From 340f2a55de4ae99bc07a75e4b1829530067a0fc1 Mon Sep 17 00:00:00 2001
From: shenzhui007 <12231252@bjtu.edu.cn>
Date: Mon, 6 Jun 2022 12:58:49 +0800
Subject: [PATCH] Update sysctl.conf

update according to https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl
---
 sysctl.conf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sysctl.conf b/sysctl.conf
index a661e09..3969fd5 100644
--- a/sysctl.conf
+++ b/sysctl.conf
@@ -288,3 +288,10 @@ net.ipv6.conf.all.accept_source_route = 0
 #net.ipv6.icmp.echo_ignore_all = 1
 #net.ipv6.icmp.echo_ignore_anycast = 1
 #net.ipv6.icmp.echo_ignore_multicast = 1
+
+
+# prevent unprivileged attackers from loading vulnerable line disciplines with the TIOCSETD ioctl
+dev.tty.ldisc_autoload = 0
+
+# disable syscall to the CAP_SYS_PTRACE capability
+vm.unprivileged_userfaultfd = 0