Linux kernel security tunables everyone should consider adopting
The Linux kernel is crucial to many modern production systems as it manages memory, mediates access to hardware, and enforces security policies. This post discusses various Linux kernel security configurations used at Cloudflare to prevent or minimize potential system compromises. These include secure boot, restricted kernel pointers, Kernel Address Space Layout Randomization (KASLR), kexec_load() disablement, and the Lockdown LSM module. The use of these features helps ensure the integrity and security of Linux systems.
Company
Cloudflare
Date published
March 6, 2024
Author(s)
Ignat Korchagin
Word count
3454
Language
English
Hacker News points
9