diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2017-09-03 01:49:01 +0200 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2017-09-09 17:37:17 +0200 |
| commit | 8aa0618cf0a0fe2ae12fe463b57243d13028a6e8 (patch) | |
| tree | daa9a4ece59e5c458fdfbde237cfc0b8d1950d8c /nixos/modules/profiles/hardened.nix | |
| parent | 2bce0b13e70ac1e63f9ffefa9d81daee8b834dc9 (diff) | |
| download | nixlib-8aa0618cf0a0fe2ae12fe463b57243d13028a6e8.tar nixlib-8aa0618cf0a0fe2ae12fe463b57243d13028a6e8.tar.gz nixlib-8aa0618cf0a0fe2ae12fe463b57243d13028a6e8.tar.bz2 nixlib-8aa0618cf0a0fe2ae12fe463b57243d13028a6e8.tar.lz nixlib-8aa0618cf0a0fe2ae12fe463b57243d13028a6e8.tar.xz nixlib-8aa0618cf0a0fe2ae12fe463b57243d13028a6e8.tar.zst nixlib-8aa0618cf0a0fe2ae12fe463b57243d13028a6e8.zip | |
nixos/hardened: blacklist a few obscure net protocols
Diffstat (limited to 'nixos/modules/profiles/hardened.nix')
| -rw-r--r-- | nixos/modules/profiles/hardened.nix | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index c8d306ef3cae..456538742f51 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -25,6 +25,13 @@ with lib; "nohibernate" ]; + boot.blacklistedKernelModules = [ + # Obscure network protocols + "ax25" + "netrom" + "rose" + ]; + # Restrict ptrace() usage to processes with a pre-defined relationship # (e.g., parent/child) boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1; |