8f44815d97
Add security hardening configuration files implementing SCAP-STIG controls: - sysctl-hardening.conf: 75 kernel security parameters covering: * IP forwarding and redirect controls * Source routing and martian packet logging * TCP SYN cookies and timestamps * ExecShield and ASLR settings * Ptrace scope restrictions * Unprivileged BPF and userns restrictions - security-limits.conf: Resource limits for: * Core dump prevention (fork bomb protection) * Process count limits (4096 soft, 8192 hard) * File handle limits (1024 soft, 4096 hard) * Memory lock and file size restrictions - issue, issue.net, motd: Security warning banners for local and network login - modprobe/: Directory for kernel module blacklist configurations These configs implement CIS Benchmark and DISA STIG requirements for Linux server hardening. Related: KNELServerBuild/ProjectCode/Modules/Security/secharden-scap-stig.sh
30 lines
525 B
Plaintext
30 lines
525 B
Plaintext
# KNEL Security Limits Configuration
|
|
# SCAP/STIG compliant resource limits
|
|
|
|
# Prevent core dumps for all users
|
|
* hard core 0
|
|
* soft core 0
|
|
|
|
# Prevent core dumps for root
|
|
root hard core 0
|
|
root soft core 0
|
|
|
|
# Limit max processes for users (fork bomb protection)
|
|
* soft nproc 4096
|
|
* hard nproc 8192
|
|
|
|
# Limit max file handles
|
|
* soft nofile 1024
|
|
* hard nofile 4096
|
|
|
|
# Limit max memory lock
|
|
* hard memlock 64
|
|
|
|
# Limit max file size
|
|
* soft fsize 2097152
|
|
* hard fsize 4194304
|
|
|
|
# Stack size limit
|
|
* soft stack 8192
|
|
* hard stack 65536
|