Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update presentation of quiet loglevel=0

Browse Source
This commit is contained in:
Raja Grewal 2024-07-15 14:39:12 +10:00
parent 69c8e84927
commit f4d652fa7b
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
2 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
etc/default/grub.d/40_kernel_hardening.cfg
View File

@ -100,6 +100,18 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off"
##
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
## Prevent sensitive kernel information leaks in the console during boot.
## Must be used in combination with the kernel.printk sysctl.
## See /usr/lib/sysctl.d/30_silent-kernel-printk.conf for implementation.
##
## https://www.kernel.org/doc/html/next/core-api/printk-basics.html
## https://wiki.archlinux.org/title/silent_boot
##
## See /etc/default/grub.d/41_quiet_boot.cfg for implementation.
##
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX loglevel=0"
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX quiet"
## Disable support for x86 processes and syscalls.
## Unconditionally disables IA32 emulation to substantially reduce attack surface.
##

26
etc/default/grub.d/41_quiet_boot.cfg
View File

@ -1,21 +1,21 @@
## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## NOTE:
## For higher verbosity, delete file /usr/lib/sysctl.d/30_silent-kernel-printk.conf.
## Alternatively, install the debug-misc package which will undo theses settings.
## LANG=C str_replace is provided by package helper-scripts.
## The following command actually removed "quiet" from the kernel command line.
## If verbosity is desired, the user might want to keep this line.
## Remove "quiet" from GRUB_CMDLINE_LINUX_DEFAULT because "quiet" must be first.
GRUB_CMDLINE_LINUX_DEFAULT="$(echo "$GRUB_CMDLINE_LINUX_DEFAULT" | LANG=C str_replace "quiet" "")"
## Prevent sensitive kernel information leaks in the console during boot.
## Must be used in combination with the kernel.printk sysctl.
## See /usr/lib/sysctl.d/30_silent-kernel-printk.conf for implementation.
##
## https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-kernel
## https://www.kernel.org/doc/html/next/core-api/printk-basics.html
## https://wiki.archlinux.org/title/silent_boot
##
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT quiet"
## For easier debugging, these are not applied to the recovery boot option.
## Switch the pair of commands to universally apply parameters to all boot options.
##
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT loglevel=0"
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT quiet"
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX loglevel=0"
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX quiet"
## For Increased Log Verbosity:
## Comment-out the kernel.printk sysctl in /usr/lib/sysctl.d/30_silent-kernel-printk.conf.
## Alternatively, install the debug-misc package which will undo theses settingss.