diff options
Diffstat (limited to 'todo')
-rw-r--r-- | todo | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -218,3 +218,20 @@ sudo firejail /snap/bin/ubuntu-clock-app.clock | |||
218 | 218 | ||
219 | extract env for process | 219 | extract env for process |
220 | ps e -p <pid> | sed 's/ /\n/g' | 220 | ps e -p <pid> | sed 's/ /\n/g' |
221 | |||
222 | |||
223 | 20. check default disable - from grsecurity | ||
224 | |||
225 | GRKERNSEC_HIDESYM | ||
226 | /proc/kallsyms and other files | ||
227 | |||
228 | GRKERNSEC_PROC_USER | ||
229 | If you say Y here, non-root users will only be able to view their own | ||
230 | processes, and restricts them from viewing network-related information, | ||
231 | and viewing kernel symbol and module information. | ||
232 | |||
233 | GRKERNSEC_PROC_ADD | ||
234 | If you say Y here, additional restrictions will be placed on | ||
235 | /proc that keep normal users from viewing device information and | ||
236 | slabinfo information that could be useful for exploits. | ||
237 | |||