22 lines
587 B
Plaintext
22 lines
587 B
Plaintext
# Append the PID to the core filename
|
|
kernel.core_uses_pid = 1
|
|
|
|
# Enable hard and soft link protection
|
|
fs.protected_hardlinks=1
|
|
fs.protected_symlinks=1
|
|
|
|
# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
|
|
kernel.kptr_restrict=1
|
|
|
|
# Avoid kernel memory address exposures via dmesg.
|
|
kernel.dmesg_restrict=1
|
|
|
|
# Block non-uid-0 kernel profiling
|
|
kernel.perf_event_paranoid=2
|
|
|
|
# Turn off kexec, even if it's built in.
|
|
kernel.kexec_load_disabled=1
|
|
|
|
# Avoid non-ancestor ptrace access to running processes and their credentials.
|
|
kernel.yama.ptrace_scope=1
|