mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-23 01:03:35 +07:00
new lines 990-security-misc.conf
added new recommended hardening settings with comments
This commit is contained in:
parent
7d576842fb
commit
c975c3c0ff
@ -14,6 +14,14 @@ kernel.core_pattern=|/bin/false
|
||||
## Restricts the kernel log to root only.
|
||||
kernel.dmesg_restrict=1
|
||||
|
||||
## Does not set coredump name to 'core' which is default. Defense in depth.
|
||||
kernel.core_uses_pid=1
|
||||
|
||||
## A martian packet is a one with a source address which is blatantly wrong
|
||||
## Recommended to keep a log of these to identify these suspicious packets
|
||||
net.ipv4.conf.all.log_martians=1
|
||||
net.ipv4.conf.default.log_martians=1
|
||||
|
||||
## Don't allow writes to files that we don't own
|
||||
## in world writable sticky directories, unless
|
||||
## they are owned by the owner of the directory.
|
||||
|
Loading…
Reference in New Issue
Block a user