1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
|
groups:
- gcc_plugin
- kernel_build_config
- network-ipv6
- network-kernel
name: kernel
packages:
- kernel
rules:
- audit_rules_kernel_module_loading
- audit_rules_kernel_module_loading_create
- audit_rules_kernel_module_loading_delete
- audit_rules_kernel_module_loading_finit
- audit_rules_kernel_module_loading_init
- audit_rules_kernel_module_loading_query
- coreos_audit_backlog_limit_kernel_argument
- coreos_enable_selinux_kernel_argument
- coreos_nousb_kernel_argument
- coreos_page_poison_kernel_argument
- coreos_pti_kernel_argument
- coreos_slub_debug_kernel_argument
- coreos_vsyscall_kernel_argument
- directory_groupowner_etc_sysctld
- directory_owner_etc_sysctld
- directory_permissions_etc_sysctld
- grub2_ipv6_disable_argument
- install_PAE_kernel_on_x86-32
- kernel_config_acpi_custom_method
- kernel_config_arm64_sw_ttbr0_pan
- kernel_config_binfmt_misc
- kernel_config_bug
- kernel_config_bug_on_data_corruption
- kernel_config_compat_brk
- kernel_config_compat_vdso
- kernel_config_debug_credentials
- kernel_config_debug_fs
- kernel_config_debug_list
- kernel_config_debug_notifiers
- kernel_config_debug_sg
- kernel_config_debug_wx
- kernel_config_default_mmap_min_addr
- kernel_config_devkmem
- kernel_config_fortify_source
- kernel_config_gcc_plugin_latent_entropy
- kernel_config_gcc_plugin_randstruct
- kernel_config_gcc_plugin_stackleak
- kernel_config_gcc_plugin_structleak
- kernel_config_gcc_plugin_structleak_byref_all
- kernel_config_hardened_usercopy
- kernel_config_hardened_usercopy_fallback
- kernel_config_hibernation
- kernel_config_ia32_emulation
- kernel_config_ipv6
- kernel_config_kexec
- kernel_config_legacy_ptys
- kernel_config_legacy_vsyscall_emulate
- kernel_config_legacy_vsyscall_none
- kernel_config_legacy_vsyscall_xonly
- kernel_config_modify_ldt_syscall
- kernel_config_module_sig
- kernel_config_module_sig_all
- kernel_config_module_sig_force
- kernel_config_module_sig_hash
- kernel_config_module_sig_key
- kernel_config_module_sig_sha512
- kernel_config_page_poisoning
- kernel_config_page_poisoning_no_sanity
- kernel_config_page_poisoning_zero
- kernel_config_page_table_isolation
- kernel_config_panic_on_oops
- kernel_config_panic_timeout
- kernel_config_proc_kcore
- kernel_config_randomize_base
- kernel_config_randomize_memory
- kernel_config_refcount_full
- kernel_config_retpoline
- kernel_config_sched_stack_end_check
- kernel_config_seccomp
- kernel_config_seccomp_filter
- kernel_config_security
- kernel_config_security_dmesg_restrict
- kernel_config_security_writable_hooks
- kernel_config_security_yama
- kernel_config_slab_freelist_hardened
- kernel_config_slab_freelist_random
- kernel_config_slab_merge_default
- kernel_config_slub_debug
- kernel_config_stackprotector
- kernel_config_stackprotector_strong
- kernel_config_strict_kernel_rwx
- kernel_config_strict_module_rwx
- kernel_config_syn_cookies
- kernel_config_unmap_kernel_at_el0
- kernel_config_vmap_stack
- kernel_config_x86_vsyscall_emulation
- kernel_disable_entropy_contribution_for_solid_state_drives
- kernel_module_atm_disabled
- kernel_module_bluetooth_disabled
- kernel_module_can_disabled
- kernel_module_cfg80211_disabled
- kernel_module_cramfs_disabled
- kernel_module_dccp_disabled
- kernel_module_firewire-core_disabled
- kernel_module_freevxfs_disabled
- kernel_module_hfs_disabled
- kernel_module_hfsplus_disabled
- kernel_module_ipv6_option_disabled
- kernel_module_iwlmvm_disabled
- kernel_module_iwlwifi_disabled
- kernel_module_jffs2_disabled
- kernel_module_mac80211_disabled
- kernel_module_overlayfs_disabled
- kernel_module_rds_disabled
- kernel_module_sctp_disabled
- kernel_module_squashfs_disabled
- kernel_module_tipc_disabled
- kernel_module_udf_disabled
- kernel_module_usb-storage_disabled
- kernel_module_uvcvideo_disabled
- kernel_module_vfat_disabled
- network_ipv6_default_gateway
- network_ipv6_disable_interfaces
- network_ipv6_disable_rpc
- network_ipv6_privacy_extensions
- network_ipv6_static_address
- package_abrt-addon-kerneloops_removed
- package_iptables-nft_installed
- package_nfs-kernel-server_removed
- sebool_domain_kernel_load_modules
- sysctl_fs_protected_fifos
- sysctl_fs_protected_hardlinks
- sysctl_fs_protected_regular
- sysctl_fs_protected_symlinks
- sysctl_fs_suid_dumpable
- sysctl_kernel_core_pattern
- sysctl_kernel_core_pattern_empty_string
- sysctl_kernel_core_uses_pid
- sysctl_kernel_dmesg_restrict
- sysctl_kernel_exec_shield
- sysctl_kernel_kexec_load_disabled
- sysctl_kernel_kptr_restrict
- sysctl_kernel_modules_disabled
- sysctl_kernel_panic_on_oops
- sysctl_kernel_perf_cpu_time_max_percent
- sysctl_kernel_perf_event_max_sample_rate
- sysctl_kernel_perf_event_paranoid
- sysctl_kernel_pid_max
- sysctl_kernel_randomize_va_space
- sysctl_kernel_sysrq
- sysctl_kernel_unprivileged_bpf_disabled
- sysctl_kernel_unprivileged_bpf_disabled_accept_default
- sysctl_kernel_yama_ptrace_scope
- sysctl_net_core_bpf_jit_harden
- sysctl_net_ipv4_conf_all_accept_local
- sysctl_net_ipv4_conf_all_accept_redirects
- sysctl_net_ipv4_conf_all_accept_source_route
- sysctl_net_ipv4_conf_all_arp_filter
- sysctl_net_ipv4_conf_all_arp_ignore
- sysctl_net_ipv4_conf_all_drop_gratuitous_arp
- sysctl_net_ipv4_conf_all_forwarding
- sysctl_net_ipv4_conf_all_log_martians
- sysctl_net_ipv4_conf_all_route_localnet
- sysctl_net_ipv4_conf_all_rp_filter
- sysctl_net_ipv4_conf_all_secure_redirects
- sysctl_net_ipv4_conf_all_send_redirects
- sysctl_net_ipv4_conf_all_shared_media
- sysctl_net_ipv4_conf_default_accept_redirects
- sysctl_net_ipv4_conf_default_accept_source_route
- sysctl_net_ipv4_conf_default_log_martians
- sysctl_net_ipv4_conf_default_rp_filter
- sysctl_net_ipv4_conf_default_secure_redirects
- sysctl_net_ipv4_conf_default_send_redirects
- sysctl_net_ipv4_conf_default_shared_media
- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
- sysctl_net_ipv4_icmp_ignore_bogus_error_responses
- sysctl_net_ipv4_ip_forward
- sysctl_net_ipv4_ip_local_port_range
- sysctl_net_ipv4_tcp_invalid_ratelimit
- sysctl_net_ipv4_tcp_rfc1337
- sysctl_net_ipv4_tcp_syncookies
- sysctl_net_ipv6_conf_all_accept_ra
- sysctl_net_ipv6_conf_all_accept_ra_defrtr
- sysctl_net_ipv6_conf_all_accept_ra_pinfo
- sysctl_net_ipv6_conf_all_accept_ra_rtr_pref
- sysctl_net_ipv6_conf_all_accept_redirects
- sysctl_net_ipv6_conf_all_accept_source_route
- sysctl_net_ipv6_conf_all_autoconf
- sysctl_net_ipv6_conf_all_disable_ipv6
- sysctl_net_ipv6_conf_all_forwarding
- sysctl_net_ipv6_conf_all_max_addresses
- sysctl_net_ipv6_conf_all_router_solicitations
- sysctl_net_ipv6_conf_default_accept_ra
- sysctl_net_ipv6_conf_default_accept_ra_defrtr
- sysctl_net_ipv6_conf_default_accept_ra_pinfo
- sysctl_net_ipv6_conf_default_accept_ra_rtr_pref
- sysctl_net_ipv6_conf_default_accept_redirects
- sysctl_net_ipv6_conf_default_accept_source_route
- sysctl_net_ipv6_conf_default_autoconf
- sysctl_net_ipv6_conf_default_disable_ipv6
- sysctl_net_ipv6_conf_default_forwarding
- sysctl_net_ipv6_conf_default_max_addresses
- sysctl_net_ipv6_conf_default_router_solicitations
- sysctl_user_max_user_namespaces
- sysctl_vm_mmap_min_addr
templates:
- kernel_build_config
- kernel_module_disabled
- sysctl
|
