Skip to content
GitLab
Commit 2c753804 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

hardening: set lockdown to integrity

parent 0cc404c0
Hide whitespace changes
Inline Side-by-side
roles/hardening/files/50-lockdown.conf 0 → 100644
View file @ 2c753804
w /sys/kernel/security/lockdown - - - - integrity
roles/hardening/tasks/main.yml
View file @ 2c753804
......@@ -14,3 +14,9 @@
copy: src=50-kptr-restrict.conf dest=/etc/sysctl.d/50-kptr-restrict.conf
notify:
- apply sysctl settings
- name: set kernel lockdown to restricted
copy: src=50-lockdown.conf dest=/etc/tmpfiles.d/50-kernel-lockdown.conf
when: "'hcloud' in group_names"
notify:
- apply sysctl settings
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment