From caeb23ee4553aac39ed9a9369221d37d624d2a24 Mon Sep 17 00:00:00 2001 From: Claudio Maradonna Date: Fri, 4 Oct 2024 19:49:25 +0200 Subject: [PATCH] new default: coredump hardening sysctl.d; better swappiness default --- roles/hardening-basic/defaults/main.yml | 2 +- .../templates/basic/etc/sysctl.d/50-coredump.conf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 roles/hardening-basic/templates/basic/etc/sysctl.d/50-coredump.conf diff --git a/roles/hardening-basic/defaults/main.yml b/roles/hardening-basic/defaults/main.yml index 8437d8f..9c909d5 100644 --- a/roles/hardening-basic/defaults/main.yml +++ b/roles/hardening-basic/defaults/main.yml @@ -7,7 +7,7 @@ hardening_sshd_tcp_forward: false hardening_sshd_legal_banner: false hardening_sshd_permissions_set_sticky_bit: true -hardening_sysctl_vm_swappiness: 15 +hardening_sysctl_vm_swappiness: 0 hardening_sysctl_disable_ipv6: false hardening_modprobe_disable_list: diff --git a/roles/hardening-basic/templates/basic/etc/sysctl.d/50-coredump.conf b/roles/hardening-basic/templates/basic/etc/sysctl.d/50-coredump.conf new file mode 100644 index 0000000..33ce3bc --- /dev/null +++ b/roles/hardening-basic/templates/basic/etc/sysctl.d/50-coredump.conf @@ -0,0 +1 @@ +kernel.core_pattern=|/bin/false