`hide-hardware-info.service`: hide `/proc/kallsyms`

Kicksecure / security-misc

Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-misc

https://www.kicksecure.com/wiki/Impressum

Other

505 stars 50 forks source link

`hide-hardware-info.service`: hide `/proc/kallsyms` #206

Open adrelanos opened 7 months ago

adrelanos commented 7 months ago

Add /proc/kallsyms to the list as well, as this contains all the memory addresses for each kernel symbol.

Originally posted by @monsieuremre in https://github.com/Kicksecure/security-misc/issues/172

Maybe not needed if we implement:

https://github.com/Kicksecure/security-misc/issues/205

monsieuremre commented 7 months ago

Considering our default setup, I think this would not be necessary for the most part. We hide the sensitive content with a kernel parameter. I am not sure this adds more than what we already have.