An XCCDF Group - A logical subset of the XCCDF Benchmark
kernel.panic_on_oops
$ sudo sysctl -w kernel.panic_on_oops=1
/etc/sysctl.d
kernel.panic_on_oops = 1
/etc/security/limits.conf
/etc/security/limits.d/
limits.conf
sysctl
fs.suid_dumpable
ProcessSizeMax
[Coredump]
/etc/systemd/coredump.conf
Storage
none
* hard core 0
$ sudo sysctl -w fs.suid_dumpable=0
fs.suid_dumpable = 0
kernel.exec-shield
kernel.randomize_va_space
kernel.kptr_restrict
$ sudo sysctl -w kernel.kptr_restrict=
kernel.kptr_restrict =
$ sudo sysctl -w kernel.randomize_va_space=2
kernel.randomize_va_space = 2
slub_debug
kernel.dmesg_restrict
$ sudo sysctl -w kernel.dmesg_restrict=1
kernel.dmesg_restrict = 1