projects / kconfig-hardened-check.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Update the Ubuntu example configs
[kconfig-hardened-check.git] / kernel_hardening_checker / config_files / kspp-recommendations / kspp-sysctl.txt
1 kernel.printk = 3       4       1       7
2 kernel.kptr_restrict = 2
3 kernel.dmesg_restrict = 1
4 kernel.perf_event_paranoid = 3
5 kernel.kexec_load_disabled = 1
6 kernel.randomize_va_space = 2
7 kernel.yama.ptrace_scope = 3
8 user.max_user_namespaces = 0
9 dev.tty.ldisc_autoload = 0
10 dev.tty.legacy_tiocsti = 0
11 kernel.unprivileged_bpf_disabled = 1
12 net.core.bpf_jit_harden = 2
13 vm.unprivileged_userfaultfd = 0
14 fs.protected_symlinks = 1
15 fs.protected_hardlinks = 1
16 fs.protected_fifos = 2
17 fs.protected_regular = 2
18 fs.suid_dumpable = 0
kconfig-hardened-check