mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-14 18:00:54 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'github-kicksecure/master'

Browse Source
This commit is contained in:
Patrick Schleizer
2023-11-01 10:31:04 -04:00
parent 7d576842fb b7cddd6e55
commit bb1161986b
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -14,6 +14,14 @@ kernel.core_pattern=|/bin/false
## Restricts the kernel log to root only. ## Restricts the kernel log to root only.
kernel.dmesg_restrict=1 kernel.dmesg_restrict=1
## Does not set coredump name to 'core' which is default. Defense in depth.
kernel.core_uses_pid=1
## A martian packet is a one with a source address which is blatantly wrong
## Recommended to keep a log of these to identify these suspicious packets
net.ipv4.conf.all.log_martians=1
net.ipv4.conf.default.log_martians=1
## Don't allow writes to files that we don't own ## Don't allow writes to files that we don't own
## in world writable sticky directories, unless ## in world writable sticky directories, unless
## they are owned by the owner of the directory. ## they are owned by the owner of the directory.