sysctl.conf: Turn on hard- and symlink protection

author Peter Müller <peter.mueller@ipfire.org>

Tue, 5 May 2020 20:19:36 +0000 (22:19 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Wed, 6 May 2020 10:25:23 +0000 (10:25 +0000)
author Peter Müller <peter.mueller@ipfire.org>
Tue, 5 May 2020 20:19:36 +0000 (22:19 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Wed, 6 May 2020 10:25:23 +0000 (10:25 +0000)
diff --git a/setup/setup.nm b/setup/setup.nm

index 09d94e23de875c8c0d944039bef82dd6d2242f20..cc8454bfa35b37776b1c6ee0e37ce663ecd12b88 100644 (file)
--- a/setup/setup.nm
+++ b/setup/setup.nm
@@ -5,7 +5,7 @@
  
  name       = setup
  version    = 3.0
-release    = 14
+release    = 15
  arch       = noarch
  
  groups     = Base Build System/Base
diff --git a/setup/sysctl/kernel-hardening.conf b/setup/sysctl/kernel-hardening.conf

index 33e096c7ce5036574ab8d025b37efc284a995ee7..d92485d619c87efb4d59dc3afbfe1fa7a7922d58 100644 (file)
--- a/setup/sysctl/kernel-hardening.conf
+++ b/setup/sysctl/kernel-hardening.conf
@@ -7,3 +7,7 @@ kernel.dmesg_restrict = 1
  # Improve KASLR effectiveness for mmap.
  vm.mmap_rnd_bits = 32
  vm.mmap_rnd_compat_bits = 16
+
+# Turn on hard- and symlink protection
+fs.protected_symlinks = 1
+fs.protected_hardlinks = 1
author	Peter Müller <peter.mueller@ipfire.org>
	Tue, 5 May 2020 20:19:36 +0000 (22:19 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 6 May 2020 10:25:23 +0000 (10:25 +0000)
setup/setup.nm		patch \| blob \| blame \| history
setup/sysctl/kernel-hardening.conf		patch \| blob \| blame \| history