]> git.ipfire.org Git - ipfire-3.x.git/commit
projects / ipfire-3.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8ef817a) | patch
hide kernel addresses in /proc against privileged users
authorPeter Müller <peter.mueller@link38.eu>
Mon, 21 Jan 2019 20:43:26 +0000 (21:43 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 21 Jan 2019 21:02:08 +0000 (21:02 +0000)
commit7403755a939d9315b9b0185229c9cd0110df9fb6
treec22e16349e61cd93407dbd0d20d46549ccdae9b9tree | snapshot
parent8ef817a80a1faa7bf6fb3e53d50a76cd9b847f91commit | diff
hide kernel addresses in /proc against privileged users

In order to make local privilege escalation more harder, hide
kernel addresses in various /proc files against users with
root (or similar) permissions, too.

Common system hardening tools such as lynis recommend this.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
setup/setup.nm diff | blob | blame | history
setup/sysctl/kernel-hardening.conf diff | blob | blame | history
IPFire 3.x development tree