X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kernel_hardening_checker%2Fconfig_files%2Fkspp-recommendations%2Fkspp-sysctl.txt;h=c45c201914625f098c2dcd09606b83bb7dabceea;hb=b22708589a1f4138db2fbb192cd28b00d046cdaa;hp=9f99c6c501fd55082f66ac276b0453aa262fccb9;hpb=4586e03b4526a74bcd45662634bf9d76808ae343;p=kconfig-hardened-check.git

diff --git a/kernel_hardening_checker/config_files/kspp-recommendations/kspp-sysctl.txt b/kernel_hardening_checker/config_files/kspp-recommendations/kspp-sysctl.txt
index 9f99c6c..c45c201 100644
--- a/kernel_hardening_checker/config_files/kspp-recommendations/kspp-sysctl.txt
+++ b/kernel_hardening_checker/config_files/kspp-recommendations/kspp-sysctl.txt
@@ -1,6 +1,7 @@
 kernel.printk = 3	4	1	7
 kernel.kptr_restrict = 2
 kernel.dmesg_restrict = 1
+kernel.disable_modules = 1
 kernel.perf_event_paranoid = 3
 kernel.kexec_load_disabled = 1
 kernel.randomize_va_space = 2
@@ -9,6 +10,8 @@ user.max_user_namespaces = 0
 dev.tty.ldisc_autoload = 0
 dev.tty.legacy_tiocsti = 0
 kernel.unprivileged_bpf_disabled = 1
+kernel.warn_limit = 1
+kernel.oops_limit = 1
 net.core.bpf_jit_harden = 2
 vm.unprivileged_userfaultfd = 0
 fs.protected_symlinks = 1