# These settings are specific to hardening the kernel itself from attack # from userspace, rather than protecting userspace from other malicious # userspace things. # # # When an attacker is trying to exploit the local kernel, it is often # helpful to be able to examine where in memory the kernel, modules, # and data structures live. As such, kernel addresses should be treated # as sensitive information. # # Many files and interfaces contain these addresses (e.g. /proc/kallsyms, # /proc/modules, etc), and this setting can censor the addresses. A value # of "0" allows all users to see the kernel addresses. A value of "1" # limits visibility to the root user, and "2" blocks even the root user. kernel.kptr_restrict = 1
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| 10-console-messages.conf | File | 77 B | 0644 |
|
| 10-ipv6-privacy.conf | File | 490 B | 0644 |
|
| 10-kernel-hardening.conf | File | 726 B | 0644 |
|
| 10-link-restrictions.conf | File | 257 B | 0644 |
|
| 10-lxd-inotify.conf | File | 153 B | 0644 |
|
| 10-magic-sysrq.conf | File | 1.16 KB | 0644 |
|
| 10-network-security.conf | File | 509 B | 0644 |
|
| 10-ptrace.conf | File | 1.26 KB | 0644 |
|
| 10-zeropage.conf | File | 506 B | 0644 |
|
| 99-cloudimg-ipv6.conf | File | 185 B | 0644 |
|
| 99-sysctl.conf | File | 2.62 KB | 0644 |
|
| README | File | 519 B | 0644 |
|