mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-12-25 16:21:58 -05:00
Update workstation sysctl
This commit is contained in:
parent
d4fcbb538d
commit
0dc37c49d1
@ -3,7 +3,8 @@
|
||||
dev.tty.ldisc_autoload = 0
|
||||
|
||||
# https://access.redhat.com/solutions/1985633
|
||||
# Seems dangerous
|
||||
# Seems dangerous.
|
||||
# Roseta need this though, so if you use it comment this out.
|
||||
fs.binfmt_misc.status = 0
|
||||
|
||||
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-userspace
|
||||
@ -14,7 +15,7 @@ fs.protected_symlinks = 1
|
||||
fs.protected_hardlinks = 1
|
||||
|
||||
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#core-dumps
|
||||
# Disable coredumps
|
||||
# Disable coredumps.
|
||||
# For additional safety, disable coredumps using ulimit and systemd too.
|
||||
kernel.core_pattern=|/bin/false
|
||||
fs.suid_dumpable = 0
|
||||
@ -42,8 +43,6 @@ net.core.bpf_jit_harden = 2
|
||||
kernel.unprivileged_userns_clone = 1
|
||||
|
||||
# Disable ptrace. Not needed on workstations.
|
||||
# Also, the Debian gVisor package from Google will just take priority over this with their
|
||||
# /etc/sysctl.d/999-gvisor.conf file.
|
||||
kernel.yama.ptrace_scope = 3
|
||||
|
||||
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl
|
||||
|
Loading…
Reference in New Issue
Block a user