mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-23 01:33:35 +07:00
disable kexec (revert enabling kexec)
remove kexec-utils for ram-wipe since moved to its own package
This commit is contained in:
parent
87c4e77c01
commit
ad5d0d4b12
2
debian/control
vendored
2
debian/control
vendored
@ -16,7 +16,7 @@ Package: security-misc
|
||||
Architecture: all
|
||||
Depends: python3, libglib2.0-bin, libpam-runtime, sudo, adduser, libcap2-bin,
|
||||
apparmor-profile-dist, helper-scripts, libpam-modules-bin,
|
||||
secure-delete, dmsetup, kexec-tools, ${misc:Depends}
|
||||
secure-delete, dmsetup, ${misc:Depends}
|
||||
Replaces: tcp-timestamps-disable, anon-gpg-tweaks, swappiness-lowest
|
||||
Description: Enhances Miscellaneous Security Settings
|
||||
https://github.com/Whonix/security-misc/blob/master/README.md
|
||||
|
@ -37,8 +37,7 @@ net.core.bpf_jit_harden=2
|
||||
## A toggle indicating if the kexec_load syscall has been disabled. This value defaults to 0 (false: kexec_load enabled), but can be set to 1 (true: kexec_load disabled). Once true, kexec can no longer be used, and the toggle cannot be set back to false. This allows a kexec image to be loaded before disabling the syscall, allowing a system to set up (and later use) an image without it being altered. Generally used together with the "modules_disabled" sysctl.
|
||||
|
||||
## Disables kexec which can be used to replace the running kernel.
|
||||
## kexec is required for cold boot attack defense
|
||||
## kernel.kexec_load_disabled=1
|
||||
kernel.kexec_load_disabled=1
|
||||
|
||||
## Hides kernel addresses in various files in /proc.
|
||||
## Kernel addresses can be very useful in certain exploits.
|
||||
|
Loading…
Reference in New Issue
Block a user