mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-21 05:10:41 +07:00
Code Issues Packages Projects Releases Wiki Activity

Add missing GRUB command lines for disabled boot parameters

Browse Source
This commit is contained in:
Raja Grewal
2024-08-03 00:09:42 +10:00
parent de6f3ea74a
commit e53d24fc48
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
etc/default/grub.d/40_kernel_hardening.cfg
View File

@ -135,7 +135,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off"
## TODO: Debian 13 Trixie ## TODO: Debian 13 Trixie
## Applicable when using Linux kernel >= 6.2 (retained here for future-proofing and completeness). ## Applicable when using Linux kernel >= 6.2 (retained here for future-proofing and completeness).
## ##
#cfi=kcfi #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX cfi=kcfi"
## Disable support for x86 processes and syscalls. ## Disable support for x86 processes and syscalls.
## Unconditionally disables IA32 emulation to substantially reduce attack surface. ## Unconditionally disables IA32 emulation to substantially reduce attack surface.
@ -144,7 +144,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off"
## ##
## Applicable when using Linux kernel >= 6.7 (retained here for future-proofing and completeness). ## Applicable when using Linux kernel >= 6.7 (retained here for future-proofing and completeness).
## ##
#ia32_emulation=0 #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX ia32_emulation=0"
## 2. Direct Memory Access: ## 2. Direct Memory Access:
## ##
@ -222,4 +222,4 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX extra_latent_entropy"
## ##
## Enabling makes redundant many network hardening sysctl's in /usr/lib/sysctl.d/990-security-misc.conf. ## Enabling makes redundant many network hardening sysctl's in /usr/lib/sysctl.d/990-security-misc.conf.
## ##
#ipv6.disable=1 #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX ipv6.disable=1"