sysctl.conf: Turn on hard- and symlink protection

[ipfire-3.x.git] / setup / sysctl / kernel-hardening.conf

diff --git a/setup/sysctl/kernel-hardening.conf b/setup/sysctl/kernel-hardening.conf
index 33e096c7ce5036574ab8d025b37efc284a995ee7..d92485d619c87efb4d59dc3afbfe1fa7a7922d58 100644 (file)
--- a/setup/sysctl/kernel-hardening.conf
+++ b/setup/sysctl/kernel-hardening.conf
@@ -7,3 +7,7 @@ kernel.dmesg_restrict = 1
 # Improve KASLR effectiveness for mmap.
 vm.mmap_rnd_bits = 32
 vm.mmap_rnd_compat_bits = 16
+
+# Turn on hard- and symlink protection
+fs.protected_symlinks = 1
+fs.protected_hardlinks = 1