Tomster/Linux-Setup-Scripts
1
0
Fork 0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-10-18 02:35:12 -04:00
Code

Reorganization

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-07-01 17:52:06 -07:00
parent 97e596463a
commit 98a59dec9a
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
etc/sysctl.d/99-server.conf
View File

@ -23,6 +23,13 @@ fs.suid_dumpable = 0
# https://www.kernel.org/doc/Documentation/sysctl/kernel.txt # https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
kernel.dmesg_restrict = 1 kernel.dmesg_restrict = 1
# Disable io_uring
# https://docs.kernel.org/admin-guide/sysctl/kernel.html#io-uring-disabled
# https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html
# Note that this will make using Proxmox extremely annoying though, so you might wanna comment this out
# on a Proxmox node.
kernel.io_uring_disabled = 2
# https://www.kernel.org/doc/Documentation/sysctl/kernel.txt # https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
# https://kernsec.org/wiki/index.php/Bug_Classes/Kernel_pointer_leak # https://kernsec.org/wiki/index.php/Bug_Classes/Kernel_pointer_leak
@ -50,12 +57,6 @@ kernel.yama.ptrace_scope = 1
# Official Linux kernel documentation only says >= so it probably will work. # Official Linux kernel documentation only says >= so it probably will work.
kernel.perf_event_paranoid = 4 kernel.perf_event_paranoid = 4
# https://github.com/containerd/containerd/issues/9048
# Disable io_uring, a very sus feature.
# Note that this will make using Proxmox extremely annoying though, so you might wanna comment this out
# on a Proxmox node.
kernel_io_uring_disable = 2
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
# Disable sysrq. # Disable sysrq.
kernel.sysrq = 0 kernel.sysrq = 0

9
etc/sysctl.d/99-workstation.conf
View File

@ -51,9 +51,12 @@ kernel.yama.ptrace_scope = 3
# Official Linux kernel documentation only says >= so it probably will work. # Official Linux kernel documentation only says >= so it probably will work.
kernel.perf_event_paranoid = 4 kernel.perf_event_paranoid = 4
# https://github.com/containerd/containerd/issues/9048 # Disable io_uring
# Disable io_uring, a very sus feature. # https://docs.kernel.org/admin-guide/sysctl/kernel.html#io-uring-disabled
kernel_io_uring_disable = 2 # https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html
# Note that this will make using Proxmox extremely annoying though, so you might wanna comment this out
# on a Proxmox node.
kernel.io_uring_disabled = 2
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
# Disable sysrq. # Disable sysrq.