Tomster/Linux-Setup-Scripts
1
0
Fork 0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-09-07 16:23:30 -04:00
Code

Update workstation sysctl

Browse Source
This commit is contained in:
Tommy 2024-06-05 21:06:33 -07:00 committed by GitHub
parent d4fcbb538d
commit 0dc37c49d1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
etc/sysctl.d/99-workstation.conf
View File

@ -3,7 +3,8 @@
dev.tty.ldisc_autoload = 0
# https://access.redhat.com/solutions/1985633
# Seems dangerous
# Seems dangerous.
# Roseta need this though, so if you use it comment this out.
fs.binfmt_misc.status = 0
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-userspace
@ -14,7 +15,7 @@ fs.protected_symlinks = 1
fs.protected_hardlinks = 1
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#core-dumps
# Disable coredumps
# Disable coredumps.
# For additional safety, disable coredumps using ulimit and systemd too.
kernel.core_pattern=|/bin/false
fs.suid_dumpable = 0
@ -42,8 +43,6 @@ net.core.bpf_jit_harden = 2
kernel.unprivileged_userns_clone = 1
# Disable ptrace. Not needed on workstations.
# Also, the Debian gVisor package from Google will just take priority over this with their
# /etc/sysctl.d/999-gvisor.conf file.
kernel.yama.ptrace_scope = 3
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl