CSEC_PUBLIC/the-practical-linux-hardening-guide
1
0
Fork 0
mirror of https://github.com/trimstray/the-practical-linux-hardening-guide.git synced 2025-12-06 09:12:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

minor updates and fixes

Browse Source 
- signed-off-by: trimstray <trimstray@gmail.com>
This commit is contained in:
trimstray
2018-11-14 14:12:57 +01:00
parent 89dcd34b60
commit 66c1763738
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -493,7 +493,7 @@ This will deny binary execution from **/tmp**, disable any binary to be suid roo
```bash ```bash
mv /var/tmp /var/tmp.old mv /var/tmp /var/tmp.old
ln -s /tmp /var/tmp ln -s /tmp /var/tmp
cp -prf /var/tmp.old /tmp && rm -fr /var/tmp.old cp -prf /var/tmp.old/* /tmp && rm -fr /var/tmp.old
``` ```
and set properly mount params: and set properly mount params:
@@ -550,7 +550,7 @@ tmpfs /dev/shm tmpfs rw,nodev,nosuid,noexec 0 0
#### :eight_pointed_black_star: Secure /proc filesystem #### :eight_pointed_black_star: Secure /proc filesystem
The proc pseudo-filesystem `/proc` should be mounted with hidepid. When setting `hidepid` to **2**, directories entries in `/proc` will hidden. The proc pseudo-filesystem `/proc` should be mounted with `hidepid`. When setting `hidepid` to **2**, directories entries in `/proc` will hidden.
```bash ```bash
proc /proc proc defaults,hidepid=2 0 0 proc /proc proc defaults,hidepid=2 0 0