[PATCH 0/8][F] Kernel hardening config changes
Tyler Hicks
tyhicks at canonical.com
Sun Jan 19 13:10:21 UTC 2020
Adjust seven config options in order to follow best practices for kernel
hardening. Some options are useful to prevent attacks (run-time sanity
checks, reduce attack surface, etc.) while others are useful to detect
attacks using logged information.
These changes follow the recommendations of the Kernel Self Protection
Project:
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
None of these changes should have a noticeable affect on performance.
Tyler
Tyler Hicks (8):
UBUNTU: [Config] Fix typo in annotations file
UBUNTU: [Config] Enable linked list manipulation checks
UBUNTU: [Config] Enable cred sanity checks
UBUNTU: [Config] Enable scatterlist validation
UBUNTU: [Config] Enable notifier call chain validations
UBUNTU: [Config] Enforce filtered access to iomem
UBUNTU: [Config] Disable legacy PTY naming
UBUNTU: [Config] Disable the uselib system call
debian.master/config/annotations | 24 ++++++++++++++---------
debian.master/config/config.common.ubuntu | 15 +++++++-------
2 files changed, 22 insertions(+), 17 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list