search

Kicksecure / security-misc

Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-misc
https://www.kicksecure.com/wiki/Impressum
Other
516 stars 51 forks source link

review Brace to see if there are security settings which aren't part of security-misc (or Kicksecure yet) #278

Open adrelanos opened 1 month ago

adrelanos commented 1 month ago

https://github.com/divestedcg/Brace

raja-grewal commented 2 weeks ago

Having looked through the setting that I am familiar with such as the boot parameters andsysctl, besides the PR above, there does not seem to be much actionable that we have not either already implemented, or implemented to a stricter level.

While there are some novel network-related sysctl that could be included, at this time I have not done enough due diligence to suggest them.

Boot parameters: https://github.com/divestedcg/Brace/blob/master/brace/etc/default/grub.d/brace.cfg

sysctl: https://github.com/divestedcg/Brace/blob/master/brace/usr/lib/sysctl.d/60-restrict.conf