This commit is contained in:
Patrick Schleizer
2019-08-14 07:01:47 +00:00
parent a82448d46a
commit 41f4441d9d

View File

@ -52,6 +52,11 @@ for DMA (Direct Memory Access) attacks.
* The kernel now panics on oopses to prevent it from continuing running a
flawed process.
Requires every module to be signed before being loaded. Any module that is
unsigned or signed with an invalid key cannot be loaded. This makes it harder
to load a malicious module.
/etc/default/grub.d/40_only_allow_signed_modules.cfg
Uncommon network protocols are blacklisted:
These are rarely used and may have unknown vulnerabilities.
/etc/modprobe.d/uncommon-network-protocols.conf