From 2e6415a3b3987f3b7c5e383fa5c0f7771f5af85d Mon Sep 17 00:00:00 2001 From: pyllyukko Date: Sun, 23 Jan 2022 10:36:55 +0200 Subject: [PATCH] perf_event_paranoid -> 2|3 The value of 3 was introduced in c76a4ca and the source was this[1]. The documentation in the source notes that the value of 3 requires a patch for the Linux kernel. Vanilla kernel has the "maximum" value of 2[2]. [1] https://docs.clip-os.org/clipos/kernel.html#sysctl-security-tuning [2] https://www.kernel.org/doc/html/v5.7/admin-guide/sysctl/kernel.html#perf-event-paranoid --- default.prf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default.prf b/default.prf index aadc4495..79c0a48c 100644 --- a/default.prf +++ b/default.prf @@ -197,7 +197,7 @@ config-data=sysctl;kernel.exec-shield;1;1;No description;sysctl -a;url:https;//k config-data=sysctl;kernel.kptr_restrict;2;1;Restrict access to kernel symbols;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.maps_protect;1;1;Restrict access to /proc/[pid]/maps;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.modules_disabled;1;1;Restrict module loading once this sysctl value is loaded;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; -config-data=sysctl;kernel.perf_event_paranoid;3;1;Restrict unprivileged access to the perf_event_open() system call.;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; +config-data=sysctl;kernel.perf_event_paranoid;2|3;1;Restrict unprivileged access to the perf_event_open() system call.;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.randomize_va_space;2;1;Randomize of memory address locations (ASLR);sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.suid_dumpable;0;1;Restrict core dumps;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; config-data=sysctl;kernel.sysrq;0;1;Disable magic SysRQ;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;