public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/hardened: blacklist a few obscure net protocols

Browse Source
This commit is contained in:
Joachim Fasting 2017-09-03 01:49:01 +02:00
parent 2bce0b13e7
commit 8aa0618cf0
No known key found for this signature in database
GPG Key ID: 66EAB6B14F6B6E0D
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/modules/profiles/hardened.nix
View File

@ -25,6 +25,13 @@ with lib;
"nohibernate" "nohibernate"
]; ];
boot.blacklistedKernelModules = [
# Obscure network protocols
"ax25"
"netrom"
"rose"
];
# Restrict ptrace() usage to processes with a pre-defined relationship # Restrict ptrace() usage to processes with a pre-defined relationship
# (e.g., parent/child) # (e.g., parent/child)
boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1; boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;