mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-23 01:13:40 +07:00
Provide the option to immediately reboot on a kernel panics
This commit is contained in:
parent
3926b91dcf
commit
ed3336694c
@ -42,7 +42,8 @@ space, user space, core dumps, and swap space.
|
||||
- Restrict kernel profiling and the performance events system to `CAP_PERFMON`.
|
||||
|
||||
- Force the kernel to panic on "oopses" that can potentially indicate and thwart
|
||||
certain kernel exploitation attempts.
|
||||
certain kernel exploitation attempts. Provide the option to reboot immediately
|
||||
on a kernel panic.
|
||||
|
||||
- Randomize the addresses (ASLR) for mmap base, stack, VDSO pages, and heap.
|
||||
|
||||
|
@ -119,6 +119,7 @@ kernel.perf_event_paranoid=3
|
||||
## See /usr/libexec/security-misc/panic-on-oops for implementation.
|
||||
##
|
||||
#kernel.panic_on_oops=1
|
||||
#kernel.panic=-1
|
||||
|
||||
## Enable ASLR for mmap base, stack, VDSO pages, and heap.
|
||||
## Heap randomization can lead to breakages with legacy applications.
|
||||
|
@ -16,3 +16,4 @@ fi
|
||||
## from continuing to run a flawed processes. Many kernel exploits
|
||||
## will also cause an oops which this will make the kernel kill.
|
||||
sysctl kernel.panic_on_oops=1
|
||||
#sysctl kernel.panic=-1
|
||||
|
Loading…
Reference in New Issue
Block a user