aurore/ansible
aurore
/
ansible
15
2
Fork 0
Code Issues 1 Pull Requests 13 Releases Wiki Activity
ansible/roles/basesecurity/templates/sysctl.d/local.conf.j2

14 lines
389 B
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
# See https://www.ssi.gouv.fr/uploads/2016/01/linux_configuration-fr-v1.2.pdf
# Disable core dump of setuid executables
# So an user can't read privileged information in memory
fs.suid_dumpable = 0
# Obfuscate kernel memory addresses
kernel.kptr_restrict = 1
# Restrict dmesg access
# This can leak specific harware failures to exploit
kernel.dmesg_restrict = 1
Reference in New Issue View Git Blame Copy Permalink