Merge pull request #5 from HorlogeSkynet/master

added recommendations from ANSSI
2025-12-23 12:46:33 +00:00 · 2021-06-07 17:55:37 -04:00 · 2021-06-07 17:55:37 -04:00 · 50d77687e4
commit 50d77687e4
parent f426457a6b 9a3fd6cf9c
1 changed files with 8 additions and 0 deletions
--- a/sysctl.conf
+++ b/sysctl.conf
@ -63,6 +63,11 @@ kernel.pid_max = 4194304
 # reboot machine after kernel panic
 #kernel.panic = 10

+# restrict perf subsystem usage
+kernel.perf_event_paranoid = 2
+kernel.perf_cpu_time_max_percent = 1
+kernel.perf_event_max_sample_rate = 1
+
 ########## File System ##########

 # disallow core dumping by SUID/SGID programs
@ -101,6 +106,9 @@ fs.inotify.max_user_watches = 524288

 ########## Virtualization ##########

+# do not allow mmap in lower addresses
+vm.mmap_min_addr = 65536
+
 # improve mmap ASLR effectness
 vm.mmap_rnd_bits=32
 vm.mmap_rnd_compat_bits=16