X-Git-Url: http://git.ipfire.org/?p=ipfire-3.x.git;a=blobdiff_plain;f=setup%2Fsysctl%2Fkernel-hardening.conf;fp=setup%2Fsysctl%2Fkernel-hardening.conf;h=33e096c7ce5036574ab8d025b37efc284a995ee7;hp=9bb6e9f45d10d33a324c405b71ab6a74c20396cf;hb=78d3aeab2b1e8c0e52e5326c95d4b59057fb3095;hpb=f2234b33d7d5159cd3aedfec22752f688a5ebd99

diff --git a/setup/sysctl/kernel-hardening.conf b/setup/sysctl/kernel-hardening.conf
index 9bb6e9f45..33e096c7c 100644
--- a/setup/sysctl/kernel-hardening.conf
+++ b/setup/sysctl/kernel-hardening.conf
@@ -4,3 +4,6 @@ kernel.kptr_restrict = 2
 # Avoid kernel memory address exposures via dmesg.
 kernel.dmesg_restrict = 1
 
+# Improve KASLR effectiveness for mmap.
+vm.mmap_rnd_bits = 32
+vm.mmap_rnd_compat_bits = 16