Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-09 06:08:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

description

Browse Source
This commit is contained in:
Patrick Schleizer 2020-01-24 04:49:19 -05:00
parent 25317f23e3
commit f4c54881ac
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
debian/control vendored
View File

@ -37,7 +37,7 @@ Description: enhances misc security settings
very useful for kernel exploits. very useful for kernel exploits.
. .
* Kexec is disabled as it can be used to load a malicious kernel. * Kexec is disabled as it can be used to load a malicious kernel.
/etc/sysctl.d/security-misc.conf /etc/sysctl.d/30_security-misc.conf
. .
* ASLR effectiveness for mmap is increased. * ASLR effectiveness for mmap is increased.
. .
@ -51,7 +51,7 @@ Description: enhances misc security settings
* Some data spoofing attacks are made harder. * Some data spoofing attacks are made harder.
. .
* SACK can be disabled as it is commonly exploited and is rarely used by * SACK can be disabled as it is commonly exploited and is rarely used by
uncommenting settings in file /etc/sysctl.d/security-misc.conf. uncommenting settings in file /etc/sysctl.d/30_security-misc.conf.
. .
* Slab merging is disabled as sometimes a slab can be used in a vulnerable * Slab merging is disabled as sometimes a slab can be used in a vulnerable
way which an attacker can exploit. way which an attacker can exploit.
@ -80,7 +80,7 @@ Description: enhances misc security settings
* Coredumps are disabled as they may contain important information such as * Coredumps are disabled as they may contain important information such as
encryption keys or passwords. encryption keys or passwords.
/etc/security/limits.d/30_security-misc.conf /etc/security/limits.d/30_security-misc.conf
/etc/sysctl.d/security-misc.conf /etc/sysctl.d/30_security-misc.conf
/lib/systemd/coredump.conf.d/30_security-misc.conf /lib/systemd/coredump.conf.d/30_security-misc.conf
. .
* The thunderbolt and firewire kernel modules are blacklisted as they can be * The thunderbolt and firewire kernel modules are blacklisted as they can be
@ -286,7 +286,7 @@ Description: enhances misc security settings
public IP used by a user. public IP used by a user.
. .
Hence, this package disables this feature by shipping the Hence, this package disables this feature by shipping the
/etc/sysctl.d/security-misc.conf configuration file. /etc/sysctl.d/30_security-misc.conf configuration file.
. .
Note that TCP time stamps normally have some usefulness. They are Note that TCP time stamps normally have some usefulness. They are
needed for: needed for: