OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	05/04/2025 04:37:50 PM	rwxr-xr-x
📄 10-bufferbloat.conf	481 bytes	09/26/2024 08:44:05 AM	rw-r--r--
📄 10-console-messages.conf	77 bytes	03/31/2024 08:16:00 AM	rw-r--r--
📄 10-ipv6-privacy.conf	490 bytes	03/31/2024 08:16:00 AM	rw-r--r--
📄 10-kernel-hardening.conf	1.2 KB	03/31/2024 08:16:00 AM	rw-r--r--
📄 10-magic-sysrq.conf	1.16 KB	03/31/2024 08:16:00 AM	rw-r--r--
📄 10-map-count.conf	164 bytes	03/31/2024 08:16:00 AM	rw-r--r--
📄 10-network-security.conf	158 bytes	03/31/2024 08:16:00 AM	rw-r--r--
📄 10-ptrace.conf	1.26 KB	03/31/2024 08:16:00 AM	rw-r--r--
📄 10-zeropage.conf	506 bytes	03/31/2024 08:16:00 AM	rw-r--r--
📄 README.sysctl	798 bytes	03/24/2024 03:35:54 PM	rw-r--r--

Editing: 10-kernel-hardening.conf

# These settings are specific to hardening the kernel itself from attack
# from userspace, rather than protecting userspace from other malicious
# userspace things.
#
#
# When an attacker is trying to exploit the local kernel, it is often
# helpful to be able to examine where in memory the kernel, modules,
# and data structures live. As such, kernel addresses should be treated
# as sensitive information.
#
# Many files and interfaces contain these addresses (e.g. /proc/kallsyms,
# /proc/modules, etc), and this setting can censor the addresses. A value
# of "0" allows all users to see the kernel addresses. A value of "1"
# limits visibility to the root user, and "2" blocks even the root user.
kernel.kptr_restrict = 1

# Access to the kernel log buffer can be especially useful for an attacker
# attempting to exploit the local kernel, as kernel addresses and detailed
# call traces are frequently found in kernel oops messages. Setting
# dmesg_restrict to "0" allows all users to view the kernel log buffer,
# and setting it to "1" restricts access to those with CAP_SYSLOG.
#
# dmesg_restrict defaults to 1 via CONFIG_SECURITY_DMESG_RESTRICT, only
# uncomment the following line to disable.
# kernel.dmesg_restrict = 0