/plushcap/analysis/cloudflare/linux-kernel-hardening

Linux kernel security tunables everyone should consider adopting

What's this blog post about?

The Linux kernel is crucial to many modern production systems as it manages memory, mediates access to hardware, and enforces security policies. This post discusses various Linux kernel security configurations used at Cloudflare to prevent or minimize potential system compromises. These include secure boot, restricted kernel pointers, Kernel Address Space Layout Randomization (KASLR), kexec_load() disablement, and the Lockdown LSM module. The use of these features helps ensure the integrity and security of Linux systems.

Company
Cloudflare

Date published
March 6, 2024

Author(s)
Ignat Korchagin

Word count
3454

Language
English

Hacker News points
9


By Matt Makai. 2021-2024.