From 8d2e4b68dcae87b27f519196488e0ed7e8b95ef2 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu, 16 Apr 2020 08:00:31 -0400
Subject: [PATCH] Prevent kernel info leaks in console during boot.

By setting `kernel.printk = 3 3 3 3`.

https://phabricator.whonix.org/T950

Thanks to @madaidan for the suggestion!
---
 etc/sysctl.d/30_security-misc.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/etc/sysctl.d/30_security-misc.conf b/etc/sysctl.d/30_security-misc.conf
index 1ebd116..d66566f 100644
--- a/etc/sysctl.d/30_security-misc.conf
+++ b/etc/sysctl.d/30_security-misc.conf
@@ -8,6 +8,10 @@ kernel.core_pattern=|/bin/false
 ## Restricts the kernel log to root only.
 kernel.dmesg_restrict=1
 
+## Prevent kernel info leaks in console during boot.
+## https://phabricator.whonix.org/T950
+kernel.printk = 3 3 3 3
+
 ## Don't allow writes to files that we don't own
 ## in world writable sticky directories, unless
 ## they are owned by the owner of the directory.