enabled. * All mitigations for the MDS vulnerability are enabled.
* The SysRq key is restricted to only allow shutdowns/reboots.
/etc/sysctl.d/sysrq.conf
* A systemd service clears System.map on boot as these contain kernel symbols * A systemd service clears System.map on boot as these contain kernel symbols
that could be useful to an attacker. that could be useful to an attacker.
/etc/kernel/postinst.d/30_remove-system-map /etc/kernel/postinst.d/30_remove-system-map

3
debian/control vendored
View File

@ -53,9 +53,6 @@ Description: enhances misc security settings
* SMT is disabled as it can be used to exploit the MDS vulnerability. * SMT is disabled as it can be used to exploit the MDS vulnerability.
. .
* All mitigations for the MDS vulnerability are enabled. * All mitigations for the MDS vulnerability are enabled.
.
* The SysRq key is restricted to only allow shutdowns/reboots.
/etc/sysctl.d/sysrq.conf
. .
* A systemd service clears System.map on boot as these contain kernel symbols * A systemd service clears System.map on boot as these contain kernel symbols
that could be useful to an attacker. that could be useful to an attacker.

View File

@ -5,3 +5,6 @@ rm_conffile /etc/sudoers.d/umask-security-misc
## https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23 ## https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
rm_conffile /etc/default/grub.d/40_only_allow_signed_modules.cfg rm_conffile /etc/default/grub.d/40_only_allow_signed_modules.cfg
## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079
rm_conffile /etc/sysctl.d/sysrq.conf

View File

@ -1,2 +0,0 @@
# Allow only rebooting/shutting down with the SysRq key.
kernel.sysrq=128