]> git.ipfire.org Git - ipfire-3.x.git/blob - setup/sysctl/kernel-hardening.conf
projects / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
sysctl.conf: Turn on hard- and symlink protection
[ipfire-3.x.git] / setup / sysctl / kernel-hardening.conf
1 # Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
2 kernel.kptr_restrict = 2
3
4 # Avoid kernel memory address exposures via dmesg.
5 kernel.dmesg_restrict = 1
6
7 # Improve KASLR effectiveness for mmap.
8 vm.mmap_rnd_bits = 32
9 vm.mmap_rnd_compat_bits = 16
10
11 # Turn on hard- and symlink protection
12 fs.protected_symlinks = 1
13 fs.protected_hardlinks = 1
IPFire 3.x development tree