From 9e10fdfbc809977cd8ebc15b34862fde8e1c2e32 Mon Sep 17 00:00:00 2001
From: 0ri0n <quantumpacket@users.noreply.github.com>
Date: Wed, 3 May 2017 03:20:35 -0400
Subject: Adds Protected Links Checks (#389)

Fixes #386
---
 default.prf | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'default.prf')

diff --git a/default.prf b/default.prf
index b4151e67..cfbd95b8 100644
--- a/default.prf
+++ b/default.prf
@@ -178,6 +178,9 @@ config-data=sysctl;security.bsd.unprivileged_proc_debug;0;1;Unprivileged process
 config-data=sysctl;security.bsd.unprivileged_read_msgbuf;0;1;Unprivileged processes can not read the kernel message buffer;sysctl -a;-;category:security;
 
 # Kernel
+config-data=sysctl;fs.suid_dumpable;0;1;Restrict core dumps;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security;
+config-data=sysctl;fs.protected_hardlinks;1;1;Restrict hardlink creation behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security;
+config-data=sysctl;fs.protected_symlinks;1;1;Restrict symlink following behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security;
 #config-data=sysctl;kern.randompid=2345;Randomize PID numbers with a specific modulus;sysctl -a;-;category:security;
 config-data=sysctl;kern.sugid_coredump;0;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
 config-data=sysctl;kernel.core_setuid_ok;0;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
-- 
cgit v1.2.3