diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2016-08-18 15:52:15 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2016-08-18 15:52:15 +0300 |
commit | af00c1e8d1037a2b554a451845c113ecb52a8279 (patch) | |
tree | 8c37a481b740ee642870ce6fdef88513e36cd225 /default.prf | |
parent | d95ab3d253417b8030ee4d9620bd7ed06c4f28e1 (diff) |
Added more sysctl keys
Diffstat (limited to 'default.prf')
-rw-r--r-- | default.prf | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/default.prf b/default.prf index a9d9f519..fca799b9 100644 --- a/default.prf +++ b/default.prf @@ -168,12 +168,15 @@ config-data=sysctl;security.bsd.see_other_uids;0;1;Disable display of processes # Kernel config-data=sysctl;kern.sugid_coredump;0;1;XXX;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; +config-data=sysctl;kernel.suid_dumpable;0;1;Restrict core dumps;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.core_setuid_ok;0;1;XXX;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.core_uses_pid;1;1;XXX;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.ctrl-alt-del;0;1;XXX;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.exec-shield-randomize;1;1;XXX;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.exec-shield;1;1;XXX;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.kptr_restrict;2;1;Restrict access to kernel symbols;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; +config-data=sysctl;kernel.maps_protect;1;1;Restrict access to /proc/[pid]/maps;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; +config-data=sysctl;kernel.randomize_va_space;1;1;Randomize of memory address locations (ASLR);sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.sysrq;0;1;Disable magic SysRQ;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.use-nx;0;1;XXX;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; |