depot/modules/hardened/default.nix

14 lines
309 B
Nix
Raw Normal View History

2021-06-05 23:59:06 +03:00
{ pkgs, config, ... }:
{
boot.kernel.sysctl = {
"kernel.yama.ptrace_scope" = 1;
"kernel.kptr_restrict" = 2;
"net.ipv4.conf.all.rp_filter" = 1;
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.send_redirects" = false;
"net.ipv4.conf.default.send_redirects" = false;
};
}