Hi,
While remaining on the official Ubuntu kernels, it is possible to harden them to reduce the attack surface and complicate the life to the attacker.
Can you please update your script to edit /etc/default/grub (See "GRUB_CMDLINE_LINUX*") and /etc/sysctl.d/10-kernel-hardening.conf with this:
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings#sysctls
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings#kernel_command_line_options
Thanks.
Hi,
While remaining on the official Ubuntu kernels, it is possible to harden them to reduce the attack surface and complicate the life to the attacker.
Can you please update your script to edit /etc/default/grub (See "GRUB_CMDLINE_LINUX*") and /etc/sysctl.d/10-kernel-hardening.conf with this:
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings#sysctls
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings#kernel_command_line_options
Thanks.