mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-21 17:11:33 -05:00
Reorganization
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
97e596463a
commit
98a59dec9a
@ -23,6 +23,13 @@ fs.suid_dumpable = 0
|
|||||||
# https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
|
# https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
|
||||||
kernel.dmesg_restrict = 1
|
kernel.dmesg_restrict = 1
|
||||||
|
|
||||||
|
# Disable io_uring
|
||||||
|
# https://docs.kernel.org/admin-guide/sysctl/kernel.html#io-uring-disabled
|
||||||
|
# https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html
|
||||||
|
# Note that this will make using Proxmox extremely annoying though, so you might wanna comment this out
|
||||||
|
# on a Proxmox node.
|
||||||
|
kernel.io_uring_disabled = 2
|
||||||
|
|
||||||
# https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
|
# https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
|
||||||
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
|
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
|
||||||
# https://kernsec.org/wiki/index.php/Bug_Classes/Kernel_pointer_leak
|
# https://kernsec.org/wiki/index.php/Bug_Classes/Kernel_pointer_leak
|
||||||
@ -50,12 +57,6 @@ kernel.yama.ptrace_scope = 1
|
|||||||
# Official Linux kernel documentation only says >= so it probably will work.
|
# Official Linux kernel documentation only says >= so it probably will work.
|
||||||
kernel.perf_event_paranoid = 4
|
kernel.perf_event_paranoid = 4
|
||||||
|
|
||||||
# https://github.com/containerd/containerd/issues/9048
|
|
||||||
# Disable io_uring, a very sus feature.
|
|
||||||
# Note that this will make using Proxmox extremely annoying though, so you might wanna comment this out
|
|
||||||
# on a Proxmox node.
|
|
||||||
kernel_io_uring_disable = 2
|
|
||||||
|
|
||||||
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
|
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
|
||||||
# Disable sysrq.
|
# Disable sysrq.
|
||||||
kernel.sysrq = 0
|
kernel.sysrq = 0
|
||||||
|
@ -51,9 +51,12 @@ kernel.yama.ptrace_scope = 3
|
|||||||
# Official Linux kernel documentation only says >= so it probably will work.
|
# Official Linux kernel documentation only says >= so it probably will work.
|
||||||
kernel.perf_event_paranoid = 4
|
kernel.perf_event_paranoid = 4
|
||||||
|
|
||||||
# https://github.com/containerd/containerd/issues/9048
|
# Disable io_uring
|
||||||
# Disable io_uring, a very sus feature.
|
# https://docs.kernel.org/admin-guide/sysctl/kernel.html#io-uring-disabled
|
||||||
kernel_io_uring_disable = 2
|
# https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html
|
||||||
|
# Note that this will make using Proxmox extremely annoying though, so you might wanna comment this out
|
||||||
|
# on a Proxmox node.
|
||||||
|
kernel.io_uring_disabled = 2
|
||||||
|
|
||||||
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
|
# https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
|
||||||
# Disable sysrq.
|
# Disable sysrq.
|
||||||
|
Loading…
Reference in New Issue
Block a user