... | ... | @@ -181,6 +181,16 @@ between 33 and 255, inclusive. |
|
|
|
|
|
OpenSSH RSA host key generation is disabled by default.
|
|
|
|
|
|
Prohibiting new USB device connctions can be toggled by setting the
|
|
|
`hardening.pax.prohibit_new_usb` sysctl tunable to one of two values:
|
|
|
|
|
|
1. `1`: Prohibited
|
|
|
1. `2`: Prohibited without possibility to disable without a reboot
|
|
|
|
|
|
Setting `hardening.pax.prohibit_new_usb` to its default (`0`) removes the
|
|
|
prohibition, allowing new USB devices to connect. If this sysctl node is set to
|
|
|
`2`, a reboot is required in order to re-allow new USB device connections.
|
|
|
|
|
|
## Shared Memory (SHM) Hardening
|
|
|
|
|
|
Shared memory (SHM) hardening places restrictions on what can be done with the
|
... | ... | |