Additional Settings for Kernel Hardening
Additional Settings for Kernel Hardening Restrict Core Dumps Prevents core dumps from being created by processes, which can expose sensitive information: fs.suid_dumpable = 0 Randomize Address Space Layout (ASLR) Enables randomization of memory addresses to make attacks like buffer overflows more difficult: kernel.randomize_va_space = 2 Disable IPv6 (if not needed) If your system does not use IPv6, disable it to reduce attack surface: net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 Enable ExecShield (for older systems) Provides protection against some buffer overflow exploits (useful on older kernels): kernel.exec-shield = 1 Protect Hard and Soft Links Prevents users from creating links to files they do not own, mitigating certain privilege escalation attacks: fs.protected_hardlinks = 1 fs.protected_symlinks = 1 Limit Rate of Connections Prevents abuse of new connections by setting rate limits: net.ipv4.tcp_max_...