Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #55 from madaidan/sysctl.conf

Browse Source 
Process sysctl.conf in initramfs
This commit is contained in:
Patrick Schleizer 2020-01-15 20:52:33 +00:00 committed by GitHub
commit f6cc76acd7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
debian/control vendored
View File

@ -117,8 +117,9 @@ Description: enhances misc security settings
* The vivid kernel module is blacklisted as it's only required for testing * The vivid kernel module is blacklisted as it's only required for testing
and has been the cause of multiple vulnerabilities. and has been the cause of multiple vulnerabilities.
. .
* An initramfs hook sets the sysctl values in /etc/sysctl.d before init * An initramfs hook sets the sysctl values in /etc/sysctl.conf and
is executed so sysctl hardening is enabled as early as possible. /etc/sysctl.d before init is executed so sysctl hardening is enabled
as early as possible.
. .
* The kernel panics on oopses to prevent it from continuing to run a flawed * The kernel panics on oopses to prevent it from continuing to run a flawed
process and to deter brute forcing. process and to deter brute forcing.

1
etc/initramfs-tools/scripts/init-bottom/sysctl-initramfs
View File

@ -15,4 +15,5 @@ prereqs)
;; ;;
esac esac
sysctl -p ${rootmnt}/etc/sysctl.conf
sysctl -p ${rootmnt}/etc/sysctl.d/*.conf sysctl -p ${rootmnt}/etc/sysctl.d/*.conf