mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-01-05 13:08:04 +07:00
32 lines
1.1 KiB
INI
32 lines
1.1 KiB
INI
## Copyright (C) 2023 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
|
## See the file COPYING for copying conditions.
|
|
|
|
## Definitions:
|
|
## KSPP=yes: compliant with recommendations by the KSPP
|
|
## KSPP=partial: partially compliant with recommendations by the KSPP
|
|
## KSPP=no: not (currently) compliant with recommendations by the KSPP
|
|
## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
|
|
|
|
## Remount Secure provides enhanced security via mount options:
|
|
## https://www.kicksecure.com/wiki/Security-misc#Remount_Secure
|
|
|
|
## Option A (No Security):
|
|
## Disable Remount Secure.
|
|
##
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=0"
|
|
|
|
## Option B (Low Security):
|
|
## Re-mount with nodev and nosuid only.
|
|
##
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=1"
|
|
|
|
## Option C (Medium Security):
|
|
## Re-mount with nodev, nosuid, and noexec for most mount points, excluding /home.
|
|
##
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=2"
|
|
|
|
## Option D (Highest Security):
|
|
## Re-mount with nodev, nosuid, and noexec for all mount points including /home.
|
|
##
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=3"
|