minus-squarevatson112@lemm.eetoLinux@lemmy.ml•Hardening Arch Linuxlinkfedilinkarrow-up1·edit-29 months agoThere are also some kernel settings that you may find useful. Currently I am on the mobile and cannot remember the names. Text me if you need help Network: Enable rp and arp filter Disable IP forwarding if you don’t use docker Disable tcp timestamp Disable icmp broadcast Enable syncookies Enable source route checking Other: Enable hard and soft link protection (it is may broke your system, use carefully) Enable kptr restrict Disable kexec Disable sysrq Enable randomize virtual memory address Disable JIT for ebpf programms Disable loading drivers via modprobe in live kernel. Also check which hardware mitigations is disabled in your kernel. (Spectre, meltdawn) You may enable KASL Also use selinux or apparmor. I prefer Selinux. Enable auditd and configure it for auditing actions that your find useful. linkfedilink
There are also some kernel settings that you may find useful. Currently I am on the mobile and cannot remember the names. Text me if you need help
Network:
Enable rp and arp filter
Disable IP forwarding if you don’t use docker
Disable tcp timestamp
Disable icmp broadcast
Enable syncookies
Enable source route checking
Other:
Enable hard and soft link protection (it is may broke your system, use carefully)
Enable kptr restrict
Disable kexec
Disable sysrq
Enable randomize virtual memory address
Disable JIT for ebpf programms
Disable loading drivers via modprobe in live kernel.
Also check which hardware mitigations is disabled in your kernel. (Spectre, meltdawn) You may enable KASL
Also use selinux or apparmor. I prefer Selinux.
Enable auditd and configure it for auditing actions that your find useful.