20 строки
707 B
Plaintext
20 строки
707 B
Plaintext
#Enabling the strongest form of native Linux Address Space Layout Randomization (ASLR).
|
|
kernel.randomize_va_space=2
|
|
#Restrict revealing kernel addresses
|
|
#Set to less-strict option 1 to enable kexec to work with kaslr.
|
|
kernel.kptr_restrict=1
|
|
#Preventing non-root users from viewing the kernel ring buffer.
|
|
kernel.dmesg_restrict = 1
|
|
# disabling an unused feature
|
|
kernel.sysrq=0
|
|
# Disallow unprivileged BPF scripts to run
|
|
kernel.unprivileged_bpf_disabled = 1
|
|
# Set TCP Challenge ACK Limit
|
|
net.ipv4.tcp_challenge_ack_limit = 1073741823
|
|
#Disable IPv4 Forwarding
|
|
net.ipv4.ip_forward = 0
|
|
#Disable IPv6 Forwarding
|
|
net.ipv6.conf.all.forwarding = 0
|
|
#Disable IPv6 Router Advertisements
|
|
net.ipv6.conf.all.accept_ra = 0
|