Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-13 02:17:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Debian.yml

Browse source
This commit is contained in:
Imandevops 2024-11-09 14:38:48 +03:30 committed by GitHub
parent 96d318eaf4
commit 3fddf65f1a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
roles/os_hardening/vars/Debian.yml
View file

@ -88,3 +88,16 @@ sysctl_custom_config:
kernel.unprivileged_userns_clone: 0
# Mitigation of vulnerability CVE-2021-33910
kernel.unprivileged_bpf_disabled: 1
# Restrict core dumps
fs.suid_dumpable: 0
# Enable ASLR (Address Space Layout Randomization)
kernel.randomize_va_space: 2
# Disable IP forwarding
net.ipv4.ip_forward: 0
# Disable packet forwarding
net.ipv4.conf.all.forwarding: 0
net.ipv6.conf.all.forwarding: 0
# Disable source packet routing
net.ipv4.conf.all.accept_source_route: 0
# Log suspicious packets
net.ipv4.conf.all.log_martians: 1