]> git.ipfire.org Git - ipfire-3.x.git/blobdiff - setup/sysctl/kernel-hardening.conf
projects / ipfire-3.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
sysctl: improve KASLR effectiveness for mmap
[ipfire-3.x.git] / setup / sysctl / kernel-hardening.conf
diff --git a/setup/sysctl/kernel-hardening.conf b/setup/sysctl/kernel-hardening.conf
index 9bb6e9f45d10d33a324c405b71ab6a74c20396cf..33e096c7ce5036574ab8d025b37efc284a995ee7 100644 (file)
--- a/setup/sysctl/kernel-hardening.conf
+++ b/setup/sysctl/kernel-hardening.conf
@@ -4,3 +4,6 @@ kernel.kptr_restrict = 2
 # Avoid kernel memory address exposures via dmesg.
 kernel.dmesg_restrict = 1
 
+# Improve KASLR effectiveness for mmap.
+vm.mmap_rnd_bits = 32
+vm.mmap_rnd_compat_bits = 16
IPFire 3.x development tree