mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-24 18:15:32 +07:00
Code Issues Packages Projects Releases Wiki Activity

shuffle

Browse Source
This commit is contained in:
Patrick Schleizer 2019-07-15 08:48:17 -04:00
parent 2f276cdb10
commit 168ea5a660
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
debian/control vendored
View File

@ -37,12 +37,8 @@ Description: enhances misc security settings
.
Kexec is disabled as it can be used for live patching of the running kernel.
.
The BPF JIT compiler is restricted to the root user and is hardened.
.
ASLR effectiveness for mmap is increased.
.
The ptrace system call is restricted to the root user only.
.
The TCP/IP stack is hardened.
.
This package makes some data spoofing attacks harder.
@ -91,11 +87,15 @@ Description: enhances misc security settings
.
The kernel logs are restricted to root only.
.
A systemd service clears System.map on boot as these contain kernel symbols
that could be useful to an attacker.
The BPF JIT compiler is restricted to the root user and is hardened.
.
The ptrace system call is restricted to the root user only.
.
The SysRq key is restricted to only allow shutdowns/reboots.
.
A systemd service clears System.map on boot as these contain kernel symbols
that could be useful to an attacker.
.
The thunderbolt and firewire modules are blacklisted as they can be used for
DMA (Direct Memory Access) attacks.
.