diff options
| author | 0ri0n <quantumpacket@users.noreply.github.com> | 2017-05-03 10:20:35 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-05-03 10:20:35 +0300 |
| commit | 9e10fdfbc809977cd8ebc15b34862fde8e1c2e32 (patch) | |
| tree | b18ddc080b7b799237aa9427e99d47e67b221002 /default.prf | |
| parent | 4ecb9d4d05124b813cd4d7ddcaf5671c2f4c4765 (diff) | |
Adds Protected Links Checks (#389)
Fixes #386
Diffstat (limited to 'default.prf')
| -rw-r--r-- | default.prf | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/default.prf b/default.prf index b4151e67..cfbd95b8 100644 --- a/default.prf +++ b/default.prf @@ -178,6 +178,9 @@ config-data=sysctl;security.bsd.unprivileged_proc_debug;0;1;Unprivileged process config-data=sysctl;security.bsd.unprivileged_read_msgbuf;0;1;Unprivileged processes can not read the kernel message buffer;sysctl -a;-;category:security; # Kernel +config-data=sysctl;fs.suid_dumpable;0;1;Restrict core dumps;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security; +config-data=sysctl;fs.protected_hardlinks;1;1;Restrict hardlink creation behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security; +config-data=sysctl;fs.protected_symlinks;1;1;Restrict symlink following behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security; #config-data=sysctl;kern.randompid=2345;Randomize PID numbers with a specific modulus;sysctl -a;-;category:security; config-data=sysctl;kern.sugid_coredump;0;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.core_setuid_ok;0;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; |