1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-25 02:31:34 -05:00

Update workstation sysctl

This commit is contained in:
Tommy 2024-06-05 21:06:33 -07:00 committed by GitHub
parent d4fcbb538d
commit 0dc37c49d1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -3,7 +3,8 @@
dev.tty.ldisc_autoload = 0 dev.tty.ldisc_autoload = 0
# https://access.redhat.com/solutions/1985633 # https://access.redhat.com/solutions/1985633
# Seems dangerous # Seems dangerous.
# Roseta need this though, so if you use it comment this out.
fs.binfmt_misc.status = 0 fs.binfmt_misc.status = 0
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-userspace # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-userspace
@ -14,7 +15,7 @@ fs.protected_symlinks = 1
fs.protected_hardlinks = 1 fs.protected_hardlinks = 1
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#core-dumps # https://madaidans-insecurities.github.io/guides/linux-hardening.html#core-dumps
# Disable coredumps # Disable coredumps.
# For additional safety, disable coredumps using ulimit and systemd too. # For additional safety, disable coredumps using ulimit and systemd too.
kernel.core_pattern=|/bin/false kernel.core_pattern=|/bin/false
fs.suid_dumpable = 0 fs.suid_dumpable = 0
@ -42,8 +43,6 @@ net.core.bpf_jit_harden = 2
kernel.unprivileged_userns_clone = 1 kernel.unprivileged_userns_clone = 1
# Disable ptrace. Not needed on workstations. # Disable ptrace. Not needed on workstations.
# Also, the Debian gVisor package from Google will just take priority over this with their
# /etc/sysctl.d/999-gvisor.conf file.
kernel.yama.ptrace_scope = 3 kernel.yama.ptrace_scope = 3
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl