Add the comments about `vm.mmap_rnd_bits` and `vm.mmap_rnd_compat_bits` sysctls

author Alexander Popov <alex.popov@linux.com>

Sun, 11 Aug 2024 11:14:15 +0000 (14:14 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sun, 11 Aug 2024 11:14:15 +0000 (14:14 +0300)
author Alexander Popov <alex.popov@linux.com>
Sun, 11 Aug 2024 11:14:15 +0000 (14:14 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sun, 11 Aug 2024 11:14:15 +0000 (14:14 +0300)
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py

index b4a86cff58cdc8c2cca9332d68f828dd7ed02712..378a7d7a4e6f9188246e5f4e727364203e7cb24a 100755 (executable)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -684,7 +684,8 @@ def normalize_cmdline_options(option: str, value: str) -> str:
  #    what about bpf_jit_enable?
  #    vm.mmap_min_addr has a good value
  #    nosmt sysfs control file
-#    vm.mmap_rnd_bits=max (?)
+#    vm.mmap_rnd_bits=max
+#    vm.mmap_rnd_compat_bits=max
  #    abi.vsyscall32 (any value except 2)
  #    net.ipv4.tcp_syncookies=1 (?)
author	Alexander Popov <alex.popov@linux.com>
	Sun, 11 Aug 2024 11:14:15 +0000 (14:14 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sun, 11 Aug 2024 11:14:15 +0000 (14:14 +0300)