setup/sysctl/kernel-hardening.conf

   1 # Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
   2 kernel.kptr_restrict = 2
   3
   4 # Avoid kernel memory address exposures via dmesg.
   5 kernel.dmesg_restrict = 1
   6
   7 # Improve KASLR effectiveness for mmap.
   8 vm.mmap_rnd_bits = 32
   9 vm.mmap_rnd_compat_bits = 16