You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Currently linux-baseline does not check if link protection is enabled.
Describe the solution you'd like
Create a additional check for those sysctls:
fs.protected_fifos == 1 or 2
fs.protected_hardlinks == 1
fs.protected_regular == 2
fs.protected_symlinks == 1
Additional context
Unprotected symlinks are a long-standing cause for security issues. See the official kernel docs about this.
Those settings should be default on most current Linux distributions, but it still makes sense to check those. Other security check projects like Lynis already checks those as well. See here
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Currently linux-baseline does not check if link protection is enabled.
Describe the solution you'd like
Create a additional check for those sysctls:
fs.protected_fifos == 1 or 2
fs.protected_hardlinks == 1
fs.protected_regular == 2
fs.protected_symlinks == 1
Additional context
Unprotected symlinks are a long-standing cause for security issues. See the official kernel docs about this.
Those settings should be default on most current Linux distributions, but it still makes sense to check those. Other security check projects like Lynis already checks those as well. See here
The text was updated successfully, but these errors were encountered: