]> git.ipfire.org Git - people/pmueller/ipfire-3.x.git/blobdiff - setup/sysctl/hardening.conf
projects / people / pmueller / ipfire-3.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
prevent kernel address space leak via dmesg or /proc files
[people/pmueller/ipfire-3.x.git] / setup / sysctl / hardening.conf
diff --git a/setup/sysctl/hardening.conf b/setup/sysctl/hardening.conf
new file mode 100644 (file)
index 0000000..1661a6c
--- /dev/null
+++ b/setup/sysctl/hardening.conf
@@ -0,0 +1,5 @@
+# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
+kernel.kptr_restrict = 1
+
+# Avoid kernel memory address exposures via dmesg.
+kernel.dmesg_restrict = 1
Peter's tree of IPFire 3.x