Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add kernel hardening parameters from Tails and CIS Benchmark #263

Merged
merged 3 commits into from
Mar 6, 2020
Merged

Add kernel hardening parameters from Tails and CIS Benchmark #263

merged 3 commits into from
Mar 6, 2020

Conversation

kravietz
Copy link
Contributor

This PR adds the following hardening settings:

kravietz and others added 3 commits February 28, 2020 22:33
@kravietz
Remove trailing space
f09dd80 
ansible-lint marks my build red due to this `¯\_(ツ)_/¯`

Signed-off-by: Pawel Krawczyk <pawel.krawczyk@hush.com>
@rndmh3ro @kravietz
add ansible-lint (#262)
924f1e8 
* Update .travis.yml

Signed-off-by: Pawel Krawczyk <pawel.krawczyk@hush.com>
@kravietz
Add kernel hardening parameters from Tails and CIS Benchmark
ac9710a 
Signed-off-by: Pawel Krawczyk <pawel.krawczyk@hush.com>
@kravietz
Copy link
Contributor Author

I'm also considering adding kernel command-line hardening options (through grub) mentioned in Tails documentation but not sure if we should be messing with people's grub. Alternatively, make it a configurable on opt-in base...

@rndmh3ro rndmh3ro merged commit af73bec into dev-sec:master Mar 6, 2020
@rndmh3ro
Copy link
Member

rndmh3ro commented Mar 6, 2020

Thanks for this, @kravietz!

As for changing kernel parameters, I had some objections here: #253 (comment)

However if there's an easy test-path for this, I'm open to seeing this included.

@aisbergg aisbergg mentioned this pull request Apr 4, 2020
Merged
rndmh3ro added a commit that referenced this pull request Jul 24, 2020
@rndmh3ro
Merge pull request #263 from abtreece/remove-comment-from-sshd-hostke…
767540b 
…y-param

Remove comment from sshd config HostKey param
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@rndmh3ro
Merge pull request dev-sec#263 from abtreece/remove-comment-from-sshd…
9b098f2 
…-hostkey-param

Remove comment from sshd config HostKey param
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@kravietz @rndmh3ro
Add kernel hardening parameters from Tails and CIS Benchmark (dev-sec…
88e107d 
…#263)

* Remove trailing space

ansible-lint marks my build red due to this `¯\_(ツ)_/¯`

Signed-off-by: Pawel Krawczyk <pawel.krawczyk@hush.com>

* add ansible-lint (dev-sec#262)

* Update .travis.yml

Signed-off-by: Pawel Krawczyk <pawel.krawczyk@hush.com>

* Add kernel hardening parameters from Tails and CIS Benchmark

Signed-off-by: Pawel Krawczyk <pawel.krawczyk@hush.com>

Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kravietz @rndmh3ro