Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
1,255 Commits 2 Branches 291 Tags 8.2 MiB
3599e8e2da
Commit Graph

16 Commits

Author SHA1 Message Date
Patrick Schleizer
a67007f4b7
copyright 2021-03-17 09:45:21 -04:00
flawedworld
8f7727e823
Add some IPv6 options 2020-09-18 23:36:30 +01:00
flawedworld
944fed3c45
Disallow kernel profiling by users without CAP_SYS_ADMIN 
It's the default on a lot of stuff, but still nice to have.
 2020-09-18 23:29:04 +01:00
Patrick Schleizer
3cd7b144bb
move "kernel.printk = 3 3 3 3" to separate file /etc/sysctl.d/30_silent-kernel-printk.conf 
so package debug-misc can easily disable it

https://phabricator.whonix.org/T950
 2020-05-14 13:47:58 -04:00
Patrick Schleizer
8d2e4b68dc
Prevent kernel info leaks in console during boot. 
By setting `kernel.printk = 3 3 3 3`.

https://phabricator.whonix.org/T950

Thanks to @madaidan for the suggestion!
 2020-04-16 08:00:31 -04:00
Patrick Schleizer
565ff136e5
vm.swappiness=1 
import from swappiness-lowest

https://forums.whonix.org/t/vm-swappiness-1-set-swapiness-to-lowest-setting-still-useful-swappiness-lowest/9278
 2020-04-08 21:04:02 +00:00
Patrick Schleizer
2ceea8d1fe
update copyright year 2020-04-01 08:49:59 -04:00
madaidan
4d0de87f79
Disable unprivileged userfaultfd use again 2020-03-08 17:49:49 +00:00
Patrick Schleizer
284a491100
disable vm.unprivileged_userfaultfd=0 for now 
because broken

https://forums.whonix.org/t/kernel-hardening/7296/406

reverts "Restrict the userfaultfd() syscall to root as it can make heap sprays easier."

https://duasynt.com/blog/linux-kernel-heap-spray
 2020-03-08 08:07:10 -04:00
madaidan
6b64b36b01
Restrict the userfaultfd() syscall to root 2020-02-24 18:23:15 +00:00
madaidan
a79ce7fa68
Document ldisc_autoload better 2020-02-15 17:30:21 +00:00
Patrick Schleizer
1e5946c795
Merge branch 'master' into sysrq 2020-02-15 10:41:52 +00:00
madaidan
d251c43344
Restrict the SysRq key 2020-02-14 18:17:20 +00:00
madaidan
0ea7dd161b
Restrict loading line disciplines to CAP_SYS_MODULE 2020-02-14 17:50:19 +00:00
madaidan
5cb21d0d4d
Prevent symlink/hardlink TOCTOU races 2020-02-12 18:03:23 +00:00
Patrick Schleizer
6a4c493213
merge the many sysctl config files into 1 
and use a name starting with double digits

to make it easier to disable settings using a lexically higher config file
 2020-01-24 04:26:36 -05:00