X-Git-Url: http://git.ipfire.org/?p=ipfire-3.x.git;a=blobdiff_plain;f=setup%2Fsysctl%2Fkernel-hardening.conf;h=d92485d619c87efb4d59dc3afbfe1fa7a7922d58;hp=33e096c7ce5036574ab8d025b37efc284a995ee7;hb=5d673af27fc2105b72af6bef16a68de333aa0fa7;hpb=4c46148399f0920f72efe2a5f70a0e2f591e3042

diff --git a/setup/sysctl/kernel-hardening.conf b/setup/sysctl/kernel-hardening.conf
index 33e096c7c..d92485d61 100644
--- a/setup/sysctl/kernel-hardening.conf
+++ b/setup/sysctl/kernel-hardening.conf
@@ -7,3 +7,7 @@ kernel.dmesg_restrict = 1
 # Improve KASLR effectiveness for mmap.
 vm.mmap_rnd_bits = 32
 vm.mmap_rnd_compat_bits = 16
+
+# Turn on hard- and symlink protection
+fs.protected_symlinks = 1
+fs.protected_hardlinks = 1