From 27efbc353476840954e26fd1d8141a9923545f55 Mon Sep 17 00:00:00 2001
From: TommyTran732 <57488583+tommytran732@users.noreply.github.com>
Date: Wed, 14 Apr 2021 21:08:21 -0400
Subject: [PATCH] Update Fedora-WorkStation-33.sh

---
 Fedora-WorkStation-33.sh | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/Fedora-WorkStation-33.sh b/Fedora-WorkStation-33.sh
index 43d9352..fbb6fcf 100644
--- a/Fedora-WorkStation-33.sh
+++ b/Fedora-WorkStation-33.sh
@@ -142,6 +142,36 @@ EOF
 
 sudo sysctl --load=/etc/sysctl.d/99-steam.conf
 
+#Security kernel settings
+sudo bash -c 'cat > /etc/sysctl.d/51-dmesg-restrict.conf' <<-'EOF'
+kernel.dmesg_restrict = 1
+EOF
+
+sudo sysctl --load=/etc/sysctl.d/51-dmesg-restrict.conf
+
+sudo bash -c 'cat > /etc/sysctl.d/51-kptr-restrict.conf' <<-'EOF'
+kernel.kptr_restrict = 2
+EOF
+
+sudo sysctl --load=/etc/sysctl.d/51-kptr-restrict.conf
+
+sudo bash -c 'cat > /etc/sysctl.d/51-kexec-restrict.conf' <<-'EOF'
+kernel.kexec_load_disabled = 1
+EOF
+
+sudo sysctl --load=/etc/sysctl.d/51-kexec-restrict.conf
+
+sudo bash -c 'cat > /etc/sysctl.d/10-security.conf' <<-'EOF'
+fs.protected_hardlinks = 1
+fs.protected_symlinks = 1
+net.core.bpf_jit_harden = 2
+kernel.yama.ptrace_scope = 3
+module.sig_enforce = 1
+EOF
+
+sudo sysctl --load=/etc/sysctl.d/10-security.conf.conf
+
+#Quick fixes for pulse audio with steam
 sudo bash -c 'cat > /etc/pulse/daemon.conf' <<-'EOF'
 # $ sudo nano /etc/pulse/daemon.conf