-
Notifications
You must be signed in to change notification settings - Fork 684
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Map more rules into Anssi policy #4439
Conversation
Remote user sessions (shell access, graphical clients) must be closed after a certain period of inactivity.
Each administrator must have a dedicated account (local or remote), and not use the root account as the access account for system administration.
cbb75d5
to
ac40763
Compare
It looks like that we have double-selection of rules |
@@ -22,6 +35,16 @@ selections: | |||
- sysctl_fs_suid_dumpable | |||
- sysctl_kernel_randomize_va_space |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
first occurrence of both
- sysctl_fs_protected_hardlinks | ||
|
||
# Activation of the ASLR | ||
- sysctl_kernel_randomize_va_space |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
second occurrence
# kernel. sysrq = 0 | ||
|
||
# No core dump of executable setuid | ||
- sysctl_fs_suid_dumpable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
second occurrence
@matejak Thanks for review, and nice catch. |
Thanks for improving the ANSSI profile set! |
Description: