Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-23 13:29:47 -05:00
Code Issues Packages Projects Releases Wiki Activity

Typos

Browse Source
This commit is contained in:
Raja Grewal 2024-07-18 12:19:27 +10:00
parent d454f36c63
commit faa9181a6c
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -133,9 +133,9 @@ configuration file.
- Force kernel panics on "oopses" to potentially indicate and thwart certain - Force kernel panics on "oopses" to potentially indicate and thwart certain
kernel exploitation attempts. kernel exploitation attempts.
- Provide option to modify machine check exception handler. - Provide the option to modify machine check exception handler.
- Provide option to disable support for all x86 processes and syscalls to reduce - Provide the option to disable support for all x86 processes and syscalls to reduce
attack surface (when using Linux kernel version >= 6.7). attack surface (when using Linux kernel version >= 6.7).
- Enable strict IOMMU translation to protect against DMA attacks and disable - Enable strict IOMMU translation to protect against DMA attacks and disable
@ -147,7 +147,7 @@ configuration file.
- Obtain more entropy at boot from RAM as the runtime memory allocator is - Obtain more entropy at boot from RAM as the runtime memory allocator is
being initialized. being initialized.
- Provide option to disable the entire IPv6 stack to reduce attack surface. - Provide the option to disable the entire IPv6 stack to reduce attack surface.
Disallow sensitive kernel information leaks in the console during boot. See Disallow sensitive kernel information leaks in the console during boot. See
the `/etc/default/grub.d/41_quiet_boot.cfg` configuration file. the `/etc/default/grub.d/41_quiet_boot.cfg` configuration file.

2
debian/security-misc.maintscript vendored
View File

@ -47,7 +47,7 @@ rm_conffile /etc/sysctl.d/30_security-misc.conf
rm_conffile /etc/sysctl.d/30_silent-kernel-printk.conf rm_conffile /etc/sysctl.d/30_silent-kernel-printk.conf
rm_conffile /etc/sysctl.d/30_security-misc_kexec-disable.conf rm_conffile /etc/sysctl.d/30_security-misc_kexec-disable.conf
## moved to etc/permission-hardener.d ## moved to /etc/permission-hardener.d
rm_conffile /etc/permission-hardening.d/25_default_passwd.conf rm_conffile /etc/permission-hardening.d/25_default_passwd.conf
rm_conffile /etc/permission-hardening.d/25_default_sudo.conf rm_conffile /etc/permission-hardening.d/25_default_sudo.conf
rm_conffile /etc/permission-hardening.d/25_default_whitelist_bubblewrap.conf rm_conffile /etc/permission-hardening.d/25_default_whitelist_bubblewrap.conf

2
etc/default/grub.d/40_kernel_hardening.cfg
View File

@ -195,6 +195,6 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX extra_latent_entropy"
## https://www.kernel.org/doc/html/latest/networking/ipv6.html ## https://www.kernel.org/doc/html/latest/networking/ipv6.html
## https://wiki.archlinux.org/title/IPv6#Disable_IPv6 ## https://wiki.archlinux.org/title/IPv6#Disable_IPv6
## ##
## Enabling makes redundant many network hardening sysctl's in usr/lib/sysctl.d/990-security-misc.conf. ## Enabling makes redundant many network hardening sysctl's in /usr/lib/sysctl.d/990-security-misc.conf.
## ##
#ipv6.disable=1 #ipv6.disable=1