sysctl.conf changes
It seems by default many security features are already enabled, a few not enabled (checked on alpine 2.7.0) that would be a good idea to turn on are:
- TOCTOU prevention
- rfc1337
- magic-sysreq
I’ve already documented these on the wiki page
(http://wiki.alpinelinux.org/wiki/Sysctl.conf)
Maybe we could enable these by default in new installs?
Also, it would potentially be a good idea to enable the IPv6 privacy
extensions via sysctl.conf, for those that do use IPv6.
(from redmine: issue id 2535, created on 2013-12-31, closed on 2015-12-09)
- Changesets:
- Revision 26212b3b by Natanael Copa on 2014-06-10T14:05:19Z:
main/libvirt: security upgrade to 1.0.5.9 fixes various CVEs
CVE-2013-6458
CVE-2014-1447
CVE-2013-6456
CVE-2014-0179
fixes #2535
fixes #2953