2021-02-28 01:34:19 +01:00
|
|
|
# These are some recommended defaults that users can alter if needed.
|
|
|
|
# For example, developer systems may want to enable kexec for kernel
|
|
|
|
# testing, or disable the ptrace restrictions to be able to gdb attach
|
|
|
|
# to processes without root.
|
2021-02-28 02:00:31 +01:00
|
|
|
#
|
|
|
|
# To replace, create a file of the same name in /etc/sysctl.d.
|
2021-02-28 01:34:19 +01:00
|
|
|
|
|
|
|
# Avoid kernel memory address exposures via dmesg.
|
|
|
|
kernel.dmesg_restrict=1
|
|
|
|
|
|
|
|
# Turn off kexec, even if it's built in.
|
|
|
|
kernel.kexec_load_disabled=1
|
|
|
|
|
|
|
|
# Avoid non-ancestor ptrace access to running processes and their credentials.
|
|
|
|
kernel.yama.ptrace_scope=1
|