-
Kyau authored* Add: kernel hardening; prevent autoloading of ldiscs with `dev.tty.ldisc_autoload` * Add: kernel hardening; limit FIFO/regular file creation when dealing with world writable directories with `fs.protected_fifos` and `fs.protected_regular` * Add: kernel hardening; restrict core dumps with `fs.suid_dumpable` * Add: kernel hardening; disable the use of eBPF by unprivileged users with `kernel.unprivileged_bpf_disabled` * Add: packages; `addrwatch`, `aide`, `inetutils and `lynis` * Add: package-aide; generate an initial database during firstboot * Add: systemd-resolved; add `Domains` and `DNSSEC` options to `/etc/systemd/resolved.conf` * Modify: `README.md` updated * Modify: fstab; `noexec` has been added to `/dev` * Modify: fstab; `nodev` has been added to `/var` * Modify: kernel modules; restrict the use of `dccp`, `ip_tables`, `rds`, `sctp` and `tipc` * Modify: nftables; config updated with comments * Modify: systemd service; `addrwatch@eth0` is enabled by default on the `VM` and `SERVER` profiles * Fix: UEFI shell access from bootloader has been restored