mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-24 14:39:28 -05:00
undo SysRq restrictions
https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079
This commit is contained in:
parent
fbd1a5bde9
commit
f13a73e569
@ -37,9 +37,6 @@ KASLR effectiveness.
|
||||
|
||||
* All mitigations for the MDS vulnerability are enabled.
|
||||
|
||||
* The SysRq key is restricted to only allow shutdowns/reboots.
|
||||
/etc/sysctl.d/sysrq.conf
|
||||
|
||||
* A systemd service clears System.map on boot as these contain kernel symbols
|
||||
that could be useful to an attacker.
|
||||
/etc/kernel/postinst.d/30_remove-system-map
|
||||
|
3
debian/control
vendored
3
debian/control
vendored
@ -53,9 +53,6 @@ Description: enhances misc security settings
|
||||
* SMT is disabled as it can be used to exploit the MDS vulnerability.
|
||||
.
|
||||
* All mitigations for the MDS vulnerability are enabled.
|
||||
.
|
||||
* The SysRq key is restricted to only allow shutdowns/reboots.
|
||||
/etc/sysctl.d/sysrq.conf
|
||||
.
|
||||
* A systemd service clears System.map on boot as these contain kernel symbols
|
||||
that could be useful to an attacker.
|
||||
|
3
debian/security-misc.maintscript
vendored
3
debian/security-misc.maintscript
vendored
@ -5,3 +5,6 @@ rm_conffile /etc/sudoers.d/umask-security-misc
|
||||
|
||||
## https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
|
||||
rm_conffile /etc/default/grub.d/40_only_allow_signed_modules.cfg
|
||||
|
||||
## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079
|
||||
rm_conffile /etc/sysctl.d/sysrq.conf
|
||||
|
@ -1,2 +0,0 @@
|
||||
# Allow only rebooting/shutting down with the SysRq key.
|
||||
kernel.sysrq=128
|
Loading…
Reference in New Issue
Block a user