14 lines
389 B
Text
14 lines
389 B
Text
|
# {{ ansible_managed }}
|
||
|
# See https://www.ssi.gouv.fr/uploads/2016/01/linux_configuration-fr-v1.2.pdf
|
||
|
|
||
|
# Disable core dump of setuid executables
|
||
|
# So an user can't read privileged information in memory
|
||
|
fs.suid_dumpable = 0
|
||
|
|
||
|
# Obfuscate kernel memory addresses
|
||
|
kernel.kptr_restrict = 1
|
||
|
|
||
|
# Restrict dmesg access
|
||
|
# This can leak specific harware failures to exploit
|
||
|
kernel.dmesg_restrict = 1
|