1 # Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
2 kernel.kptr_restrict = 2
4 # Avoid kernel memory address exposures via dmesg.
5 kernel.dmesg_restrict = 1
7 # Improve KASLR effectiveness for mmap.
9 vm.mmap_rnd_compat_bits = 16
11 # Turn on hard- and symlink protection
12 fs.protected_symlinks = 1
13 fs.protected_hardlinks = 1